https://github.com/sls-mentor/sls-mentor

Analyze your AWS serverless app in one command! 30+ best practices to improve costs💰 security🛡 stability🧘‍♀️ speed🚀 and sustainability🌱
https://github.com/sls-mentor/sls-mentor

analysis audit aws best-practices compliance cost-optimization dynamodb lambda learn s3 security serverless sns sqs

Last synced: 3 days ago
JSON representation

Analyze your AWS serverless app in one command! 30+ best practices to improve costs💰 security🛡 stability🧘‍♀️ speed🚀 and sustainability🌱

• Host: GitHub
• URL: https://github.com/sls-mentor/sls-mentor
• Owner: sls-mentor
• Created: 2022-05-20T12:51:13.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-09-13T16:12:24.000Z (about 2 months ago)
• Last Synced: 2024-10-14T06:42:17.906Z (27 days ago)
• Topics: analysis, audit, aws, best-practices, compliance, cost-optimization, dynamodb, lambda, learn, s3, security, serverless, sns, sqs
• Language: TypeScript
• Homepage: https://www.sls-mentor.dev
• Size: 9.2 MB
• Stars: 188
• Watchers: 2
• Forks: 8
• Open Issues: 5
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        


  


    


    


    

    


    

    


  

  


  

    
We are open to contributions, check our good first issues!

    

       

    

    

      

    

  

  
🚨 [NEW]sls-mentor 3.0 is in alpha! 🚨

  
Visualize you AWS serverless application like never before

  

  
npx sls-mentor@alpha -p <AWS_CLI_PROFILE>

  
Weekly pre-releases, we need your feedback and feature requests!

  
⬇️ Back to sls-mentor v2 ⬇️

  


    Just because you don't see something, doesn't mean it doesn't exist

  

   
 Anonymous on Tumblr - 2012 

   


  


    sls-mentor is a tool that analyzes the configuration of your AWS resources against best practice rules. 
sls-mentor solves problems before they occur, and optimizes your app’s performances and costs.

  

  
Check our website for more information! 











  
One minute quick start 🚀

  


  
npx sls-mentor

    

  


  









  
Install sls-mentor on your project and customize your experience 🔎

  


  
yarn add -D sls-mentor


  
Select the cloudformation stacks you want to check using -c option

  
yarn sls-mentor -c {YOUR_AWS_STACK_NAME_1} {YOUR_AWS_STACK_NAME_2}


  
Filter the checked resources by tags using the -t option

  
yarn sls-mentor -t Key={TAG_KEY},Value={TAG_VALUE}


  
Specify an AWS profile or an AWS region using -p and -r options

  
yarn sls-mentor -p {YOUR_AWS_PROFILE} -c {YOUR_AWS_STACK_NAME} -r {YOUR_AWS_REGION}


  
📚 More information about local runs of sls-mentor

  









  
Run sls-mentor as a periodic check on your CI 📟

  


  
The command you want to run in your pipeline is:

  
yarn sls-mentor -p {YOUR_AWS_PROFILE} -c {YOUR_AWS_STACK_NAME} -r {YOUR_AWS_REGION} -l {YOUR_DESIRED_LEVEL}


  
Github actions, Circle CI, Gitlab CI configuration snippets coming soon 🚀

  


  
⚠️ To make sure it properly works when executed by a pipeline runner:


- Ensure that the CI/CD runner has an AWS profile configured, with ReadOnlyAccess privileges.


- If the region is not configured for that profile, make sure to specify it using the -r flag in the command.


  
📚 More information about CI runs of sls-mentor









Rules featured by sls-mentor 📏




- AWS Lambda:

  - [`Lambda: Use ARM64 architecture`](./packages/documentation/docs/rules/useArm.md): checks that you're using ARM64 architectures for your Lambda functions.

  - [`Lambda: No shared IAM roles`](./packages/documentation/docs/rules/noSharedIamRoles.md): checks that each one of your Lambda functions has its own IAM role.

  - [`Lambda: Limited amount of versions`](./packages/documentation/docs/rules/limitedAmountOfVersions.md): checks that you do not store all previous deployment versions for your Lambda functions.

  - [`Lambda: Specify failure destination to async functions`](./packages/documentation/docs/rules/asyncSpecifyFailureDestination.md): checks that each one of your async Lambda functions has a failure destination.

