snyk serverless ci/cd for the enterprise on the aws cloud · 2 days ago · page 1 of 22 snyk...
TRANSCRIPT
Page 1 of 22
Snyk Serverless CI/CD for the Enterprise on the AWS Cloud
Quick Start Reference Deployment
July 2020
Jay Yeras, Snyk
Dylan Owen, AWS Quick Start team
Visit our GitHub repository for source files and to post feedback,
report bugs, or submit feature ideas for this Quick Start.
Contents
Overview ................................................................................................................................... 2
Snyk on AWS ......................................................................................................................... 3
Cost and licenses ................................................................................................................... 4
Architecture .............................................................................................................................. 5
Planning the deployment ......................................................................................................... 7
Specialized knowledge .......................................................................................................... 7
AWS account ......................................................................................................................... 7
Technical requirements ........................................................................................................ 8
Deployment steps ..................................................................................................................... 9
Step 1. Prepare your AWS account ........................................................................................ 9
Step 2. Get your Snyk organization ID ............................................................................... 10
Step 3. Enable cross-account access .................................................................................... 11
Create IAM roles in the development account ................................................................. 11
Create IAM roles in the production account .................................................................... 13
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 2 of 22
Step 4. Deploy resources ...................................................................................................... 15
Step 5. Test your CI/CD pipeline ........................................................................................ 18
AWS Solutions Consulting Offer .............................................................................................19
Troubleshooting ......................................................................................................................19
For further assistance ............................................................................................................. 20
Send us feedback .................................................................................................................... 20
Additional resources ............................................................................................................... 20
Document revisions ................................................................................................................. 21
This Quick Start was created by Snyk in collaboration with Amazon Web Services (AWS).
It is based on a Quick Start created by Trek10 in collaboration with AWS.
Quick Starts are automated reference deployments that use AWS CloudFormation
templates to deploy key technologies on AWS, following AWS best practices.
Overview
This Quick Start reference deployment guide provides step-by-step instructions to enable
integration between your Snyk organization and deployed AWS Lambda functions in your
AWS accounts.
The Quick Start is intended for users who want to use the Snyk software as a service (SaaS)
AWS integrations to secure their applications by finding, fixing, and monitoring potential
vulnerabilities in open-source dependencies. It builds a continuous integration and
continuous delivery (CI/CD) environment on the AWS Cloud. The Quick Start is based on
and deploys the resources in the Serverless CI/CD Quick Start created by Trek10.
Please know that we may share who uses AWS Quick Starts with the APN Partners that
collaborated with AWS on the content of the Quick Start.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 3 of 22
Snyk on AWS
Many companies embrace open-source software packages and libraries even when building
proprietary applications. Benefits include transparency, cost savings, flexibility, and a faster
time to market. Often, a developer’s own code is a small core within an application that is
primarily open source. So it’s not surprising that developers sometimes inadvertently
introduce vulnerabilities into a code base through open-source repositories that are
maintained in a distributed fashion by people with varying levels of security expertise.
These vulnerabilities open up applications to attacks downstream.
With Snyk, you can build security into your continuous-development process.
Following AWS best practices for isolating resources, this Quick Start requires you to create
three AWS accounts (subaccounts): development, shared services, and production. As
shown in Figure 1, you deploy AWS Identity and Access Management (IAM) roles and
policies into these AWS accounts to grant your Snyk organization access to the Lambda
resources in these accounts. (Depending on the workflow of your CI/CD pipeline, you may
want to integrate additional services as well.) This cross-account access establishes
integrations that secure your CI/CD pipeline so that you can use Snyk to perform security
scans of your applications.
Figure 1: AWS accounts integrated with Snyk
In addition, this Quick Start creates a serverless CI/CD environment. See the Trek10
Serverless CI/CD Quick Start deployment guide for details on the resources deployed.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 4 of 22
Cost and licenses
You are responsible for the cost of the AWS services used while running this Quick Start
reference deployment. There is no additional cost for using the Quick Start.
