No project description provided
Project description
AWS Lambda Security Library for Developers. Regain Control over Your Serverless Runtime.
How FunctionShield helps With AWS Lambda Security?
By monitoring (or blocking) outbound network traffic from your function, you can be certain that your data is never leaked
By disabling read/write operations on the /tmp/ directory, you can make your function truly ephemeral
By disabling the ability to launch child processes, you can make sure that no rogue processes are spawned without your knowledge by potentially malicious packages
By disabling the ability to read the function’s (handler) source code through the file system, you can prevent handler source code leakage, which is oftentimes the first step in a serverless attack
Get a free token
Please visit: https://www.puresec.io/function-shield-token-form
Install
$ pip install function-shield
Super simple to use
import function_shield
function_shield.configure({
"policy": {
# 'block' mode => active blocking
# 'alert' mode => log only
# 'allow' mode => allowed, implicitly occurs if key does not exist
"outbound_connectivity": "block",
"read_write_tmp": "block",
"create_child_process": "block",
"read_handler": "block"
},
"token": os.environ['FUNCTION_SHIELD_TOKEN']
})
def handler(event, context):
# Your Code Here #
Logging & Security Visibility
FunctionShield logs are sent directly to your function’s AWS CloudWatch log group. Here are a few sample logs, demonstrating the log format you should expect:
// Log example #1:
{
"function_shield": true,
"policy": "outbound_connectivity",
"details": {
"host": "google.com"
},
"mode": "alert"
}
// Log example #2:
{
"function_shield": true,
"policy": "read_write_tmp",
"details": {
"path": "/tmp/node-alert"
},
"mode": "alert"
}
// Log example #3:
{
"function_shield": true,
"policy": "create_child_process",
"details": {
"path": "/bin/sh"
},
"mode": "block"
}
// Log example #4:
{
"function_shield": true,
"policy": "read_handler",
"details": {
"path": "/var/task/handler.js"
},
"mode": "alert"
}
Custom Security Policy (whitelisting)
Custom security policy is only supported with the PureSec SSRE full product.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for function_shield-1.1.4-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f2e16966b5ca8dea2e51b64f888f7118dc056731ed6764d90d454a4a9ed50437 |
|
MD5 | c2a282ca61c24e80d0f9d74dc220be2e |
|
BLAKE2b-256 | c04ce573d1aa7a7467b15f97d3adbe837314af8195bea83ee7df464f3cb9b0b5 |