  - [`Lambda: No identical code`](./packages/documentation/docs/rules/noIdenticalCode.md): checks that each one of your Lambda functions has different code.

  - [`Lambda: Light bundle`](./packages/documentation/docs/rules/lightBundle.md): checks that each one of your Lambda functions' bundles is reasonably small.

  - [`Lambda: Under maximum memory`](./packages/documentation/docs/rules/underMaxMemory.md): checks that each one of your Lambda functions' memory size is reasonably small.

  - [`Lambda: No maximum timeout`](./packages/documentation/docs/rules/noMaxTimeout.md): checks that your Lambda functions' timeout is not set at the maximum available.

  - [`Lambda: No provisioned concurrency`](./packages/documentation/docs/rules/noProvisionedConcurrency.md): checks that no Lambda function has provisioned concurrency.

    concurrency.

  - [`Lambda: No deprecated runtime`](./packages/documentation//docs/rules/noDeprecatedRuntime.md): checks that your Lambda functions do not run on deprecated runtime.

- AWS S3:

  - [`S3: Use intelligent tiering`](./packages/documentation/docs/rules/useIntelligentTiering.md): checks that each one of S3 buckets has intelligent tiering enabled.

  - [`S3: Use HTTPS requests only`](./packages/documentation/docs/rules/s3OnlyAllowHTTPS.md): checks that users access buckets objects using SSL.

- AWS SQS:

  - [`SQS: Specify a DLQ on queues`](./packages/documentation/docs/rules/specifyDlqOnSqs.md): checks that SQS queues have a dead-letter-queue specified in case of failure

- AWS Cognito:

  - [`Cognito: Sign-in case insensitivity`](./packages/documentation/docs/rules/cognitoSignInCaseInsensitivity.md): checks that your Cognito user pool is insensitive to user name case.

- AWS CloudWatch:

  - [`CloudWatch Log Groups: Defined logs retention duration`](./packages/documentation/docs/rules/definedLogsRetentionDuration.md): checks that each of your Log Groups has a defined log retention duration.

- AWS EventBridge:

  - [`EventBridge: Specified dead letter queue`](./packages/documentation/docs/rules/specifyDlqOnEventBridgeRule.md): checks that each Event Bridge Rule target has a dead letter queue.

- AWS CloudFront:

  - [`CloudFront: Enable security headers`](./packages/documentation/docs/rules/cloudFrontSecurityHeaders.md): checks that each CloudFront distributions have basic security headers enabled.

  - [`CloudFront: SSL certificate associated`](./packages/documentation/docs/rules/cloudFrontSSLCertificate.md): checks that each CloudFront distributions have a SSL certificate associated (IAM or ACM).

- AWS RDS:

  - [`RDS: Enable instance autoscaling`](./packages/documentation/docs/rules/autoscaleRdsInstanceEnabled.md): checks that RDS instances have autoscaling enabled.

- AWS Backup:

  - [`Backup: Defined Backup Retention Period or Transition to Cold Storage`](./packages/documentation/docs/rules/definedBackupRetentionPeriodOrTransitionToColdStorage.md): checks that each rule of any Backup Plan has a defined retention period or transition to cold storage date.

- AWS API Gateway V2:

  - [`API Gateway: Use authorized routes`](./packages/documentation/docs/rules/noUnauthorizedApiGatewaysV2Routes.md): checks that each API Gateway route has an authorizer configured.

Check out our articles, to find out more:


- sls-mentor 1.0.0 available now! Your Free Open Source audit tool for AWS architectures! by Éloi

- That one AWS Lambda hidden configuration that will make you a Hero - sls-mentor is watching over you by Zineb

- AWS Lambda Versions : Time to clean up! - sls-mentor is watching over you by Pierre

- AWS Lambda 101: Shave That Bundle Down by Éloi









  
About sls-mentor 📰

  


  


  sls-mentor is a Theodo Group project made for AWS Serverless developers by AWS Serverless developers. Original idea appeared at Aleios. sls-mentor was migrated to Typescript and enriched by Theodo.

  











  
Contributors ❤️

  


  

    

  

  

    

  

  


  


  
Your contributions are very welcome, feel free to add new rules to sls-mentor !

  


  
Built using Swarmion - Check them out they are great!