Module 3: No AWS Keys Allowed!
In this module, as a Security engineer, you will add a lambda function that will look for AWS Access and Secret keys.
Setting Lambda to Look for AWS Credentials
- Browse to the Lambda console, and create a new function from scratch.
- Be sure to select the Python 2.7 runtime, and the module*PipelineL-
- Name the function to your choosing. Create function.
- Set the Lambda time out to 1 minute.
cfn_secrets.pyis provided in the workshop. Open this in your favorite editor.
- Paste the contents of
cfn_secrets.pysource editor (the one in the Lambda console), overwriting the initial placeholder function.
- Browse back to the CodePipeline Console, and open your DevSecOps Pipeline again.
- Edit the pipeline, using the button at the top right.
- Use the
Edit Stagebutton for the StaticCodeAnalysis stage.
- Select the Edit icon for the CFNParsing function.
- Copy the contents of “User Parameters (optional)” to your paste buffer. Close the Edit action pop-up.
- Add a new action group.
- Select “Add action group”.
- Create a name for your key-scanning action, choose AWS Lambda from the Action provider drop-down.
- In “Function name”, select the name you gave your Lambda function in Step 2 above.
- TemplateSource in the “Input artifacts” drop-down.
- Paste the contents of your paste buffer from above into “User Parameters (optional)”
- Select Save the newly-edited pipeline. You must check the “No resource updates needed for this source action change” option on the pipeline save pop-up window.
- Your new Lambda function is now integrated into your pipeline.
Proceed to the next module to test your Lambda function.