No project description provided
Project description
# FunctionShield
> AWS Lambda Security Library for Developers. Regain Control over Your Serverless Runtime.
## How FunctionShield helps With AWS Lambda Security?
* By monitoring (or blocking) outbound network traffic from your function, you can be certain that your data is never leaked
* By disabling read/write operations on the /tmp/ directory, you can make your function truly ephemeral
* By disabling the ability to launch child processes, you can make sure that no rogue processes are spawned without your knowledge by potentially malicious packages
* By disabling the ability to read the function's (handler) source code through the file system, you can prevent handler source code leakage, which is oftentimes the first step in a serverless attack
## Get a free token
Please visit: https://www.puresec.io/function-shield-token-form
## Install
```sh
$ pip install function-shield
```
## Super simple to use
```python
import function_shield
function_shield.configure({
"policy": {
# 'block' mode => active blocking
# 'alert' mode => log only
# 'allow' mode => allowed, implicitly occurs if key does not exist
"outbound_connectivity": "block",
"read_write_tmp": "block",
"create_child_process": "block",
"read_handler": "block"
},
"token": os.environ['FUNCTION_SHIELD_TOKEN']
})
def handler(event, context):
# Your Code Here #
```
## Logging & Security Visibility
FunctionShield logs are sent directly to your function's AWS CloudWatch log group.
Here are a few sample logs, demonstrating the log format you should expect:
```js
// Log example #1:
{
"function_shield": true,
"policy": "outbound_connectivity",
"details": {
"host": "google.com"
},
"mode": "alert"
}
// Log example #2:
{
"function_shield": true,
"policy": "read_write_tmp",
"details": {
"path": "/tmp/node-alert"
},
"mode": "alert"
}
// Log example #3:
{
"function_shield": true,
"policy": "create_child_process",
"details": {
"path": "/bin/sh"
},
"mode": "block"
}
// Log example #4:
{
"function_shield": true,
"policy": "read_handler",
"details": {
"path": "/var/task/handler.js"
},
"mode": "alert"
}
```
## Custom Security Policy (whitelisting)
Custom security policy is only supported with the PureSec SSRE full product.
[Get PureSec](https://www.puresec.io/product)
> AWS Lambda Security Library for Developers. Regain Control over Your Serverless Runtime.
## How FunctionShield helps With AWS Lambda Security?
* By monitoring (or blocking) outbound network traffic from your function, you can be certain that your data is never leaked
* By disabling read/write operations on the /tmp/ directory, you can make your function truly ephemeral
* By disabling the ability to launch child processes, you can make sure that no rogue processes are spawned without your knowledge by potentially malicious packages
* By disabling the ability to read the function's (handler) source code through the file system, you can prevent handler source code leakage, which is oftentimes the first step in a serverless attack
## Get a free token
Please visit: https://www.puresec.io/function-shield-token-form
## Install
```sh
$ pip install function-shield
```
## Super simple to use
```python
import function_shield
function_shield.configure({
"policy": {
# 'block' mode => active blocking
# 'alert' mode => log only
# 'allow' mode => allowed, implicitly occurs if key does not exist
"outbound_connectivity": "block",
"read_write_tmp": "block",
"create_child_process": "block",
"read_handler": "block"
},
"token": os.environ['FUNCTION_SHIELD_TOKEN']
})
def handler(event, context):
# Your Code Here #
```
## Logging & Security Visibility
FunctionShield logs are sent directly to your function's AWS CloudWatch log group.
Here are a few sample logs, demonstrating the log format you should expect:
```js
// Log example #1:
{
"function_shield": true,
"policy": "outbound_connectivity",
"details": {
"host": "google.com"
},
"mode": "alert"
}
// Log example #2:
{
"function_shield": true,
"policy": "read_write_tmp",
"details": {
"path": "/tmp/node-alert"
},
"mode": "alert"
}
// Log example #3:
{
"function_shield": true,
"policy": "create_child_process",
"details": {
"path": "/bin/sh"
},
"mode": "block"
}
// Log example #4:
{
"function_shield": true,
"policy": "read_handler",
"details": {
"path": "/var/task/handler.js"
},
"mode": "alert"
}
```
## Custom Security Policy (whitelisting)
Custom security policy is only supported with the PureSec SSRE full product.
[Get PureSec](https://www.puresec.io/product)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
function-shield-1.1.3.tar.gz
(69.2 kB
view hashes)
Built Distributions
Close
Hashes for function_shield-1.1.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 83bacd2d5c31daeb0165597f3f641b1aa2d2d902f70dffecc6826443ddc10016 |
|
MD5 | 8d629181f8f3ec597ae4e6272c2e464e |
|
BLAKE2b-256 | 05fa30b507b0ba8728492a045283361d1a1b2e55c30c500bc672d6afb12d7008 |
Close
Hashes for function_shield-1.1.3-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9e687de55c85809f0137a5596e85b3c6c8061e498a5e258ea67808174dbc116f |
|
MD5 | d6c6517a563309b656fe273377252e29 |
|
BLAKE2b-256 | 84c7060dee289a73002d32d5bb792d7172f2ca37dbc8a30d692f285d6c496334 |
Close
Hashes for function_shield-1.1.3-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3c5cbe5c78e2d23c6beb3a44618e19f095a21d2e99af79055966eb1182fedb38 |
|
MD5 | 13e54a9a604d0b469c4d43365e7b16e0 |
|
BLAKE2b-256 | 917529a3e2f9e21600f9ed716c9d74fa5ddd41e2263f3f33e30afdde0067b74f |