aws-samples / aws-serverless-security-workshop Goto Github PK

The current export under "Downloading the latest Java jdk" reads:

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.42.amzn1.x86_64/jre

... however this causes the error "We cannot execute /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.42.amzn1.x86_64/jre/bin/java". The exports needs to be updated to:

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-0.43.amzn1.x86_64/jre

The purpose of this workshop is to teach security concepts, but a quick skim shows a lambda being giving cognito-idp:* on * and dynamodb:* on *. These should be trimmed up.

The CloudFormation deployment fails with "instances cannot be added to Aurora Serverless clusters".
As diving a bit deeper in to the issue the db.t2.small is not available in eu-west-1. Also the deployment tries to create serverless cluster which doesn't accept instances to be added.

db.t2.small -> db.t3.small

engine: aurora -> engine: aurora-mysql

Hi,

An error message displayed when I try to open the SVS305-Secure-Serverless.pdf Please check.

On module 1E, Step 2, it says:
"In the Edit Folder window that pops up, go to Authorization tab, and change the Auth Type to OAuth 2.0, then click Get New Access Token"

You should not click "Get New Access Token" until step 3 is completed, otherwise you will be making an empty request that will fail.
https://github.com/aws-samples/aws-serverless-security-workshop/tree/master/docs/01-add-authentication#module-1e-use-the-admin-client-to-register-new-partner-companies

Under "Dependency vulnerability with OWASP Dependency Check" --> "Downloading the tool", update bullet #2 so the wget command reads:

wget -O dependency-check-5.1.0-release.zip http://dl.bintray.com/jeremy-long/owasp/dependency-check-5.1.0-release.zip

The existing version errors out with - "[ERROR] The download was interrupted; unable to complete the update".

Compiling of website code for Wild Ryde failed when I went through the project due to the use of the withRouter method, which is no longer in the react-router-dom library.

found 1 high severity vulnerability
run npm audit fix to fix them, or npm audit for details
High │ Regular Expression Denial of Service
Package │ minimatch
More info │ https://npmjs.com/advisories/118

Got the notification that it's using the old certificate for RDS. Can the template be updated to handle this?

On Module-0F, step 2.
Should add an instruction to add InitResourceStack bash variable so that users do not need to replace deployment command from InitResourceStack=Secure-Serverless to InitResourceStack=mod-xxxx.

eg. InitResourceStack=$InitResourceStack

Module 1
nodejs8.10 is no longer a supported runtime - which causes SAM to fail to update the stackset.

Runtime: nodejs8.10

From December 04, 2023, you will be required to include the imageId parameter for the CreateEnvironmentEC2 action. This change will be reflected across all direct methods of communicating with the API, such as AWS SDK, AWS CLI and AWS CloudFormation.

Unable to create the CloudFormation stack without this new parameter.

On the "Module-0E: Run your serverless application locally with SAM Local", we are making reference to using AWS Resources, which is disabled by default since Cloud9 uses AWS Toolkit since 2020.

Page: https://github.com/aws-samples/aws-serverless-security-workshop/tree/master/docs/00-initial-setup

"For Lambda functions, the AWS Resources window will soon be replaced by the AWS Toolkit for Cloud9. Try it now by chooshing Preferences > AWS Settings > AWS Toolkit" Reference to Toolkit: https://docs.aws.amazon.com/cloud9/latest/user-guide/toolkit-welcome.html