-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathserverless.yml
70 lines (67 loc) · 1.54 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
service: ecr-scan-lambda
provider:
name: aws
runtime: go1.x
timeout: 20
region: ${env:AWS_REGION}
memorySize: 128
stage: ${opt:stage, 'production'}
environment:
ENV: ${self:provider.stage}
logRetentionInDays: 30
iamRoleStatements:
- Effect: "Allow"
Action:
- ecr:GetAuthorizationToken
- ecr:DescribeRepositories
- ecr:ListImages
- ecr:DescribeImages
- ecr:DescribeImageScanFindings
- ecr:StartImageScan
- ecr:PutImageScanningConfiguration
- logs:PutLogEvents
- logs:CreateLogGroup
- logs:CreateLogStream
Resource: "*"
# - Effect: "Allow"
# Action:
# - sns:Publish
# Resources: "arn:aws:sns:${env:AWS_REGION}:*:${opt:sns-topic}"
package:
exclude:
- ./**
include:
- ./bin/**
functions:
ecr-report-lambda:
handler: bin/report-linux
environment:
ENV: ${self:provider.stage}
REGION: us-east-1
MINIMUM_SEVERITY: CRITICAL
IMAGE_TAG: latest
EXPORTERS: log
LOG_LEVEL: INFO
NUM_WORKERS: 2
#ECR_ID:
#SLACK_TOKEN:
#SLACK_CHANNEL:
#SNS_TOPIC_ARN:
#MAILGUN_API_KEY:
#MAILGUN_FROM:
#MAILGUN_RECIPIENTS:
events:
- schedule: cron(0 8 * * ? *)
enabled: true
ecr-scan-lambda:
handler: bin/scan-linux
environment:
ENV: ${self:provider.stage}
IMAGE_TAG: latest
LOG_LEVEL: INFO
NUM_WORKERS: 2
REGION: us-east-1
#ECR_ID:
events:
- schedule: cron(0 7 * * ? *)
enabled: true