You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
make lambdash-install create a new S3 bucket and upload the source code there, and make the CloudFormation template use the source code from the bucket
set S3ObjectVersion to a fixed value based on your current bucket and version
Right now, the CloudFormation template is using the "latest" version of "lambda/lambdash.zip" in bucket "run.alestic.com", and giving it a role in the users AWS account. If you wanted to be nasty, you could replace that with some exploit source code, which might be somewhat hard to detect. By hardcoding the version to be specific, anybody checking the contents of the zip can be convinced that the code is benign, and any changes to the hardcoded version can be seen in Git history.
The text was updated successfully, but these errors were encountered:
I would suggest either of two things:
lambdash-installcreate a new S3 bucket and upload the source code there, and make the CloudFormation template use the source code from the bucketS3ObjectVersionto a fixed value based on your current bucket and versionRight now, the CloudFormation template is using the "latest" version of "lambda/lambdash.zip" in bucket "run.alestic.com", and giving it a role in the users AWS account. If you wanted to be nasty, you could replace that with some exploit source code, which might be somewhat hard to detect. By hardcoding the version to be specific, anybody checking the contents of the zip can be convinced that the code is benign, and any changes to the hardcoded version can be seen in Git history.
The text was updated successfully, but these errors were encountered: