Skip to content
/ aws-serverless-security-workshop Public
forked from aws-samples/aws-serverless-security-workshop

In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: identity & access management, code, data, infrastructure, logging & monitoring.

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
MIT-0
LICENSE-SAMPLECODE
Unknown
LICENSE-SUMMARY
1 star 185 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nib-health-funds/aws-serverless-security-workshop

BranchesTags
 
 

Repository files navigation

Serverless Security Workshop

In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains:

  1. identity & access management
  2. infrastructure
  3. data
  4. code
  5. logging & monitoring

You'll start by deploying a simple serverless application that allows third party companies to submit unicorn customizations. This will help Wild Rydes receive ad revenue and allow third party companies to market their brand leveraging Wild Rydes's popularity.

The simple serverless application has the below architecture to start with:

architecture-diagram

However, this simple serverless application is not very secure, and we need your help to implement measures to protect this serverless API from attackers.

By following different modules covering various aspects of security, you will help improve the security of the simple serverless application.

Presentation Slides

You can find the presentation slides in the slides branch of this git repo, under the presentation/ folder

Workshop Modules

Note: The workshop is designed so you don't have to complete all the modules in order, with the exception of module 0: You must start with module 0 before you work on other modules!

If you get stuck at any point check out troubleshooting as it covers a few of the more common issues people run into:

module 1

Click on the link to module 0 below to get started deploying the simple serverless application that you will spend the rest of the workshop securing!

module 1

Here's an overview of the modules in this workshop and how they map to different areas of security:

Identity & Access ⚔
module 1 		Code 🏰
module 2 module 3 module 3 		Logging & Monitoring 🕶 module 3
Data 🏆
module 4
Infrastructure 🛡
module 5 module 6

Resource cleanup

Click below to go to the resource cleanup steps:

module 2

License Summary

The documentation is made available under the Creative Commons Attribution-ShareAlike 4.0 International License. See the LICENSE file.

The sample within this documentation is made available under a modified MIT license. See the LICENSE-SAMPLECODE file.

About

In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. We will cover AWS services and features you can leverage to improve the security of a serverless applications in 5 domains: identity & access management, code, data, infrastructure, logging & monitoring.

Resources

Readme

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
MIT-0
LICENSE-SAMPLECODE
Unknown
LICENSE-SUMMARY

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 93.3%
  • TSQL 6.7%