The AWS CloudFormation template for this Quick Start includes configuration parameters
that you can customize. Some of these settings, such as instance type, affect the cost of
deployment. For cost estimates, see the pricing pages for each AWS service you will be
using. Prices are subject to change.
Tip: After you deploy the Quick Start, we recommend that you enable the AWS Cost
and Usage Report. This report delivers billing metrics to an Amazon Simple Storage
Service (Amazon S3) bucket in your account. It provides cost estimates based on
usage throughout each month and finalizes the data at the end of the month. For
more information about the report, see the AWS documentation.
Snyk, called Snyk: Developer-First Security in the AWS Marketplace, is fulfilled as a SaaS
offering. SaaS is a delivery model for software applications whereby the vendor hosts and
operates the application over the internet. Customers pay for using the software without
owning the underlying infrastructure. With SaaS contracts, customers pay for usage
through their AWS bill.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 5 of 22
Architecture
Deploying this Quick Start with default parameters builds the following Snyk serverless
CI/CD environment in the AWS Cloud.
Figure 2: Quick Start architecture for Snyk serverless CI/CD on AWS
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 6 of 22
As shown in Figure 2, the Quick Start integrates your Lambda functions into your Snyk
organization. In addition, using the Trek10 Quick Start as a submodule, it automatically
sets up the following:
• IAM users, roles, and groups that control access to pipeline operations and deployed
resources. These IAM users, roles, and groups are in the following AWS accounts:
– The development account, a staging environment for developing your serverless-
application code.
– The shared services account, which hosts the core deployment infrastructure and
serverless-application source code.
– The production account, into which you deploy your final production code.
• An AWS CodeCommit repository for storing application code.
• AWS Secrets Manager to store sensitive configuration data in a central location.
• Amazon S3 buckets for pipeline artifacts.
• Integration with other AWS services such as AWS Key Management Service
(AWS KMS), Lambda, and Amazon Simple Notification Service (Amazon SNS).
• A dynamic branch pipeline that uses AWS CodePipeline to deploy and test new feature
code in Git branches as well as AWS CodeBuild and AWS CodeDeploy configurations for
building, deploying, and testing serverless applications.
• A master code pipeline that deploys to multiple AWS accounts, using AWS CodePipeline
as well as AWS CodeBuild and AWS CodeDeploy configurations for building, deploying,
and testing serverless applications.
• A sample serverless application that uses Lambda, Amazon API Gateway, and Amazon
DynamoDB.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 7 of 22
Planning the deployment
Specialized knowledge
This Quick Start assumes familiarity with the following concepts:
• Version-control concepts, using Git or another distributed-source-code-management
tool.
• CI/CD best practices, including automated testing and code promotion.
• Serverless concepts and services, including AWS Lambda and AWS Serverless
Application Model (AWS SAM).
• Container registry and working with Docker images.
This deployment guide also requires a moderate level of familiarity with these services:
AWS Lambda, AWS CodePipeline, AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy,
Amazon S3, and IAM. If you’re new to AWS, visit the Getting Started Resource Center and
the AWS Training and Certification website for materials and programs that help you
develop the skills to design, deploy, and operate your infrastructure and applications on the
AWS Cloud.
AWS account
If you don’t already have an AWS account, create one at https://aws.amazon.com by
following the on-screen instructions. Part of the sign-up process involves receiving a phone
call and entering a PIN using the phone keypad.
Your AWS account is automatically signed up for all AWS services. You are charged only for
the services you use.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 8 of 22
Technical requirements
Before you launch the Quick Start, configure your AWS account as specified in the following
table. Otherwise, deployment might fail.
AWS accounts This Quick Start follows AWS multiaccount best practices for isolation of resources. You
these three AWS accounts (subaccounts) must be ready to use:
• Development account: This is a staging environment for developing your
application code.
• Shared services account: This hosts the core deployment infrastructure
and application source code.
• Production account: The final production code for your application is
deployed into this account.
To prepare these accounts, see Step 1 of the deployment section.
