Cloning a GitHub repository to AWS CodeCommit | by Teri Radichel | Cloud Security | September 2023


ACM.322 First Draft — it works but don’t do it — We will make adjustments in future articles

Part of my series on Automation of cybersecurity measures. Lambda. Internet Security. GitHub Security. Container security. Deploy a static website. THE Coded.

Free content on Cybersecurity Jobs | Register at Broadcast list

In the last article I was trying to write this one when a yum problem popped up. I was wondering if there is a way to get updates from private IP addresses, among other things.

In this article, I will attempt to clone a repository from GitHub to AWS CodeCommit. Please note, this is not my final solution. This is the initial solution that “works”. In the next post, I hope to finally tackle something I’ve been planning to write about since almost the beginning of this series, but there are so many moving parts: MFA for running a batch job.

Remember that I have already covered the following points in previous articles:

* A Lambda function that runs a container.
* An ECR repository to store the container used by Lambda.
* An ECR policy to allow Lambda to access ECR.
* A Bash custom Lambda runtime that runs in the container.
* Error handling for our custom runtime.
* Credentials for our Lambda container locally outside of AWS Lambda.
* A private network with access through a NAT.
* A Lambda execution role with appropriate permissions.
* VPC Endpoints to access AWS Services including CodeCommit.
* VPC Endpoints that grant access to our Lambda execution role.
* A Service Control Policy to limit Lambda invocation to a private network.
* A KMS Key for our sandbox environment with appropriate policies for Lambda.
* A GitHub personal access token with limited access.
* Network restrictions to access the GitHub private repositories.
* A security group using a customer managed prefix list to access GitHub.

If you missed anything, the messages are listed here:

Leave a comment