-
Notifications
You must be signed in to change notification settings - Fork 23
/
serverless.yml
275 lines (246 loc) · 9.09 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
# Socless core infrastructure and functions
service: socless
unresolvedVariablesNotificationMode: error
provider:
name: aws
runtime: python3.9
variableSyntax: "\\${{([ ~:a-zA-Z0-9._\\'\",\\-\\/\\(\\)]+?)}}"
stage: ${{opt:stage}}
region: ${{opt:region}}
role:
Fn::GetAtt: [LambdaExecutionRole, "Arn"]
versionFunctions: false
memorySize: 128
timeout: 10
environment:
SOCLESS_VAULT:
Ref: SoclessVault
SOCLESS_RESULTS_TABLE:
Ref: ExecutionResultsTable
SOCLESS_DEDUP_TABLE:
Ref: DedupTable
SOCLESS_EVENTS_TABLE:
Ref: EventsTable
vpc:
securityGroupIds:
- Fn::Sub: ${SoclessLambdaVpcSG.GroupId}
subnetIds:
- Ref: SoclessPrivateFunctionSubnet
stackPolicy:
- Effect: Allow
NotAction: Update:Delete
Principal: "*"
Resource : "*"
- Effect: Deny
Action: Update:Replace
Principal : "*"
Resource: LogicalResourceId/SoclessEIP
plugins:
- sls-apb
custom:
playbooksLogGroupName: /socless/playbook-execution-logs
# This is an example of an Integration Test playbook.
# The integration test can be used to ensure that deployed functions will work correctly in a playbook environment
playbooks:
- socless_core_integration_test
resources:
- ${{file(resources/dynamodb.yml)}} # DynamoDB Tables
- ${{file(resources/iam.yml)}} # IAM Resources
- ${{file(resources/sfn.yml)}} # Step Functions Resources
- ${{file(resources/s3.yml)}} # S3 Resources
- ${{file(resources/kms.yml)}} # KMS Resources
- ${{file(resources/vpc.yml)}} # VPC Resources
- ${{file(resources/sg.yml)}} # Security Group resources
- ${{file(resources/apigateway.yml)}} # API Gateway
- ${{file(resources/playbook_logs.yml)}} # API Gateway
- Resources:
# This is an example of how you can keep a static input inside SSM for your integration test playbook.
# To run an integration test, supply this testcase to create_events which will start the integration test playbook.
SoclessIntegrationPlaybookTestcase:
Type: "AWS::SSM::Parameter"
Properties:
Description:
Fn::Sub: "Input for ${{self:service}}'s integration test playbook"
Name: /socless/integration_test_input
Type: String # test case is stored in plaintext in github, so not using a securestring here. Do not use secrets in the test case
# The test case must be valid JSON, but in order for serverless framework to read and upload to ssm the file needs to be .txt
Value: ${{file(playbooks/socless_core_integration_test/test_case_json.txt)}}
- Outputs:
MergeParallelOutput:
Description: Merges the output from a parallel state into a unified object
Value:
Fn::Sub: ${MergeParallelOutputLambdaFunction.Arn}
SaveMessageResponseToken:
Description: Save the task token created when the Socless Messages Response Activity state is used
Value:
Fn::Sub: ${SaveMessageResponseTokenLambdaFunction.Arn}
Counter:
Description: Simple counter functionality
Value:
Fn::Sub: ${CounterLambdaFunction.Arn}
SetInvestigationStatus:
Description: Set the internal status of an Socless investigation
Value:
Fn::Sub: ${SetInvestigationStatusLambdaFunction.Arn}
AddCustomMapping:
Description: Add a custom mapping to the CustomMappings Table
Value:
Fn::Sub: ${AddCustomMappingLambdaFunction.Arn}
QueryCustomMapping:
Description: Retrieve a custom mapping from the CustomMappings Table
Value:
Fn::Sub: ${QueryCustomMappingLambdaFunction.Arn}
CreateEvents:
Description: Create events from within a playbook
Value:
Fn::Sub: ${CreateEventsLambdaFunction.Arn}
HTTPRequest:
Description: Make an http request with the Python Requests library
Value:
Fn::Sub: ${HTTPRequestLambdaFunction.Arn}
CacheResults:
Description: Cache returned results
Value:
Fn::Sub: ${CacheResultsLambdaFunction.Arn}
SoclessLogFindings:
Description: Generate and upload SOCless log findings to a logging bucket
Value:
Fn::Sub: ${SoclessLogFindingsLambdaFunction.Arn}
SavePlaybookExecutionLogs:
Description: Ships SOCless Playbook executions logs from the log group to S3
Value:
Fn::Sub: ${SavePlaybookExecutionLogsLambdaFunction.Arn}
AWSRequest:
Description: Make requests against AWS APIs
