Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/iann0036/iamlive-lambda-extension

Lambda Extension for iamlive
https://github.com/iann0036/iamlive-lambda-extension

iamlive lambda-extensions least-privilege

Last synced: 20 days ago
JSON representation

Lambda Extension for iamlive

Host: GitHub
URL: https://github.com/iann0036/iamlive-lambda-extension
Owner: iann0036
License: mit
Created: 2021-04-25T03:24:48.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-05-17T13:52:32.000Z (over 3 years ago)
Last Synced: 2024-10-03T12:24:22.053Z (about 1 month ago)
Topics: iamlive, lambda-extensions, least-privilege
Language: Go
Homepage:
Size: 2.51 MB
Stars: 43
Watchers: 3
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # iamlive Lambda Extension

[![](https://img.shields.io/badge/serverless%20application%20repo-iamlive-blue.svg)](https://console.aws.amazon.com/lambda/home?region=us-east-1#/create/app?applicationId=arn:aws:serverlessrepo:ap-southeast-2:767145733124:applications/iamlive)

The [iamlive](https://github.com/iann0036/iamlive) Lambda Extension helps generate a least-privilege IAM policy by monitoring the AWS calls made within the Lambda execution environment.

## Installation

You must first install the Lambda Layer into your environment by installing it from the [Serverless Application Repository](https://console.aws.amazon.com/lambda/home?region=us-east-1#/create/app?applicationId=arn:aws:serverlessrepo:ap-southeast-2:767145733124:applications/iamlive), or by performing a `sam build && sam deploy` from the repository root.

Once installed, you should attach the `iamlive` Lambda Layer to the function you wish to monitor using the "Specify an ARN" option and set the following environment variables within the Lambda function:

Key             | Value

--------------- | ------------------------

`AWS_CA_BUNDLE` | `/tmp/iamlive-ca.pem`

`HTTP_PROXY`    | `http://127.0.0.1:10080`

`HTTPS_PROXY`   | `http://127.0.0.1:10080`

It's also strongly recommended you allocate at least an extra 512MB of memory to the Lambda function.

## Usage

You may invoke your Lambda function as per your normal usage. When your invocation is complete, the results of the execution will be displayed _at the start of your next execution_ or after the Lambda hasn't been invoked after approximately 5 minutes (i.e. the Lambda runtime goes into SHUTDOWN).

It's not recommended to continue to have the iamlive extension applied long-term or in a production environment due to the overheads involved.