Resources If necessary, request service quota increases for the following resources. You might
need to do this if an existing deployment uses these resources, and you might exceed the
default quotas with this deployment. The Service Quotas console displays your usage
and quotas for some aspects of some services. For more information, see the AWS
documentation.
Resource This deployment uses
IAM roles 9
Regions This deployment includes AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS
CodeCommit, and AWS Secrets Manager, which aren’t currently supported in all AWS
Regions. For a current list of supported Regions, see the service endpoints and quotas
page in the AWS documentation.
IAM permissions Before launching the Quick Start, you must log in to the AWS Management Console
with IAM permissions for the resources and actions the templates deploy. The
AdministratorAccess managed policy within IAM provides sufficient permissions,
although your organization may choose to use a custom policy with more restrictions.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 9 of 22
Deployment steps
Step 1. Prepare your AWS account
1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has
the necessary permissions. For details, see Planning the deployment earlier in this
guide.
2. Make sure that your AWS account is configured correctly, as discussed in the Technical
requirements section.
3. Set up accounts (subaccounts) for development, shared services, and production:
a. Open the AWS Organizations console at
https://console.aws.amazon.com/organizations/. Follow the instructions in the
AWS documentation to create an organization.
b. Follow the instructions in the AWS documentation to create three accounts:
development, shared services, and production. If you have a large development
organization, consider creating separate sets of these three accounts for each
business unit or logical grouping of applications.
c. Save the AWS account IDs for all three accounts (development, shared services, and
production). You will use these in a later step. For additional information, see
Finding your AWS account ID in the AWS documentation.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 10 of 22
Step 2. Get your Snyk organization ID
This Quick Start requires that you have a Snyk login or subscription. If you don't have a
Snyk login, open the page for Snyk: Developer-First Security in AWS Marketplace, and
choose Continue to Subscribe. Review the terms and conditions for software usage, and
choose Accept Terms. A confirmation page loads, and an email confirmation is sent to the
account owner. For detailed subscription instructions, see the AWS Marketplace
documentation.
1. Sign in to your Snyk account.
2. Select the Settings tab. Under Organization ID, choose Copy, as shown in Figure 3.
3. Paste this ID some place where you can find it when you need it (in Step 3. Enable cross-
account access).
Figure 3: Snyk settings, organization ID
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 11 of 22
Step 3. Enable cross-account access
In Step 1, you created development and production accounts. Now you need to deploy four
IAM roles (“child-account roles”)—a Trek10 role in each account and a Snyk role in each
account. You will name the two Trek10 roles; the names of the Snyk roles are generated.
These IAM roles enable Snyk integration and cross-account access from the shared services
account. The Quick Start includes AWS CloudFormation templates that automatically
create these roles for you.
CREATE IAM ROLES IN THE DEVELOPMENT ACCOUNT
1. Sign in to the development account as a user with IAM permissions to create a
CloudFormation stack and IAM roles.
2. Choose Deploy to launch the AWS CloudFormation template to create the Snyk and
Trek10 IAM roles:
Deploy the template for the Snyk and Trek10
IAM roles in the development account
The deployment takes about two minutes to complete.
3. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar,
and change it if necessary. The template is launched in the US East (N. Virginia) Region
by default.
Note: This deployment includes AWS CodePipeline, AWS CodeBuild, AWS
CodeDeploy, AWS CodeCommit, and AWS Secrets Manager, which aren’t currently
supported in all AWS Regions. For a current list of supported Regions, see the
Service endpoints and quotas webpage.
4. On the Create stack page, keep the default setting for the template URL. Choose Next.
5. On the Specify stack details page, change the stack name if needed. Review the
parameters for the template. Provide values for the parameters that require input. For
all other parameters, review the default settings and customize them as necessary.
Dev account IAM roles
Deploy
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 12 of 22
View template
Snyk configuration:
Parameter label
(name)
Default Description
Snyk organization ID
(SnykExternalId)
Requires input You may find this by logging in to https://app.snyk.io and
navigate to Settings.
