One of the great benefits of using AWS is the ability to automate almost everything you do, which is not limited to just AWS’ own services, but ecosystem partners like Snyk as well. We’re happy to announce our second AWS Quick Start, to help you get Snyk working with Amazon Elastic Container Registry (ECR) and AWS Lambda with just the click of a button.
Integrating Snyk with ECR and Lambda requires setting up roles that work for both the AWS service and for the Snyk service. While it’s not terribly hard to do, clicking back and forth between both interfaces and copying values from one console to another is nobody’s idea of a good time. The Snyk: Developer-first Security on the AWS Cloud Quick Start gives you three options:
Once deployed you can quickly obtain the remaining values for your ARN and AWS Region from the CloudFormation console outputs as shown below:
For the ECR integration, we create an IAM role that enables Snyk Container to access container images stored in ECR to scan for vulnerabilities. We create a read-only role with all the permissions outlined in our documentation and set up the necessary service integration between the Snyk service and your AWS region. From there, you can start scanning container images stored in your ECR registries and Snyk will help you select secure base images and clean up vulnerabilities in the image and code dependencies.
Integrating Snyk Open Source with Lambda is similar to how the Snyk Container and ECR integration is handled. We create an appropriate read-only IAM role, following our documented configuration, and then set up the Snyk Open Source and Lambda services to talk to each other. From there, you can scan and monitor your Lambda code for vulnerable dependencies, alerting you to problems and helping you fix them so that your functions stay secure.
To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. If you’d like to submit code, please review the Quick Start Contributor’s Guide.
You can get Snyk by signing up for a free account. For our paid tiers, both Snyk Open Source and Snyk Container are available to buy on the AWS Marketplace, as well as through private offers and custom contracts.
Keeping up with information can be challenging. With all these changes, you’re probably left wondering, “who can guide me through…
Security has become an integral part of any DevOps transformation. According to the Upskilling 2021: Enterprise DevOps Skills Report, DevSecOps…
Observability at enterprise scale brings with it additional application life cycle management requirements. Success requires knowing which changes result in…