Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@amazon-codecatalyst/blueprints.sam-serverless-application
Advanced tools
This blueprint creates a project that leverages a serverless application model (SAM) to quickly create and deploy an API. You can choose Java, TypeScript, or Python as the programming language
This Blueprint generates an AWS Serverless Application Model (SAM) project.
A serverless application is a combination of AWS Lambda functions, event sources, and other resources that work together to perform tasks. A serverless application can also include additional resources such as APIs, databases, and event source mappings. For more information on serverless applications, see the AWS Serverless Application Model (SAM) Developer Guide
The project uses an Amazon CodeCatalyst environment to deploy a SAM application with AWS Lambda and Amazon API Gateway to an Amazon CloudFront URL. After you create your project, you can view the repository, source code, and continuous integration and continuous delivery (CI/CD) workflow for your project. After your workflow runs successfully, your deployed AWS Cloud Development Kit (CDK) application URL is available under the output for your workflow.
This project uses:
You can choose any of the above as the programming language.
Configure your AWS account connection from the AWS accounts tab in your Amazon CodeCatalyst space. Add AWS IAM roles to the account extension to authorize project workflows to access AWS account resources.
The SAM application requires the following IAM roles to build and deploy the application:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CodeCatalyst",
"Effect": "Allow",
"Principal": {
"Service": [
"codecatalyst-runner.amazonaws.com",
"codecatalyst.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
Create a role based on the trust policy above, and add the following inline policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"iam:PassRole",
"iam:DeleteRole",
"iam:GetRole",
"iam:TagRole",
"iam:CreateRole",
"iam:AttachRolePolicy",
"iam:DetachRolePolicy",
"cloudformation:*",
"lambda:*",
"apigateway:*"
],
"Resource": "*"
}
]
}
_Note: You must update the policy if you add more resources.
Create a role based on the trust policy above, and add the following inline policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"cloudformation:*"
],
"Resource": "*"
}
]
}
After being successfully created, this project deploys the following AWS resources:
AWS Lambda function(s) - A resource that invokes your code on a high-availability compute infrastructure without provisioning or managing servers. For more information on AWS Lambda, see the AWS Lambda Developer Guide
Amazon API Gateway - A resource that creates, publishes, maintains, monitors, and secures REST, HTTP, and WebSocket APIs at any scale. For more information on API Gateway, see the AWS API Gateway Developer Guide
IAM role(s) - A resource that secures controlled access to AWS resources such as the AWS Lambda function(s). For more information on IAM, see the AWS IAM User Guide
The deployment status can be viewed in the project's workflow.
This blueprint creates the following Amazon CodeCatalyst resources:
Source repository named HelloWorld
- A Git repository to store, version, and manage project assets.
template.yaml
- The template that defines the application's AWS resources, including AWS Lambda functions, Amazon API Gateways, and IAM roles.devfile.yaml
- A devfile that defines Dev Environments or development environments that have been built for the cloud.For more information on source repositories, see the Working with source repositories section in the Amazon CodeCatalyst User Guide.
Workflows defined in .codecatalyst/workflows/build-and-release.yaml
A workflow is an automated procedure that defines how to build, test, and deploy the serverless application. For more information, see the Build, test, and deploy with workflows section of the Amazon CodeCatalyst User Guide.
Environment(s) - An abstraction of infrastructure resources that deploy applications. You can use environments can be used to organize deployment actions into a production or non-production environment.
For more information on environments, see the Organizing deployments using environments section in the Amazon CodeCatalyst User Guide.
Dev Environment - A cloud-based development environment. A Dev Environment must be manually created with the generated devfile using the Create Dev Environment operation in Amazon CodeCatalyst.
For more information on creating Dev Environments, see the Working with Dev Environments section in the Amazon CodeCatalyst User Guide.
See the Amazon CodeCatalyst User Guide for additional information on using the features and resources of Amazon CodeCatalyst.
FAQs
This blueprint creates a project that leverages a serverless application model (SAM) to quickly create and deploy an API. You can choose Java, TypeScript, or Python as the programming language
We found that @amazon-codecatalyst/blueprints.sam-serverless-application demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.