Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
serverless-private-aws-regions
Advanced tools
Readme
Let's imagine that aliens got AWS to build them a region in mars for them to train their mind control algorithms. Since they've got deep pockets and don't want anyone else poking around, it's a private region just for them.
They still want to use the serverless framework but their endpoints are different, sometimes their service principals are weird, and the partition is not publicly known.
Let's make a plugin to help!
This made up region for the aliens is called mars-east-1
. Put this under the provider
section in the serverless.yml
, otherwise serverless framework will default to us-east-1
provider:
name: aws
region: mars-east-1
serverless.yml
plugins:
- serverless-private-aws-regions
customRegion
under custom
sectionIn the custom
block of your serverless.yml
, add the following
custom:
customRegion:
There are customizations that can be done here.
custom:
customRegion:
endpoint: "{service}.{region}.amazonmars.space"
The aliens want to make sure they're reaching out to the correct region in mars.
This will set the endpoint property on the aws nodejs sdk which it will use when connecting to the private region.
custom:
customRegion:
servicePrincipals:
- service: logs
principal: logs.${self:provider.region}.amazonmars.space
- service: events
principal: events.${self:provider.region}.amazonmars.space
In situationas where the private region has different service principals for services, you'll set that here.
If a service isn't included, it will default to the stadard principal for commercial AWS (e.g. logs.amazonaws.com
, events.amazonaws.com
)
custom:
customRegion:
s3Endpoint:
comment: look for amazon mars - currently s3.amazon-mars-1.amazonmars.space
pattern: mars-
return: s3.$\{strRegion\}.amazonmars.space
The code for getS3EndpointForRegion() in serverless isn't very configurable, so we can change it to work for the mars region.
Since the private region is called mars-east-1
, we look for the pattern mars-
. We want the getS3EndpointForRegion() function to recongnize that pattern and return the appropriate S3 endpoint.
The comment
is optional, but be sure to include the pattern
for the special partition (this this case mars-
), and what should be returned in the function (return
).
Note the curly braces are escaped in the sample above. This is to avoid serverless framework from thinking this is a variable. The back slashes are removed before the getS3EndpointForRegion() function is updated.
Before attempting to deploy, or whenever you update the serverless framework, run the region_setup
command
sls region_setup
This will make any necessary updates to the serverless framework that can't be done in the standard serverless plugin lifecycle hooks
Do a normal deploy, and as long as serverless-private-aws-regions
is listed as a plugin, all should work as expected
When using/testing this plugin, make sure AWS_CA_BUNDLE
environment variable is set.
On mac you can use /usr/local/etc/openssl/cert.pem
export AWS_CA_BUNDLE=/usr/local/etc/openssl/cert.pem
Just like the aliens in our fictional scenario, please keep details of your private region private.
Feel free to log issues, but please keep details of your private region private.
FAQs
Use serverless framework in private aws regions
The npm package serverless-private-aws-regions receives a total of 75 weekly downloads. As such, serverless-private-aws-regions popularity was classified as not popular.
We found that serverless-private-aws-regions demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.