feat: new-scripts#21
Merged
dannysteenman merged 2 commits intomainfrom Feb 17, 2023
Merged
Conversation
dannysteenman
added a commit
that referenced
this pull request
Mar 19, 2026
…BRN-AWS-LAMBDA-1) (#21) * feat(rules): implement evaluators for CLDBRN-AWS-LAMBDA-1 Add evaluateLive and evaluateStatic to the Lambda cost-optimal architecture rule. The rule flags Lambda functions using x86_64 when arm64 (Graviton2) offers ~20% lower cost. - Add AwsLambdaFunction type and extend LiveEvaluationContext - Export AwsLambdaFunction from package index - evaluateLive: filter functions missing arm64 architecture - evaluateStatic: check Terraform aws_lambda_function and CloudFormation AWS::Lambda::Function (absent = x86_64 default) * feat(sdk): add Lambda function discoverer and wire into scanner - Add @aws-sdk/client-lambda dependency - Add createLambdaClient factory in client.ts - Create discoverAwsLambdaFunctions using paginateListFunctions - Wire lambdaFunctions into scanAwsResources with shared region resolution - Update scanner tests for the new discoverer * docs: update CLDBRN-AWS-LAMBDA-1 status to Implemented and add changesets * fix(rules): clarify Lambda rule message with actionable guidance Reword from vague "should use the most cost-optimal architecture" to specific "running x86_64 should be upgraded to arm64 (Graviton2), which is on average 20% cheaper." * feat(sdk): add accountId to live discovery findings Resolve the AWS account ID once via STS GetCallerIdentity in the scanner (same pattern as resolveAwsRegions) and thread it through all discoverers into resource types and FindingMatch output. - Add accountId to AwsEbsVolume and AwsLambdaFunction types - Add resolveAwsAccountId using @aws-sdk/client-sts - Update EBS and Lambda discoverers to accept and include accountId - Update scanner to resolve accountId in parallel with regions - Update all rule evaluators to emit accountId in discovery findings * fix(sdk): address review feedback for Lambda rule - Shorten rule message to actionable guidance - Skip computed/intrinsic architectures in static evaluation instead of false-flagging (Terraform variable refs, CloudFormation Ref) - Run discoverers in parallel with Promise.allSettled for concurrency and partial failure resilience in both scanner and discoverer - Add Lambda discoverer unit tests (pagination, filtering, defaults, partial region failure) - Add scanner integration test for Lambda findings in live scan output - Add scanner concurrency and partial failure tests * fix: finalize lambda discovery review fixes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request checklist
Please check if your PR fulfills the following requirements:
Pull request type
Please check the type of change your PR introduces:
Other information