We are open to contributions, check our good first issues!
🚨 [NEW]sls-mentor 3.0 is in alpha! 🚨
Visualize you AWS serverless application like never before
npx sls-mentor@alpha -p <AWS_CLI_PROFILE>
Weekly pre-releases, we need your feedback and feature requests!
⬇️ Back to sls-mentor v2 ⬇️
Just because you don't see something, doesn't mean it doesn't exist
Anonymous on Tumblr - 2012
sls-mentor is a tool that analyzes the configuration of your AWS resources against best practice rules.
sls-mentor solves problems before they occur, and optimizes your app’s performances and costs.
Check our website for more information!
Install sls-mentor on your project and customize your experience 🔎
yarn add -D sls-mentor
Select the cloudformation stacks you want to check using -c option
yarn sls-mentor -c {YOUR_AWS_STACK_NAME_1} {YOUR_AWS_STACK_NAME_2}
Filter the checked resources by tags using the -t option
yarn sls-mentor -t Key={TAG_KEY},Value={TAG_VALUE}
Specify an AWS profile or an AWS region using -p and -r options
yarn sls-mentor -p {YOUR_AWS_PROFILE} -c {YOUR_AWS_STACK_NAME} -r {YOUR_AWS_REGION}
📚 More information about local runs of sls-mentor
Run sls-mentor as a periodic check on your CI 📟
The command you want to run in your pipeline is:
yarn sls-mentor -p {YOUR_AWS_PROFILE} -c {YOUR_AWS_STACK_NAME} -r {YOUR_AWS_REGION} -l {YOUR_DESIRED_LEVEL}
Github actions, Circle CI, Gitlab CI configuration snippets coming soon 🚀
- Ensure that the CI/CD runner has an AWS profile configured, with ReadOnlyAccess privileges.
- If the region is not configured for that profile, make sure to specify it using the -r flag in the command.
Rules featured by sls-mentor 📏
- AWS Lambda:
-
Lambda: Use ARM64 architecture: checks that you're using ARM64 architectures for your Lambda functions. -
Lambda: No shared IAM roles: checks that each one of your Lambda functions has its own IAM role. -
Lambda: Limited amount of versions: checks that you do not store all previous deployment versions for your Lambda functions. -
Lambda: Specify failure destination to async functions: checks that each one of your async Lambda functions has a failure destination. -
Lambda: No identical code: checks that each one of your Lambda functions has different code. -
Lambda: Light bundle: checks that each one of your Lambda functions' bundles is reasonably small. -
Lambda: Under maximum memory: checks that each one of your Lambda functions' memory size is reasonably small. -
Lambda: No maximum timeout: checks that your Lambda functions' timeout is not set at the maximum available. -
Lambda: No provisioned concurrency: checks that no Lambda function has provisioned concurrency. concurrency. -
Lambda: No deprecated runtime: checks that your Lambda functions do not run on deprecated runtime.
-
- AWS S3:
-
S3: Use intelligent tiering: checks that each one of S3 buckets has intelligent tiering enabled. -
S3: Use HTTPS requests only: checks that users access buckets objects using SSL.
-
- AWS SQS:
-
SQS: Specify a DLQ on queues: checks that SQS queues have a dead-letter-queue specified in case of failure
-
- AWS Cognito:
-
Cognito: Sign-in case insensitivity: checks that your Cognito user pool is insensitive to user name case.
-
- AWS CloudWatch:
-
CloudWatch Log Groups: Defined logs retention duration: checks that each of your Log Groups has a defined log retention duration.
-
- AWS EventBridge:
-
EventBridge: Specified dead letter queue: checks that each Event Bridge Rule target has a dead letter queue.
-
- AWS CloudFront:
-
CloudFront: Enable security headers: checks that each CloudFront distributions have basic security headers enabled. -
CloudFront: SSL certificate associated: checks that each CloudFront distributions have a SSL certificate associated (IAM or ACM).
-
- AWS RDS:
-
RDS: Enable instance autoscaling: checks that RDS instances have autoscaling enabled.
-
- AWS Backup:
-
Backup: Defined Backup Retention Period or Transition to Cold Storage: checks that each rule of any Backup Plan has a defined retention period or transition to cold storage date.
-
- AWS API Gateway V2:
-
API Gateway: Use authorized routes: checks that each API Gateway route has an authorizer configured.
-
Check out our articles, to find out more:
- sls-mentor 1.0.0 available now! Your Free Open Source audit tool for AWS architectures! by Éloi
- That one AWS Lambda hidden configuration that will make you a Hero - sls-mentor is watching over you by Zineb
- AWS Lambda Versions : Time to clean up! - sls-mentor is watching over you by Pierre
- AWS Lambda 101: Shave That Bundle Down by Éloi
About sls-mentor 📰
sls-mentor is a Theodo Group project made for AWS Serverless developers by AWS Serverless developers. Original idea appeared at Aleios. sls-mentor was migrated to Typescript and enriched by Theodo.