Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/hubspotwebteam/serverless-resource-policy

Custom serverless plugin for whitelisting certain IP and/or CIDR addresses by setting a resource policy
https://github.com/hubspotwebteam/serverless-resource-policy

cidr hacktoberfest ip plugin resource-policy resourcepolicy serverless whitelist

Last synced: 2 months ago
JSON representation

Custom serverless plugin for whitelisting certain IP and/or CIDR addresses by setting a resource policy

Awesome Lists containing this project

README 

          
# Serverless Resource Policy



Creates a whitelist for IP or CIDR addresses accessing a serverless application, using serverless resource policies. This enables you to allow requests only from the IP or CIDR addresses you specify.



## Private and Public Stages



CIDR and IP addresses are whitelisted by stages.



- `privateStages`: Private to whitelisted CIDR and IP addresses. In the example below, our `dev` and `staging` stages are `privateStages`, so only those CIDR and IP addresses can access `dev` and `staging`.

- `publicStages`: No whitelisting necessary. These stages are public to all CIDR and IP addresses.



## How to Use



1. Install in your serverless application: `npm install --save serverless-resource-policy`

2. In your `serverless.yml` file, add the `serverless-resource-plugin`, for example:

   ```

   plugins:

   - serverless-resource-policy

   ```

3. Within the `provider` block, add a `stage` variable:

   ```

   provider:

     stage: ${opt:stage, 'dev'}

   ```

4. Within a `custom` block, add:

   ```

   custom:

     serverless-resource-policy:

       stage: ${self:provider.stage}

       privateStages:

         - dev

         - staging

       publicStages:

         - production

       netblocks:

         - 123.45.67.890/30

         - 987.65.432.109

   ```



> The `netblocks` object will contain the list of whitelisted IPs.



### Full Example



```

# serverless.yml



service: my-service-name



plugins:

  - serverless-resource-policy



provider:

  stage: ${opt:stage, 'dev'}



custom:

  serverless-resource-policy:

    stage: ${self:provider.stage}

    privateStages:

      - dev

      - staging

    publicStages:

      - production

    netblocks:

      - 123.45.67.890/30

      - 987.65.432.109

```



# Contributing



Currently maintained by the lovely folks on HubSpot's Web Team, but we need your help. Please feel free to submit pull requests to add new functionality.