Serverless plugin for PureSec CLI.
- Saves you time - magically creates IAM roles for you
- Reduces the attack surface of your AWS Lambda based application
- Helps create least privileged roles with the minimum required permissions
- Currently supported runtimes: Node.js, Python (more runtimes coming soon...)
- Currently supported services: DynamoDB, Kinesis, KMS, Lambda, S3, SES, SNS & Step Functions
- Works with the Serverless Framework
- Python 3.4+
- NodeJS 6+
1. Install via npm:
npm install --save-dev serverless-puresec-cli
2. Add serverless-puresec-cli to your serverless.yml:
In your project's
serverless.yml file add the following entry to the plugins section:
If there is no plugin section you will need to add it to the file.
It should look similar to this:
plugins: - serverless-puresec-cli
You can check wether you have successfully installed the plugin by running the serverless command line.
the console should display puresec as one of the plugins now available in your Serverless project.
4. Start using the tool:
Generate the IAM role for your function.
serverless puresec gen-roles --function myFunction
After receiving the IAM role in the output of the tool:
- Validate the role. Make sure you have all the required permissions and only them.
- Copy-paste it to the Resources section in your serverless.yml file.
- Connect the generated Role by adding the role property to your function in the serverless.yml.
5. You can also execute the tool on the entire project:
serverless puresec gen-roles