{"id":22096003,"url":"https://github.com/perimeterx/aws-lambda-edge-template","last_synced_at":"2025-03-24T00:55:09.078Z","repository":{"id":232785673,"uuid":"778366336","full_name":"PerimeterX/aws-lambda-edge-template","owner":"PerimeterX","description":null,"archived":false,"fork":false,"pushed_at":"2025-03-17T08:13:31.000Z","size":141,"stargazers_count":1,"open_issues_count":4,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-17T09:27:50.404Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PerimeterX.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-27T15:33:05.000Z","updated_at":"2025-03-04T08:07:21.000Z","dependencies_parsed_at":"2024-04-11T12:57:39.829Z","dependency_job_id":"85247a18-c3ae-4d4a-b3a1-d2ea13840877","html_url":"https://github.com/PerimeterX/aws-lambda-edge-template","commit_stats":null,"previous_names":["perimeterx/aws-lambda-edge-template"],"tags_count":0,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Faws-lambda-edge-template","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Faws-lambda-edge-template/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Faws-lambda-edge-template/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Faws-lambda-edge-template/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PerimeterX","download_url":"https://codeload.github.com/PerimeterX/aws-lambda-edge-template/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245191635,"owners_count":20575248,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-01T04:09:21.752Z","updated_at":"2025-03-24T00:55:09.071Z","avatar_url":"https://github.com/PerimeterX.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS Lambda@Edge Enforcer Sample Project\n\nSee the full official documentation for the Human Security AWS Lambda@Edge Enforcer [here](https://docs.humansecurity.com/applications-and-accounts/docs/whats-new-aws-lambda-edge).\n\n## Use case\n1. This repo allows you to generate templates for each Human Security AWS Lambda@Edge Enforcer lambda [Version 4](https://docs.humansecurity.com/applications-and-accounts/docs/whats-new-aws-lambda-edge) (and above).\n2. The lambdas are customized and allow you to:\n   - Edit the enforcer configuration in a separate file.\n   - Use async calls to fetch specific configuration values.\n   - Add your custom logic to the enforcer request/response when the handler starts and before the handler finishes, and then send it to the next handler you define.\n\n## How to use\n1. git clone the project into your working directory.\n2. Install dependencies with `npm install`.\n3. Configure the enforcer by modifying the `src/custom/config.ts` file.\n   \u003c/br\u003e Under this file you can find 3 types of configuration parameters:\n   * \u003cb\u003eMandatory\u003c/b\u003e configuration fields that can be found under `Mandatory configurations` comment:   \n      * `PX_APP_ID` - The application ID (available in the [portal](https://console.perimeterx.com/))\n      * `PX_AUTH_TOKEN` - The server token (available in the [portal](https://console.perimeterx.com/))\n      * `PX_COOKIE_SECRET` - The cookie secret associated with the Bot Defender security policy (available in the [portal](https://console.perimeterx.com/))\n   * \u003cb\u003eAll other\u003c/b\u003e configuration fields that you can read more about them [here](https://docs.humansecurity.com/applications-and-accounts/docs/configuration-aws-lambda-edge):\n      *  The simple ones under `Simple function configuration` comment.\n      * Custom functions that can be found under `Custom function configurations` comment.\n4. Compile the enforcer by running `npm run zip` from the project directory.\n5. Choose the relevant lambda from the 3 generated lambda zip files:\n    * HumanEnforcer.zip\n    * HumanActivities.zip\n    * HumanFirstParty.zip\n6. Deploy the lambda to AWS Lambda@Edge using the AWS console, AWS CLI or Cloudformation using the instructions below.\n\n## Deploy using AWS CloudFormation\n\n### prerequisites:\n1. Complete the instructions in the `How to use` section and make sure you have the lambda zip files.\n2. AWS CLI installed and configured.\n3. AWS S3 bucket to store the lambda zip files.\n\n*Note*: The following steps are for deploying the Human Security Enforcer to a new CloudFront distribution.\nThe deployment includes the HumanEnforcer lambda and the HumanFirstParty lambda. The HumanActivities lambda is not included in the deployment, to add it, please follow the \"How to add HumanActivitiesLambda\" instructions at the end of this document, before deploying the CloudFormation stack.\n\n### Steps:\n1. Store the lambda zip files in the S3 bucket using the following command:\n    ```bash\n    aws s3 cp HumanEnforcer.zip s3://\u003cbucket-name\u003e/HumanEnforcer.zip\n    aws s3 cp HumanActivities.zip s3://\u003cbucket-name\u003e/HumanActivities.zip\n    aws s3 cp HumanFirstParty.zip s3://\u003cbucket-name\u003e/HumanFirstParty.zip\n    ```\n2. Navigate to the `deploy` directory.