Trek10 Serverless CI/CD:
Parameter label
(name)
Default Description
Shared services
account ID
(CentralAwsAccountId)
Requires input The AWS account ID of the shared services account. For
guidance, see Finding Your AWS Account ID in the AWS
documentation.
Child account role
name
(ChildAccountRoleName)
ChildAccountRole The name of the role to create in the account. This name must
be unique in the account.
AWS Quick Start configuration:
Note: We recommend keeping these default settings for the “AWS Quick Start
configuration” parameters, unless you are customizing the Quick Start templates for
your own deployment projects. Changing these parameter settings automatically
updates code references to point to a new Quick Start location. For details, see the
AWS Quick Start Contributor’s Guide.
Parameter label
(name)
Default Description
Quick Start S3
bucket name
(QSS3BucketName)
aws-quickstart S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-).
It cannot start or end with a hyphen (-).
Quick Start S3
bucket Region
(QSS3BucketRegion)
us-east-1 The AWS Region where the Quick Start S3 bucket
(QSSBucketName) is hosted. When using your own bucket,
you must specify this value.
Quick Start S3
key prefix
(QSS3KeyPrefix)
quickstart-snyk-
serverless/
S3 key name prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters,
hyphens (-), dots (.), and forward slashes (/).
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 13 of 22
6. When you finish reviewing and customizing the parameters, choose Next.
7. On the options page, you can specify tags (key-value pairs) for resources in your stack,
set permissions, and set advanced options. When you’re done, choose Next.
8. On the Review page, review and confirm the template settings. Under Capabilities,
select the two check boxes to acknowledge that the template creates IAM resources and
might require the capability to automatically expand macros.
9. Choose Create stack to deploy the stack.
10. Monitor the status of the stack. When the status is CREATE_COMPLETE, the
deployment is done.
11. Sign out of the development account.
CREATE IAM ROLES IN THE PRODUCTION ACCOUNT
1. Sign in to the production account as a user with IAM permissions to create a
CloudFormation stack and IAM roles.
2. Choose Deploy to launch the AWS CloudFormation template to create the Snyk and
Trek10 IAM roles:
Deploy the template for the Snyk and Trek10
IAM roles in the production account
The deployment takes about two minutes to complete.
3. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar.
If it’s not the same as the AWS Region you used in the development account, change it
to match.
4. On the Create stack page, keep the default setting for the template URL, and then
choose Next.
5. On the Specify stack details page, change the stack name if needed. Review the
parameters for the template. Provide values for the parameters that require input. For
all other parameters, review the default settings and customize them as necessary.
Prod account IAM roles
Deploy
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 14 of 22
View template
Snyk configuration:
Parameter label
(name)
Default Description
Snyk organization ID
(SnykExternalId)
Requires input You may find this by logging in to https://app.snyk.io and
navigate to Settings.
Trek10 Serverless CI/CD:
Parameter label
(name)
Default Description
Shared services
account ID
(CentralAwsAccountId)
Requires input The AWS account ID of the shared services account. For
guidance, see Finding Your AWS Account ID in the AWS
documentation.
Child account role
name
(ChildAccountRoleName)
ChildAccountRole The name of the role to create in the account. This name must
be unique in the account.
AWS Quick Start configuration:
Note: We recommend keeping these default settings for the “AWS Quick Start
configuration” parameters, unless you are customizing the Quick Start templates for
your own deployment projects. Changing these parameter settings automatically
updates code references to point to a new Quick Start location. For details, see the
AWS Quick Start Contributor’s Guide.
Parameter label
(name)
Default Description
Quick Start S3
bucket name
(QSS3BucketName)
aws-quickstart S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-).
It cannot start or end with a hyphen (-).
Quick Start S3
bucket Region
(QSS3BucketRegion)
us-east-1 The AWS Region where the Quick Start S3 bucket
(QSSBucketName) is hosted. When using your own bucket,
you must specify this value.
Quick Start S3
key prefix
(QSS3KeyPrefix)
quickstart-snyk-
serverless/
S3 key name prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters,
hyphens (-), dots (.), and forward slashes (/).
