Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Enterprise open-source serverless CMS. Includes a headless CMS, page builder, form builder and file manager. Easy to customize and expand. Deploys to AWS.

Stars: ✭ 4,869 (+30331.25%)

Mutual labels: aws, aws-lambda

Terraform Aws Secure Baseline

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Stars: ✭ 596 (+3625%)

Mutual labels: aws, security-tools

Bootcamp 2020

Learn to Build Modern Full Stack Serverless Multi-Tenant SaaS Apps and APIs

Stars: ✭ 369 (+2206.25%)

Mutual labels: aws, aws-lambda

Lambda Packages

Various popular python libraries, pre-compiled to be compatible with AWS Lambda

Stars: ✭ 713 (+4356.25%)

Mutual labels: aws, aws-lambda

Archive aws Lambda Go

A fast and clean way to execute Go on AWS Lambda.

Stars: ✭ 710 (+4337.5%)

Mutual labels: aws, aws-lambda

Mangum

AWS Lambda & API Gateway support for ASGI

Stars: ✭ 475 (+2868.75%)

Mutual labels: aws, aws-lambda

Aws Lambda Image

Automatic image resize/reduce on AWS Lambda

Stars: ✭ 790 (+4837.5%)

Mutual labels: aws, aws-lambda

Lambdaphp

Quick and Dirty PHP website hosting using Aws Lambda

Stars: ✭ 449 (+2706.25%)

Mutual labels: aws, aws-lambda

Rattlesnakeos Stack

Build your own privacy and security focused Android OS in the cloud.

Stars: ✭ 490 (+2962.5%)

Mutual labels: aws, aws-lambda

Serverless Rust

⚡ 🦀 a serverless framework plugin for rustlang applications

Stars: ✭ 386 (+2312.5%)

Mutual labels: aws, aws-lambda

Awslambdaproxy

An AWS Lambda powered HTTP/SOCKS web proxy

Stars: ✭ 571 (+3468.75%)

Mutual labels: aws, aws-lambda

Serverless Photo Recognition

A collection of 3 lambda functions that are invoked by Amazon S3 or Amazon API Gateway to analyze uploaded images with Amazon Rekognition and save picture labels to ElasticSearch (written in Kotlin)

Stars: ✭ 345 (+2056.25%)

Mutual labels: aws, aws-lambda

Claudia

Deploy Node.js projects to AWS Lambda and API Gateway easily

Stars: ✭ 3,690 (+22962.5%)

Mutual labels: aws, aws-lambda

My Arsenal Of Aws Security Tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Stars: ✭ 6,464 (+40300%)

Mutual labels: aws-lambda, security-tools

Aws Serverless Auth Reference App

Serverless reference app and backend API, showcasing authentication and authorization patterns using Amazon Cognito, Amazon API Gateway, AWS Lambda, and AWS IAM.

Stars: ✭ 724 (+4425%)

Mutual labels: aws, aws-lambda

View All Similar Projects ➔

⚠️ DEPRECATED ⚠️

patrol-rules-aws

A set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance. Part of the Mapbox Patrol security framework.

Deploying

Please see the lambda-cfn README

Functions

The following functions are included with patrol-rules-aws. Each rule is configurable, and you will be prompted to enter configuration values when deploying the function with lambda-cfn.

allowedIAMActions

Description - Checks for any IAM policy created which grants actions to restricted services, except for certain allowed actions on those services. For example, if you specify "iam, cloudtrail" as the restricted resources, and then specify "iam:PassRole" as an allowed action, any policy created which grants IAM actions other than "PassRole" will trigger an alarm.
Trigger - API call iam:CreatePolicy, iam:CreatePolicyVersion, iam:PutGroupPolicy, iam:PutRolePolicy, iam:PutUserPolicy
Parameters
- restrictedServices - Comma separated list of services on which to disallow all actions
- allowedActions - on the restrictedServices, only allow these actions to be granted
- ignoredRolePolicy - Comma separated list of colon delimited role:policy combinations that should be ignored if matched. The "role:policy" values are case-insensitively matched against the policy event.

assumeRole

Description - Checks for when an IAM principal assumes a disallowed role
Trigger - API call sts:AssumeRole
Parameters
- disallowedRoles - Comma separated list of roles to alarm on if a user assumes said role.

cloudfrontModifyDelete

Description - Checks for disallowed actions on restricted CloudFront distributions.
Trigger - The specified API calls on the specified distributions
Parameters
- protectedActions - CloudFront API call on which to alarm
- protectedDistributions - CloudFront distributions on which to alarm
Note - If a Dispatch SNS Arn is provided, this alarm defaults to the Dispatch fallback channel by passing an empty slackId to Dispatch.

cloudTrail

Description - Checks for disallowed CloudTrail actions
Trigger - The specified API calls
Parameters
- disallowedActions - CloudTrail API actions to alarm on if called

disallowedResources

Description - Checks for IAM policies that allow access to disallowed resources
Trigger - AWS API call
Parameters
- disallowedResourceARNs - Comma separated list of AWS ARNs. An alarm will be triggered if an IAM policy grants any kind of access to these resources.
- ignoredRolePolicy - Comma separated list of colon delimited role:policy combinations that should be ignored if matched. The "role:policy" values are case-insensitively matched against the policy event.

removeS3AccessLogging

Description - Checks for removing server access logging from an S3 bucket
Trigger - PutBucketLogging AWS API call
Parameters
- bucketFilter - Comma separated list of bucket names or name patterns the rule will ignore.

removeS3ManagedEncryption

Description - Checks for removing encryption from an S3 bucket.
Trigger - DeleteBucketEncryption AWS API call
Parameters
- bucketFilter - Comma separated list of bucket names or name patterns the rule will ignore.

rootLogin

Description - Checks if the root AWS user logged in to the console
Trigger - AWS Console Sign-in

publicBucketACL

Description - Checks if a bucket has Public Access.
Trigger - AWS API Call via CloudTrail

serviceLimits

Description - Checks for Service Limit events which does not have status equal to "OK".
Trigger - Trusted Advisor Check Item Refresh Notification

principalPolicySimulator

Description - WIP, beta quality and super noisy. Uses the simulatePrincipalPolicy functionality to report on policies created or updated which give the calling IAM Principal evalated access beyond their assign iAM policies. For example, if a user has access to create Cloudformation stacks, the user can start a stack with policies giving the stack (and therefore the user) access to resources the user would not have if they directly accessed them.
Trigger - API call iam:CreatePolicy, iam:CreatePolicyVersion, iam:PutGroupPolicy, iam:PutRolePolicy, iam:PutUserPolicy
Parameters
- principalRegex - only Principals matching this regex will be testsed
- ignoredServices - a comma separated list of AWS service prefixes to skip when testing. For example, to skip policies for Cloudwatch logs and ECS: logs,ecs
- ignoredResources - Not implemented, a comma separated list of AWS resources to skip during testing.

Contributing

Please see CONTRIBUTING.md

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 16

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (20) 🔗