Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
serverless-deployment-bucket
Advanced tools
Readme
Create and configure the custom Serverless deployment bucket.
By default, Serverless creates a bucket with a generated name like <service name>-serverlessdeploymentbuck-1x6jug5lzfnl7
to store your service's stack state. This can lead to many old deployment buckets laying around in your AWS account and your service having more than one bucket created (only one bucket is actually used).
Serverless' AWS provider can be configured to customize aspects of the deployment bucket, such as specifying server-side encryption and a custom deployment bucket name. However, server-side encryption is only applied to the objects that Serverless puts into the bucket and is not applied on the bucket itself. Furthermore, if the bucket name you specify doesn't exist, you will encounter an error like:
Serverless Error ---------------------------------------
Could not locate deployment bucket. Error: The specified bucket does not exist
This plugin will create your custom deployment bucket if it doesn't exist, and optionally configure the deployment bucket to apply server-side encryption. To support the AWS S3 API for encryption you can configure this plugin with the following:
For AES256
server side encryption support:
deploymentBucket:
name: your-custom-deployment-bucket
serverSideEncryption: AES256
For aws:kms
server side encryption support:
deploymentBucket:
name: your-custom-deployment-bucket
serverSideEncryption: aws:kms
kmsKeyID: your-kms-key-id
For bucket access logging support:
```yaml
deploymentBucket:
name: your-custom-deployment-bucket
accessLog:
bucket: "the-already-existing-bucket"
prefix: "prefix-to-use-for-these-logs"
This plugin also provides the optional ability to enable versioning of bucket objects, however this is not enabled by default since Serverless tends to keep its own copies and versions of state.
npm install serverless-deployment-bucket --save-dev
Add the plugin to your serverless.yml
:
plugins:
- serverless-deployment-bucket
Configure the AWS provider to use a custom deployment bucket:
provider:
deploymentBucket:
name: your-custom-deployment-bucket
serverSideEncryption: AES256
Optionally add custom configuration properties:
custom:
deploymentBucket:
versioning: true
accelerate: true
blockPublicAccess: true
tags:
- Key: Environment
Value: production
Property | Required | Type | Default | Description |
---|---|---|---|---|
versioning | false | boolean | false | Enable versioning on the deployment bucket |
accelerate | false | boolean | false | Enable acceleration on the deployment bucket |
enabled | false | boolean | true | Enable this plugin |
policy | false | string | Bucket policy as JSON | |
tags | false | array | Bucket tags as an array of key:value objects | |
blockPublicAccess | false | boolean | false | Block all public access for the deployment bucket |
Configuration of your serverless.yml
is all you need.
There are no custom commands, just run: sls deploy
FAQs
Create and configure the Serverless deployment bucket.
The npm package serverless-deployment-bucket receives a total of 84,126 weekly downloads. As such, serverless-deployment-bucket popularity was classified as popular.
We found that serverless-deployment-bucket demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.