This project contains source code and supporting files for a serverless application that you can deploy with the SAM CLI. It includes the following files and folders.
- SARChecker - folder with source code for SARChecker Lambda Function
- events - Invocation events that you can use to invoke the function.
- tests - Unit tests for the application code.
- template.yaml - A template that defines the application's AWS resources.
The application uses several AWS resources, including Lambda functions and an SNS Topic. These resources are defined in the template.yaml
file in this project. You can update the template to add AWS resources through the same deployment process that updates your application code.
SARChecker is a basic validation script that is used to validate the Serverless Application Repository applications from within your company are not shared and cannot be shared outside your organization. If SARChecker finds an application that does not follow these rules, it will send a message via SNS. Currently, the setup defines an sms message will be sent from SNS to a phone that is configured.
SARChecker is run on an event, currently configured for every hour. You can use sites like (AWS Docs)[https://docs.aws.amazon.com/eventbridge/latest/userguide/scheduled-events.html] to set your crontab appropriately.
SARChecker uses the serverlessrepo APIs to:
- Retrieve a listing of your Serveless Application Repository applications
- For each application, it: A. Checks policy to make sure it is not shared for Action:DEPLOY with a Principal of * with no OrgID B. Checks to make sure there is no License URL or SpdxId (these are needed to share the application outside of your organization)
If an application is found to invalidate the policy, an SNS message will be sent to the phone number that is registered from the template.
- Set the phone number to receive the SNS messages in template.yaml
Change the DefaultValue of the PhoneNumber variable in the Parameters section to be the phone you wish to receive messages on
- Set the timeout for the Lambda function in template.yaml
Change the DefaultValue of the Timeoutsetting variable in the Parameters section to be the appropriate timeout for you. This is currently configured for 15 minutes.
- Clone this Repo
- Use the sam build to build the application locally (sam build)
- Use sam package to build an output template file (sam package --s3-bucket --output-template-file <outputtemplate.yaml>)
- Use sam deploy to have the application deployed to your account (sam deploy --template-file <outputtemplate.yaml> --stackname --capabilities CAPABILITY_IAM)
aws cloudformation delete-stack --stackname