Value:
Fn::Sub: ${AWSRequestLambdaFunction.Arn}
SetupGlobalStateForDirectInvokedPlaybook:
Description: Make requests against AWS APIs
Value:
Fn::Sub: ${SetupGlobalStateForDirectInvokedPlaybookLambdaFunction.Arn}
package:
individually: true
functions:
HTTPRequest:
handler: lambda_function.lambda_handler
name: socless_http_request
description: Make an http request with the Python Requests library
package:
artifact: .archives/functions/http_request.zip
MergeParallelOutput:
handler: lambda_function.lambda_handler
name: _socless_merge_parallel_output
description: Merges the output from a Parallel state into a unified object
package:
artifact: .archives/functions/_merge_parallel_output.zip
SaveMessageResponseToken:
handler: lambda_function.lambda_handler
name: _socless_save_msg_resp_token
description: Save the task token created when the Socless Messages Response Activity state is used
environment:
AWAIT_MESSAGE_RESPONSE_ARN:
Ref: AwaitMessageResponseActivity
MESSAGE_RESPONSES_TABLE:
Ref: MessageResponsesTable
package:
artifact: .archives/functions/_save_msg_resp_token.zip
Counter:
handler: lambda_function.lambda_handler
name: _socless_counter
description: Simple counter functionality
package:
artifact: .archives/functions/counter.zip
SetInvestigationStatus:
handler: lambda_function.lambda_handler
name: socless_set_investigation_status
environment:
SOCLESS_EVENTS_TABLE:
Ref: EventsTable
description: Socless integration to set an investigations status
package:
artifact: .archives/functions/set_investigation_status.zip
Playground:
handler: lambda_function.lambda_handler
name: _socless_playground
description: Function for playing around with Socless' Configuration
package:
artifact: .archives/functions/playground.zip
AddCustomMapping:
handler: lambda_function.lambda_handler
name: socless_add_custom_mapping
description: Add a custom mapping to the CustomMappings Table
environment:
SOCLESS_CUSTOM_MAPPINGS_TABLE:
Ref: CustomMappingsTable
package:
artifact: .archives/functions/add_custom_mapping.zip
QueryCustomMapping:
handler: lambda_function.lambda_handler
name: socless_query_custom_mapping
description: Retrieve a custom mapping from the CustomMappings Table
environment:
SOCLESS_CUSTOM_MAPPINGS_TABLE:
Ref: CustomMappingsTable
package:
artifact: .archives/functions/query_custom_mapping.zip
CreateEvents:
handler: lambda_function.lambda_handler
name: socless_create_events
description: Create events from within a playbook
memorySize: 512
timeout: 300
environment:
SOCLESS_EVENTS_TABLE:
Ref: EventsTable
SOCLESS_PLAYBOOKS_TABLE:
Ref: PlaybooksTable
package:
artifact: .archives/functions/create_events.zip
SetupGlobalStateForDirectInvokedPlaybook:
handler: lambda_function.lambda_handler
name: _socless_setup_global_state_for_direct_invoked_playbook
description: "PRIVATE USAGE FOR SOCLESS INTERNAL API: used by sls-apb to support directly invoking playbooks without create_events."
memorySize: 128
timeout: 120
package:
artifact: .archives/functions/_setup_global_state_for_direct_invoked_playbook.zip
CacheResults:
handler: lambda_function.lambda_handler
name: socless_cache_results
description: Cache return results
package:
artifact: .archives/functions/cache_results.zip
SavePlaybookExecutionLogs:
handler: lambda_function.lambda_handler
name: _socless_ship_playbook_logs
description: Ships SOCless Playbook executions logs from the log group to S3
memorySize: 1024
timeout: 120
environment:
SOCLESS_LOGS:
Ref: SoclessLogs
package:
artifact: .archives/functions/_ship_playbook_logs.zip
events:
- cloudwatchLog:
logGroup: ${{self:custom.playbooksLogGroupName}}
SoclessLogFindings:
handler: lambda_function.lambda_handler
name: socless_log_findings
description: Generate and upload SOCless log findings to a logging bucket
memorySize: 512
timeout: 60
environment:
SOCLESS_Logs:
Ref: SoclessLogs
package:
artifact: .archives/functions/socless_log_findings.zip
AWSRequest:
handler: lambda_function.lambda_handler
name: socless_aws_request
description: Make requests against AWS APIs
environment:
SOCLESS_Logs:
Ref: SoclessLogs
package:
artifact: .archives/functions/aws_request.zip