Deploy a Lambda running a container using CloudFormation | by Teri Radichel | Cloud Security | September 2023


ACM.298 Leveraging ECR and our previous VPC with NAT deployment

Part of my series on Automation of cybersecurity measures. Container security. Deploy a static website. THE Coded.

Free content on Cybersecurity Jobs | Register at Broadcast list

In the last article, I took a break to discuss some web security issues and explained man-in-the-middle attacks and their relationship to TLS (formerly SSL) and HSTS.

Now let’s get back to finishing what I started so I can get my website deployment system up and running. In the post preceding my AppSec interrupt, I modified the ECR policy to allow Lambda to pull container images from it.

In this article, I will deploy a Lambda that leverages a container using CloudFormation. I admit I got a little stuck on this post because I’m trying to figure out how to make things easier in the long run. But I need to go through the process and think about it a little more before coming up with a final solution. Configure this one among a number of blog posts that will hopefully result in a reusable solution in the end. But with this article you will have a working model.

I’m going to pull the image I uploaded to ECR for testing and then try to run the Lambda function. The initial Lambda function should not require any network access to simplify testing the basic functionality of fetching and running a container from ECR.

Here is the CloudFormation for a Lambda function.

Leave a comment