To understand how it works better, let’s start by deploying the serverless app on your AWS environment ☁️
Open the Trend Micro Cloud One console and select the Application Security tile.
The Application Security agent has been automatically added in the CloudFormation template. The steps used to deploy the agent will be covered later in the workshop.
c1as-lambda-workshop
https://agents.us-1.application.cloudone.trendmicro.com/
In Trend Micro Cloud One Console
In Trend Micro Cloud One Console
⚠️ In our use case we are using Region US-1(US) on Trend Micro Cloud One. If you will be using a different region, please change the URL to your proper region based on the Trend Micro Cloud One documentation
You have successfully deployed the vulnerable serverless application on Lambda. This web app serves as learning tool and alerts you that the app is not secure, as opposed to real-world applications, which are not as illuminating.
Lambda provides two ways to package and deploy the serverless functions:
📌 For more information on Container Images to protect Lambda click here
When Lambda functions are packaged as an archive, the runtime protection can be enabled by configuring the Lambda function to include the Application Security layer for Lambda, which contains the security algorithms that are protecting the functions.
Adding protection to your Lambda function is simple and only requires adding the Application Security layer and adding the required configuration for the handler and the security layer (without any change to the function source code). The installation and configuration are dependent on the function programming language and on the version of Amazon Linux.
To configure the agent protection layer, you need the Amazon Resource Name (ARN) for the Application Security runtime.
As you see above, we added the Application Security agent layer specific to Python:
- arn:aws:lambda:<‘aws region’>:800880067056:layer:CloudOne-ApplicationSecurity-python:1
For Lambda protection, Application Security provides support for both Python and NodeJS. See more here
To deploy the CloudFormation template, these parameters are required for a successful agent connection.
For advanced Lambda configuration please see our documentation here
The Lambda function will only show as active when it is being used or triggered to process an event. The status light will be remain inactive (grey) until a request is made, triggering the Application Security agent