\n    ```bash\n   cd deploy\n    ```\n3. Edit the `cfm_deploy.yaml` file and replace the placeholders with the relevant values:\n - `DomainName: \"\u003cORIGIN_DOMAIN_URL\u003e\" `\n - \u003cb\u003eExample:\u003c/b\u003e `- DomainName: \"example.com\"`\n```yaml\n     CloudFrontDistribution:\n    Type: \"AWS::CloudFront::Distribution\"\n    Properties:\n      DistributionConfig:\n        Enabled: true\n        Origins:\n          - DomainName: \"\u003cORIGIN_DOMAIN_URL\u003e\"\n            Id: \"ExampleOrigin\"\n            CustomOriginConfig:\n              HTTPPort: 80\n              HTTPSPort: 443\n              OriginProtocolPolicy: \"https-only\"\n   ```\n - PathPattern: `\"\u003cPX_APP_ID_SUFFIX\u003e/*\"`\n - \u003cb\u003eExample\u003c/b\u003e: for PX_APP_ID: `pxapp12345` the `PX_APP_ID_SUFFIX` is `app12345` (Remove the PX prefix from the app_id)\n```yaml\n        CacheBehaviors:\n          - PathPattern: \"\u003cPX_APP_ID_SUFFIX\u003e/*\"\n            AllowedMethods:\n                - \"GET\"\n                - \"HEAD\"\n                - \"OPTIONS\"\n                - \"PUT\"\n                - \"POST\"\n                - \"PATCH\"\n                - \"DELETE\"\n```\nExample:\n```yaml\n        CacheBehaviors:\n          - PathPattern: \"pxapp12345/*\"\n            AllowedMethods:\n                - \"GET\"\n                - \"HEAD\"\n                - \"OPTIONS\"\n                - \"PUT\"\n                - \"POST\"\n                - \"PATCH\"\n                - \"DELETE\"\n```\n4. Deploy the CloudFormation stack using the following command (\u003cb\u003eNOTE: replace the placeholders with the relevant values - `\u003cstack-name\u003e` and `\u003cbucket-name\u003e` \u003c/b\u003e):\n    ```bash\n    aws cloudformation deploy \\                                    \n    --stack-name \u003cstack-name\u003e \\\n    --template-file cfm_deploy.yaml \\\n    --capabilities CAPABILITY_IAM \\\n    --parameter-overrides \\\n    HumanLambdaCodeBucket=\u003cbucket-name\u003e \\\n    EnforcerLambdaCodePath=HumanEnforcer.zip \\\n    FirstPartyLambdaCodePath=HumanFirstParty.zip\n    ```\n5. After the stack is created, you can find the CloudFront distribution URL in the CloudFormation stack outputs (or in the AWS UI).\n\n## How to add HumanActivitiesLambda\n\nHumanActivitiesLambda is an optional additional lambda, that runs on viewer request and can be used to send additional activities to the Human Security API.\nThis Lambda is in charge of generating the Human Security PXHD cookie, and needs to be deployed in case you're using advanced features such as Credential Intelligence or GraphQL protection.\n\nTo add the HumanActivitiesLambda to the CloudFormation stack, follow these steps:\n\nAdjust your cfm_deploy.yaml file to include the HumanActivitiesLambda (before deployment):\n\n1. Create the Activities Lambda by adding the following resource to your deployment yaml (after `EnforcerExecutionRole`, at line 65):\n```yaml\n  HumanActivitiesLambda:\n    Type: \"AWS::Lambda::Function\"\n    Properties:\n      FunctionName: \"human-security-activities-lambda\"\n      Handler: \"index.handler\"\n      Role: !GetAtt EnforcerExecutionRole.Arn\n      Runtime: \"nodejs20.x\"\n      Code:\n        S3Bucket: !Ref HumanLambdaCodeBucket\n        S3Key: !Ref ActivitiesLambdaCodePath\n\n  HumanActivitiesLambdaFunctionVersion:\n    Type: \"AWS::Lambda::Version\"\n    Properties:\n      FunctionName: !Ref HumanActivitiesLambda\n```\n\n2. Add to `LambdaFunctionAssociations` an `origin-response` EventType, with the following association: LambdaFunctionARN: !Ref HumanActivitiesLambdaFunctionVersion\nExample: \n```yaml\n            LambdaFunctionAssociations:\n              - EventType: \"viewer-request\"\n                LambdaFunctionARN: !Ref HumanEnforcerLambdaFunctionVersion\n              - EventType: \"origin-response\"\n                LambdaFunctionARN: !Ref HumanActivitiesLambdaFunctionVersion\n```\n3. Add the `ActivitiesLambdaCodePath` variable at the end of the yaml file, example:\n```yaml\n    ActivitiesLambdaCodePath:\n    Type: String\n    Description: \"S3 path for the Activities Lambda code zip file.\"\n```\n4. Run the deployment command using the 3 lambdas:\n```bash\naws cloudformation deploy \\                                    \n--stack-name \u003cstack-name\u003e \\\n--template-file cfm_deploy.yaml \\\n--capabilities CAPABILITY_IAM \\\n--parameter-overrides \\\nHumanLambdaCodeBucket=\u003cbucket-name\u003e \\\nEnforcerLambdaCodePath=HumanEnforcer.zip \\\nActivitiesLambdaCodePath=HumanActivities.zip \\\nFirstPartyLambdaCodePath=HumanFirstParty.zip\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperimeterx%2Faws-lambda-edge-template","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fperimeterx%2Faws-lambda-edge-template","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fperimeterx%2Faws-lambda-edge-template/lists"}