Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
serverless-vpc-discovery
Advanced tools
The vpc discovery plugin takes the given vpc name, subnet tag key/value, and security group tag key/value or names in the serverless file to setup the vpc configuration for the lambda.
Basically we use this config:
vpcDiscovery:
vpcName: '<vpc_name>'
subnets:
- tagKey: <tag_name>
tagValues:
- '<tag_vale>'
securityGroups:
- tagKey: <tag_name>
tagValues:
- '<tag_value>'
To generate this config:
vpc:
subnetIds:
- subnet-123456789
...
securityGroupIds:
- sg-123456789
...
For each lambda function.
Note: The core serverless
provider.vpc
settings will be used, if they are set, instead ofvpcDiscovery
. You can use also mix settings. For example you may setprovider.vpc.subnetIds
while usingvpcDiscovery
to set thesecurityGroupIds
. Take a look at official documentation.
Amplify builds innovative and compelling digital educational products that empower teachers and students across the country. We have a long history as the leading innovator in K-12 education - and have been described as the best tech company in education and the best education company in tech. While others try to shrink the learning experience into the technology, we use technology to expand what is possible in real classrooms with real students and teachers.
Learn more at https://www.amplify.com
Make sure you have the following installed before starting:
Also allow the lambda to have the following IAM permissions:
Run:
# From npm (recommended)
npm install serverless-vpc-discovery
# From github
npm install https://github.com/amplify-education/serverless-vpc-discovery.git
Then make the following edits to your serverless.yaml file:
plugins:
- serverless-vpc-discovery
# Optional: Either set `custom.vpcDiscovery` or `functions.<function name>.vpcDiscovery`
custom:
vpcDiscovery:
vpcName: '<vpc_name>'
# optional if `securityGroups` option is specified
# list of tag key and values
subnets:
- tagKey: <tag_name>
# an array of values
tagValues:
- '<tag_value>'
# optional if `subnets` option is specified
# list of tag key and value or names
securityGroups:
- tagKey: <tag_name>
# an array of values
tagValues:
- '<tag_value>'
# optional if `tagKey` and `tagValues` are specified
# an array of values
- names:
- '<security_group_name>'
# Optional: Either set `custom.vpcDiscovery` or `functions.<function name>.vpcDiscovery`
functions:
example:
handler: handler.example
# inherit `custom.vpcDiscovery` config in case `custom.vpcDiscovery` is specified
example2:
handler: handler.example
# skip vpc configuration for the current function
vpcDiscovery: false
example3:
handler: handler.example
# inherit `custom.vpcDiscovery` config in case `custom.vpcDiscovery` is specified and override security group names
vpcDiscovery:
vpcName: '<vpc_name>'
securityGroups:
- tagKey: <tag_name>
# an array of values
tagValues:
- '<tag_value>'
example4:
handler: handler.example
# override or set basic subnets and security groups items
vpcDiscovery:
vpcName: '<vpc_name>'
# optional if `custom.vpcDiscovery.securityGroups` option is specified
subnets:
- tagKey: <tag_name>
# an array of values
tagValues:
- '<tag_value>'
# optional if `custom.vpcDiscovery.subnets` option is specified
securityGroups:
# optional if `names` option is specified
- tagKey: <tag_name>
# an array of values
tagValues:
- '<tag_value>'
# optional if `tagKey` and `tagValues` are specified
# an array of values
- names:
- '<security_group_name>'
To run the test:
npm test
All tests should pass.
To run integration tests, set an environment variable TEST_VPC_NAME to the VPC you will be testing for. Then,
export AWS_PROFILE=your_profile
export TEST_VPC_NAME=vpc_name
npx npm run build
npx npm run integration-test
If there is an error build and install the node_module inside the serverless-vpc-discovery folder:
npm build
npm install .
When deploying run:
serverless deploy
And that should be it! Good Luck!
The vpc, subnets, and security groups are found by filtering based on a specified tag name.
Vpc and subnets are found under the tag name tag:Name
.
Security groups are found by the name of the group under group-name
.
The vpc is found first as it is used to find the subnets and security groups. Once all of the subnets and security groups are found the serverless service provider creates a vpc object and stores the subnets and security groups.
If you have any security issue to report, contact project maintainers privately. You can reach us at github@amplify.com
We welcome pull requests! For your pull request to be accepted smoothly, we suggest that you:
FAQs
Serverless Plugin to modify VPC values
The npm package serverless-vpc-discovery receives a total of 9,164 weekly downloads. As such, serverless-vpc-discovery popularity was classified as popular.
We found that serverless-vpc-discovery demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.