twilio-labs / socless Goto Github PK
View Code? Open in Web Editor NEWThe SOCless automation framework
License: Apache License 2.0
The SOCless automation framework
License: Apache License 2.0
Project currently has no test coverage. Unit tests should be added in order to reduce the likelihood of errors caused by any future changes.
"message_template": "`{context.artifacts.event.details.username}` logged in from `{context.results.Geolocate_IP.country_name}` at coordinates `{context.results.Geolocate_IP.latitude}`, `{context.results.Geolocate_IP.longitude}`"
should be
"message_template": "`{context.artifacts.event.details.username}` logged in from `{context.results.Geolocate_IP.country}` at coordinates `{context.results.Geolocate_IP.latitude}`, `{context.results.Geolocate_IP.longitude}`"
SOCless is deployed using the serverless framework. Currently, the IAM permissions needed to deploy SOCless are not defined. This often leads SOCless users to deploy using *
permissions.
To improve the security of the SOCless framework, SOCless needs a permissions template for the SOCless deployment role that SOCless users can use for deployment. The permissions template would ideally provide the least-privilege access needed to successfully deploy SOCless.
Acceptance Criteria:
Helpful Resoures:
The dynamoDB tables supporting SOCless should be encrypted at rest by default.
Same for S3:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
https://twilio-labs.github.io/socless/your-first-endpoint/
" At the bottom of the file, let’s configure a lambda function that:" - is a bit confusing when going through the demo and can lead to improperly updating your yml file. Probably makes sense to add a code block showing https://github.com/twilio-labs/socless-examples/blob/master/getting-started-tutorial/socless-tutorial/serverless.yml so its clear.
Project is missing a number of useful documentation files (CODE_OF_CONDUCT, CONTRIBUTING, ISSUE_TEMPLATE, PULL_REQUEST_TEMPLATE) and does not conform to a number of PEP8 standards.
Currently the project dosen't support the map state.
It would be really useful when a series of actions / integrations need to be applied to an array. It would reduce the number of steps needed in the playbook.
Currently IAM for lambda functions is done via serverless role/policy creation in serverless.yaml.
Would be a huge QoL improvement to simplify the creation of lambda roles for easier adherence to principle of least privilege.
This could be done by including a number of default lambda roles (EG if lambda layers are used, they always require lambda:getLayerVersion) with a fill-in-the-blanks section for the ARN of the resource as necessary.
Alternatively, a quick(ish) IAM win would be to include the creation of a policy and role for the tutorial in serverless.yaml.
Upon running npm run dev (even with the --force option), I receive the following :
file:///Users/m_a_t/socless/node_modules/lambda-packager/build/lib/packaging.js:126
throw new Error(errors.error);
^
Error: Directory of code to package does not exist: layers does not exist
at file:///Users/m_a_t/socless/node_modules/lambda-packager/build/lib/packaging.js:126:31
at step (file:///Users/m_a_t/socless/node_modules/lambda-packager/build/lib/packaging.js:43:23)
at Object.next (file:///Users/m_a_t/socless/node_modules/lambda-packager/build/lib/packaging.js:24:53)
at file:///Users/m_a_t/socless/node_modules/lambda-packager/build/lib/packaging.js:18:71
at new Promise ()
at __awaiter (file:///Users/m_a_t/socless/node_modules/lambda-packager/build/lib/packaging.js:14:12)
at makePackages (file:///Users/m_a_t/socless/node_modules/lambda-packager/build/lib/packaging.js:118:12)
at Object.handler (file:///Users/m_a_t/socless/node_modules/lambda-packager/build/src/main.js:93:9)
at Object.run (/Users/m_a_t/socless/node_modules/cmd-ts/dist/cjs/command.js:150:41)
at async runSafely (/Users/m_a_t/socless/node_modules/cmd-ts/dist/cjs/runner.js:38:24)
I am by no means an expert in JavaScript, but I do not understand the issue with the "throw new Error" line, and the files the second error prints, are indeed within the Socless folder.
The program continues until the next error as seen below:
[email protected] dev
serverless deploy $npm_package_config_dev --aws-profile $npm_package_config_aws_profile --verbose
StepFunctions logging not enabled. To ship playbook logs, set custom.sls_apb.logging = true in serverless.yml
Rendering State Machine for ./playbooks/socless_core_integration_test/playbook.json...
Error:
Non-object value specified in resources array: ${{file(resources/dynamodb.yml)}}
The dynamodb.yml file was untouched, and googling for the above error has not been fruitful thus far.
Any suggestions would be greatly appreciated.
Following the documentation to deploy Socless core infrastructure I am currently getting the following error:
Stack with id socless-dev does not exist
Have tried on two different environments (MacOS and Ubuntu 18) as follows:
Your Environment Information ---------------------------
Operating System: darwin
Node Version: 16.10.0
Framework Version: 2.57.0 (local)
Plugin Version: 5.4.4
SDK Version: 4.3.0
Components Version: 3.17.0
Your Environment Information ---------------------------
Operating System: linux
Node Version: 14.18.0
Framework Version: 2.57.0 (local)
Plugin Version: 5.4.4
SDK Version: 4.3.0
Components Version: 3.17.0
None of them managed to deploy the core infrastructure. I have also tried with no success to:
--force
command to the deploy commandAlso looked into the AWS Cloudtrail logs and I am getting a "ValidationException"
when making the API call to "DescribeStacks"
done by cloudformation with the same error message that serverless provides.
Look forward to some guidance in here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.