No project description provided
Project description
# FunctionShield
> AWS Lambda Security Library for Developers. Regain Control over Your Serverless Runtime.
## How FunctionShield helps With AWS Lambda Security?
* By monitoring (or blocking) outbound network traffic from your function, you can be certain that your data is never leaked
* By disabling read/write operations on the /tmp/ directory, you can make your function truly ephemeral
* By disabling the ability to launch child processes, you can make sure that no rogue processes are spawned without your knowledge by potentially malicious packages
* By disabling the ability to read the function's (handler) source code through the file system, you can prevent handler source code leakage, which is oftentimes the first step in a serverless attack
## Get a free token
Please visit: https://www.puresec.io/function-shield-token-form
## Install
```sh
$ pip install function-shield
```
## Super simple to use
```python
import function_shield
function_shield.configure({
"policy": {
# 'block' mode => active blocking
# 'alert' mode => log only
# 'allow' mode => allowed, implicitly occurs if key does not exist
"outbound_connectivity": "block",
"read_write_tmp": "block",
"create_child_process": "block",
"read_handler": "block"
},
"token": os.environ['FUNCTION_SHIELD_TOKEN']
})
def handler(event, context):
# Your Code Here #
```
## Logging & Security Visibility
FunctionShield logs are sent directly to your function's AWS CloudWatch log group.
Here are a few sample logs, demonstrating the log format you should expect:
```js
// Log example #1:
{
"function_shield": true,
"policy": "outbound_connectivity",
"details": {
"host": "google.com"
},
"mode": "alert"
}
// Log example #2:
{
"function_shield": true,
"policy": "read_write_tmp",
"details": {
"path": "/tmp/node-alert"
},
"mode": "alert"
}
// Log example #3:
{
"function_shield": true,
"policy": "create_child_process",
"details": {
"path": "/bin/sh"
},
"mode": "block"
}
// Log example #4:
{
"function_shield": true,
"policy": "read_handler",
"details": {
"path": "/var/task/handler.js"
},
"mode": "alert"
}
```
## Custom Security Policy (whitelisting)
Custom security policy is only supported with the PureSec SSRE full product.
[Get PureSec](https://www.puresec.io/product)
> AWS Lambda Security Library for Developers. Regain Control over Your Serverless Runtime.
## How FunctionShield helps With AWS Lambda Security?
* By monitoring (or blocking) outbound network traffic from your function, you can be certain that your data is never leaked
* By disabling read/write operations on the /tmp/ directory, you can make your function truly ephemeral
* By disabling the ability to launch child processes, you can make sure that no rogue processes are spawned without your knowledge by potentially malicious packages
* By disabling the ability to read the function's (handler) source code through the file system, you can prevent handler source code leakage, which is oftentimes the first step in a serverless attack
## Get a free token
Please visit: https://www.puresec.io/function-shield-token-form
## Install
```sh
$ pip install function-shield
```
## Super simple to use
```python
import function_shield
function_shield.configure({
"policy": {
# 'block' mode => active blocking
# 'alert' mode => log only
# 'allow' mode => allowed, implicitly occurs if key does not exist
"outbound_connectivity": "block",
"read_write_tmp": "block",
"create_child_process": "block",
"read_handler": "block"
},
"token": os.environ['FUNCTION_SHIELD_TOKEN']
})
def handler(event, context):
# Your Code Here #
```
## Logging & Security Visibility
FunctionShield logs are sent directly to your function's AWS CloudWatch log group.
Here are a few sample logs, demonstrating the log format you should expect:
```js
// Log example #1:
{
"function_shield": true,
"policy": "outbound_connectivity",
"details": {
"host": "google.com"
},
"mode": "alert"
}
// Log example #2:
{
"function_shield": true,
"policy": "read_write_tmp",
"details": {
"path": "/tmp/node-alert"
},
"mode": "alert"
}
// Log example #3:
{
"function_shield": true,
"policy": "create_child_process",
"details": {
"path": "/bin/sh"
},
"mode": "block"
}
// Log example #4:
{
"function_shield": true,
"policy": "read_handler",
"details": {
"path": "/var/task/handler.js"
},
"mode": "alert"
}
```
## Custom Security Policy (whitelisting)
Custom security policy is only supported with the PureSec SSRE full product.
[Get PureSec](https://www.puresec.io/product)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distributions
Close
Hashes for function_shield-1.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 15013df6be130733843751719c1a31487224da38451756d1c5ded5a402c44f6c |
|
| MD5 | 7da93386148ac3bbad077c54cb6d3880 |
|
| BLAKE2b-256 | 3c7f0f38219cc7f55b621fc69e3ce4abb23897d7e701c7db0d21a9b0daa1bc72 |
Close
Hashes for function_shield-1.1.1-py2-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 02952850c54c044be819aa7cf1f90dec1839a6e911f50035ec083db69e477418 |
|
| MD5 | 3c0b90fbc10a7d8b50bb245fb5bbb651 |
|
| BLAKE2b-256 | d41c5693fe831ff715a3b4552c8c0a587d8d91ca7606fc41c2f325d14a067740 |