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 15 of 22
6. When you finish reviewing and customizing the parameters, choose Next.
7. On the options page, you can specify tags (key-value pairs) for resources in your stack,
set permissions, and set advanced options. When you’re done, choose Next.
8. On the Review page, review and confirm the template settings. Under Capabilities,
select the two check boxes to acknowledge that the template creates IAM resources and
might require the capability to automatically expand macros.
9. Choose Create stack to deploy the stack.
10. Monitor the status of the stack. When the status is CREATE_COMPLETE, the
deployment is complete.
11. Sign out of the production account.
Step 4. Deploy resources
1. Sign in to the AWS shared services account as a user with IAM permissions to create
resources in several AWS services. We recommend using the AdministratorAccess
managed policy.
2. Choose Deploy to launch the AWS CloudFormation template to deploy resources
across all three accounts (development, shared services, and production):
Launch the AWS CloudFormation template
that deploys resources across all three accounts
Note: This deployment includes AWS CodePipeline, AWS CodeBuild, AWS
CodeDeploy, AWS CodeCommit, and AWS Secrets Manager, which aren’t currently
supported in all AWS Regions. For a current list of supported regions, see the
endpoints and quotas webpage.
The deployment takes 10–15 minutes to complete.
3. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar.
If it’s not the same as the AWS Region you used before, change it to match.
Resources Deploy
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 16 of 22
4. On the Create stack page, keep the default setting for the template URL, and then
choose Next.
5. On the Specify stack details page, change the stack name if needed. Review the
parameters (described in the following tables) for the template. Provide values for the
parameters that require input. For all other parameters, review the default settings and
customize them as necessary.
View template
Snyk configuration:
Parameter label
(name)
Default Description
Snyk organization ID
(SnykExternalId)
Requires input You may find this by logging in to https://app.snyk.io and
navigate to Settings.
Application configuration:
Parameter label
(name)
Default Description
Application name
(AppName)
Sample Application name, used for the repository and child stack name.
Accounts configuration:
Parameter label
(name)
Default Description
Development account
ID (child)
(DevAwsAccountId)
Requires input Enter the AWS account ID for your development account. For
guidance, see Finding Your AWS Account ID in the AWS
documentation.
Development account
role name
(DevChildAccountRole
Name)
ChildAccountRole Name of role created by ChildAccountRole template in your
development account.
Production account
ID (child)
(ProdAwsAccountId)
Requires input AWS account ID for your production account.
Production account
role name
(ProdChildAccountRole
Name)
ChildAccountRole Name of role created by ChildAccountRole template in your
development account.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 17 of 22
Pipeline configuration:
Parameter label
(name)
Default Description
Build image
(BuildImageName)
aws/codebuild/
nodejs:10.1.0
Docker image for application build.
AWS Quick Start configuration:
Note: We recommend keeping these default settings for the “AWS Quick Start
configuration” parameters, unless you are customizing the Quick Start templates for
your own deployment projects. Changing these parameter settings automatically
updates code references to point to a new Quick Start location. For details, see the
AWS Quick Start Contributor’s Guide.
Parameter label
(name)
Default Description
Quick Start S3
bucket name
(QSS3BucketName)
aws-quickstart S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-).
It cannot start or end with a hyphen (-).
Quick Start S3
bucket Region
(QSS3BucketRegion)
us-east-1 The AWS Region where the Quick Start S3 bucket
(QSSBucketName) is hosted. When using your own bucket,
you must specify this value.
Quick Start S3
key prefix
(QSS3KeyPrefix)
quickstart-snyk-
serverless/
S3 key name prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters,
hyphens (-), dots (.), and forward slashes (/).
6. When you finish reviewing and customizing the parameters, choose Next.
7. On the options page, you can specify tags (key-value pairs) for resources in your stack
and set advanced options. When you’re done, choose Next.
