Skip to content

Pigius/serverless-avp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

LICENSE

LICENSE

 
 

Readme.md

Readme.md

 
 

ServerlessAvpPlugin.js

ServerlessAvpPlugin.js

 
 

package.json

package.json

 
 

Repository files navigation

Serverless AVP Plugin

The Serverless AVP Plugin is a tool designed to integrate AWS Verified Permissions (AVP) with the Serverless Framework. It provides commands to manage policy stores and policies, enabling developers to leverage the power of AVP within their Serverless applications.

Please note that this plugin is currently in an early stage of development and is intended for learning purposes and quick deployments, not for production use. I am actively working on improving and expanding its functionalities.

Installation

To install the Serverless AVP Plugin, you can use npm:

npm install serverless-avp

Then, in your serverless.yml file, add the plugin:

plugins:
  - serverless-avp

Configuration

The Serverless AVP Plugin uses the custom section of the serverless.yml file for configuration. Here's an example:

custom:
  avp:
    validationMode: STRICT
    schemaPath: ./schema.json
    policyPath: ./policy.txt
    policyStoreId: your-policy-store-id

Usage

The Serverless AVP Plugin provides several commands for managing your policy store and policies.

First usage

For a first usage we need to create a policy stores, which acts as a container for a policies. The custom avp configuration should looks like that:

custom:
  avp:
    validationMode: STRICT

Then use below instruction to create a policy store.

Policy Store

To create a policy store:

sls createPolicyStore

After creating a policy store, copy the generated policy store ID and add it to the policyStoreId field in the custom.avp section of your serverless.yml file. Right now AVP does not support naming of the policy stores, so it's autogenerated. Soon it should be fixed.

After it, your custom avp configuration should look like:

custom:
  avp:
    validationMode: STRICT
    policyStoreId: your-policy-store-id

To delete a policy store:

sls deletePolicyStore

Make sure that policyStoreId is within the custom avp configuration.

Schema

To add a schema to your policy store:

sls putSchema

Make sure that your configuration looks like this:

custom:
  avp:
    validationMode: STRICT
    schemaPath: ./schema.json
    policyStoreId: your-policy-store-id

The schema needs to be provided in json format.

Policy

To create a static policy:

sls createStaticPolicy

Make sure that the policy is within the .txt extension written in Cedar. The command will parse it to string to send to AVP.

custom:
  avp:
    validationMode: STRICT
    schemaPath: ./schema.json
    policyPath: ./policy.txt
    policyStoreId: your-policy-store-id

Next steps

  • Implement commands to create (multiple policies) update, and delete policies.
  • Implement CLI to use some prepared examples to be immediately used and deployed to AWS to play around with them.
  • Add support for policy templates.
  • Implement a command to list all policies in the policy store.
  • Implement a command to get a schema.
  • Add tests.
  • Implement a command to make an authorization request against the policy store.
  • Make possibility to pass arguments via CLI.
  • ...

About

Amazon Verified Permissions plugin for Serverless Framework

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages