Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
serverless-ssm-publish
Advanced tools
Serverless Framework plugin to publish data to AWS SSM Parameter Store
Publish custom data to AWS SSM Parameter Store from serverless.yaml or Cloud Formation Output
npm install serverless-ssm-publish --save-dev
yarn add serverless-ssm-publish --save-dev
plugins
section in the serverless.yamlplugins:
- serverless-ssm-publish
Add any params you want published to SSM to your serverless.yaml custom section.
You can use source
to give the name of a Cloud Formation Output value you want published to SSM.
Ssm publish compares existing values and will only write if no value exists/ the value has changed.
resources:
Outputs:
ExampleStaticValue:
Value: example-static-value
Export:
Name: 'service-staticValue'
Description: initial description
custom:
secretToken: ${opt:secretToken}
ssmPublish:
enabled: true # Needs to be set to true
params:
- path: /global/tokens/secretToken
value: ${self:custom.secretToken}
description: Super Secret Token # description is optional
secure: true # defaults to true
- path: /service/config/storageBucket
source: ExampleStaticValue # source can be used as an alternative to value. If source is given, ssmPublish will retrieve the matching value from the service's Cloud Formation Output
secure: false
You can also call the plugin directly in order to update SSM params without running deployment/packaging.
sls ssmPublish
*0.1.0
FAQs
Serverless Framework plugin to publish data to AWS SSM Parameter Store
The npm package serverless-ssm-publish receives a total of 2,766 weekly downloads. As such, serverless-ssm-publish popularity was classified as popular.
We found that serverless-ssm-publish demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.