8. On the Review page, review and confirm the template settings. Under Capabilities,
select the two check boxes to acknowledge that the template creates IAM resources and
might require the ability to automatically expand macros.
9. Choose Create stack to deploy the stack.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 18 of 22
10. Monitor the status of the stack. When the status is CREATE_COMPLETE, the
deployment is done.
11. Use the Amazon Resource Name (ARN) displayed in the Outputs tab for the stack, as
illustrated in Figure 4, to view the resources that were created. Copy the value to your
clipboard.
Figure 4: Snyk outputs after successful deployment
12. Return to the Snyk console, choose Settings, Integrations. Paste in the ARN you
copied in the previous step, as illustrated in Figure 5, for the AWS Lambda integration.
Choose Save.
Figure 5: Enable AWS Lambda integration
Step 5. Test your CI/CD pipeline
Test the deployment of the CI/CD pipeline as documented in the Trek10 deployment guide.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 19 of 22
AWS Solutions Consulting Offer
This Quick Start provides a self-service reference architecture that can be used in
production environments. For users who would like to explore additional use cases or who
require consulting services, an AWS Solutions Consulting Offer is available.
Troubleshooting
Q. I encountered a CREATE_FAILED error when I launched the Quick Start.
A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the
template with Rollback on failure set to No. (This setting is under Advanced in the
AWS CloudFormation console, Options page.) With this setting, the stack’s state will be
retained and the instance will be left running, so you can troubleshoot the issue.
Important: When you set Rollback on failure to No, you will continue to incur
AWS charges for this stack. Please make sure to delete the stack when you finish
troubleshooting.
For additional information, see Troubleshooting AWS CloudFormation on the AWS
website.
Q. I encountered a size limitation error when I deployed the AWS CloudFormation
templates.
A. We recommend that you launch the Quick Start templates from the links in this guide or
from another S3 bucket. If you deploy the templates from a local copy on your computer or
from a location other than an S3 bucket, you might encounter template size limitations
when you create the stack. For more information about AWS CloudFormation limits, see
the AWS documentation.
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 20 of 22
For further assistance
In addition to this Quick Start guide, please search the Snyk Knowledge Center for detailed
product documentation. You can also email [email protected] for technical support and
guidance.
Additionally, Trek10 offers architectural guidance, engineering, and 24/7 operational
support for AWS. If you are interested in a further engagement with Trek10 to deploy and
manage your serverless application infrastructure, see the Serverless Developer
Acceleration offering from Trek10, or contact Trek10 at https://www.trek10.com/contact.
Send us feedback
To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub
repository for this Quick Start. If you’d like to submit code, please review the Quick Start
Contributor’s Guide.
Additional resources
AWS resources
• Getting Started Resource Center
• AWS general reference
• AWS glossary
AWS services
• AWS CloudFormation
• AWS CodeBuild
• AWS CodeDeploy
• AWS CodeCommit
• AWS CodePipeline
• AWS KMS
• AWS Secrets Manager
• AWS Lambda
• IAM
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 21 of 22
Snyk documentation
• AWS Lambda integration
Serverless application development
• Introduction to serverless computing
• AWS Serverless Application Model (AWS SAM)
• AWS Serverless Application Repository
• Additional example AWS SAM apps
Other Quick Start reference deployments
• AWS Quick Start home page
Document revisions
Date Change In sections
July 2020 Initial publication —
Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020
Page 22 of 22
© 2020, Amazon Web Services, Inc. or its affiliates, and Snyk. All rights reserved.
Notices
This document is provided for informational purposes only. It represents AWS’s current product offerings
and practices as of the date of issue of this document, which are subject to change without notice. Customers
are responsible for making their own independent assessment of the information in this document and any
use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether
express or implied. This document does not create any warranties, representations, contractual
commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities
and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of,
nor does it modify, any agreement between AWS and its customers.
The software included with this paper is licensed under the Apache License, Version 2.0 (the "License"). You
may not use this file except in compliance with the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/ or in the "license" file accompanying this file. This code is distributed
on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing permissions and limitations under the License.