Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
serverless-ssm-publish
Advanced tools
Serverless Framework plugin to publish data to AWS SSM Parameter Store
Publish custom data to AWS SSM Parameter Store from serverless.yaml or Cloud Formation Output
npm install serverless-ssm-publish --save-dev
yarn add serverless-ssm-publish --save-dev
plugins
section in the serverless.yamlplugins:
- serverless-ssm-publish
Add any params you want published to SSM to your serverless.yaml custom section.
You can use source
to give the name of a Cloud Formation Output value you want published to SSM.
Ssm publish compares existing values and will only write if no value exists/ the value has changed.
resources:
Outputs:
ExampleStaticValue:
Value: example-static-value
Export:
Name: 'service-staticValue'
Description: initial description
custom:
secretToken: ${opt:secretToken}
someConfiguration:
foo: bar
baz: 1
more:
- stuff
- here
ssmPublish:
enabled: true # Needs to be set to true
params:
# simple usage, `value` is a string
- path: /global/tokens/secretToken
value: ${self:custom.secretToken}
description: Super Secret Token # description is optional
secure: true # defaults to true
# `value` can be an object; it is serialized to YAML before upload to SSM
- path: /global/tokens/secretToken
value: ${self:custom.someConfiguration}
# `source` can be used as an alternative to `value`. If `source` is given, ssmPublish will retrieve
# the matching value from the service's CloudFormation Stack Outputs
- path: /service/config/storageBucket
source: ExampleStaticValue
secure: false
You can also call the plugin directly in order to update SSM params without running deployment/packaging.
sls ssmPublish
FAQs
Serverless Framework plugin to publish data to AWS SSM Parameter Store
We found that serverless-ssm-publish demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.