Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@immutablewebapps/aws-lambda-edge-example
Advanced tools
Deploys an immutable single page web app to AWS with Serverless.
Deploys an immutable single page web app to AWS with Serverless.
All assets are served through CloudFront
and index.html
is generated dynamically using Lambda@Edge.
Each Serverless stage selects a default app version and environment configuration
using AWS Systems Manager Parameter Store,
Setting the appVersion
cookie will override the default.
Immutable app versions are built, uploaded to S3, and published to npm.
Deployment of a published version is done by updating a parameter in the store.
You will need AWS CLI, jq and Node.js with npm.
Be sure that all commands run under the correct Node version, e.g., if using nvm, install the correct version with
$ nvm install
The source code is hosted on GitHub. Clone the project with
$ git clone git@github.com:immutablewebapps/aws-lambda-edge-example.git
Note: find and replace the following values in this repo
with custom values to setup a completely independent project:
immutablewebapps
, immutableweb.app
,
aws-lambda-edge-example
and aws-lambda-edge
.
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/organization" \
--value "immutablewebapps"
immutableweb.app
and
add the Zone ID and app domain to the parameter store with
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/hostedZoneId" \
--value "<zone-id>"
aws-lambda-edge.immutableweb.app
and
*.aws-lambda-edge.immutableweb.app
and add the certificate identifier to the parameter store with
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/certificateId" \
--value "<certificate-identifier>"
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/experimental/appDomain" \
--value "dev.aws-lambda-edge.immutableweb.app"
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/experimental/assetDomain" \
--value "dev-assets.aws-lambda-edge.immutableweb.app"
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/experimental/appVersion" \
--value "1.0.0-rc.0"
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/experimental/appConfig" \
--value '{"title":"Lambda@Edge Immutable Web App (Experimental)","reportUri":"https://httpbin.org/post","api":"https://httpbin.org"}'
nvm install
npm install
npm run build
npm publish
npm run deploy:assets -- --stage experimental
npm run deploy:app -- --stage experimental
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/live/appDomain" \
--value "aws-lambda-edge.immutableweb.app"
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/live/assetDomain" \
--value "assets.aws-lambda-edge.immutableweb.app"
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/live/appVersion" \
--value "1.0.0-rc.0"
aws ssm put-parameter --type "String" \
--name "/app/aws-lambda-edge/live/appConfig" \
--value '{"title":"Lambda@Edge Immutable Web App","reportUri":"https://httpbin.org/post","api":"https://httpbin.org"}'
npm run build
npm run deploy:assets
npm run deploy:app
Note: the experimental stage is completely isolated from the live stage, and should be used for testing changes to the Serverless configuration and lambda before deploying to the live stage. Otherwise, all application versions may be tested directly on the live stage.
Cut a new version with, e.g.,
npm version minor
Then either locally or on CI, publish and deploy the assets
npm install
npm run build
npm publish
npm run deploy:assets
Deploy the app to Lambda@Edge with
npm run deploy:app
Once the app and assets are deployed, deploy any version by updating the corresponding parameter.
For example, use version 1.0.0-rc.0 by default on the live stage
aws ssm put-parameter --overwrite --type "String" \
--name "/app/aws-lambda-edge/live/appVersion" \
--value "1.0.0-rc.0"
Please submit and comment on bug reports and feature requests.
To submit a patch:
git checkout -b my-new-feature
).git commit -am 'Add some feature'
).git push origin my-new-feature
).Copyright 2018 Immutable Web Apps
The source code for this project is licensed under the Apache License, Version 2.0 (the "License"); you may not use this source code except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This software is provided by the copyright holders and contributors "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the copyright holder or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
FAQs
Deploys an immutable single page web app to AWS with Serverless.
We found that @immutablewebapps/aws-lambda-edge-example demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.