Skip to main content

Simplify Snyk and AWS integration with our latest AWS Quick Start

Written by:
Jay Yeras

Jay Yeras

wordpress-sync/aws-feature-1

September 22, 2020

0 mins read

One of the great benefits of using AWS is the ability to automate almost everything you do, which is not limited to just AWS’ own services, but ecosystem partners like Snyk as well. We’re happy to announce our second AWS Quick Start, to help you get Snyk working with Amazon Elastic Container Registry (ECR) and AWS Lambda with just the click of a button.

wordpress-sync/blog-snyk-integration-ecr-aws-lambda

Skip the manual steps and get straight to the good stuff

Integrating Snyk with ECR and Lambda requires setting up roles that work for both the AWS service and for the Snyk service. While it’s not terribly hard to do, clicking back and forth between both interfaces and copying values from one console to another is nobody’s idea of a good time. The Snyk: Developer-first Security on the AWS Cloud Quick Start gives you three options:

  1. Full Snyk integration with both ECR and Lambda

  2. Integration with ECR only

  3. Integration with Lambda only

Once deployed you can quickly obtain the remaining values for your ARN and AWS Region from the CloudFormation console outputs as shown below:

wordpress-sync/blog-snyk-integration-ecr-aws-lambda-deploy

Snyk Container and AWS ECR integration

For the ECR integration, we create an IAM role that enables Snyk Container to access container images stored in ECR to scan for vulnerabilities. We create a read-only role with all the permissions outlined in our documentation and set up the necessary service integration between the Snyk service and your AWS region. From there, you can start scanning container images stored in your ECR registries and Snyk will help you select secure base images and clean up vulnerabilities in the image and code dependencies.

wordpress-sync/blog-snyk-container-aws-ecr-integration

Snyk Container and AWS Lambda integration

Integrating Snyk Open Source with Lambda is similar to how the Snyk Container and ECR integration is handled. We create an appropriate read-only IAM role, following our documented configuration, and then set up the Snyk Open Source and Lambda services to talk to each other. From there, you can scan and monitor your Lambda code for vulnerable dependencies, alerting you to problems and helping you fix them so that your functions stay secure.

wordpress-sync/blog-snyk-container-aws-lambda-integration

Send us feedback

To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. If you’d like to submit code, please review the Quick Start Contributor’s Guide.

You can get Snyk by signing up for a free account. For our paid tiers, both Snyk Open Source and Snyk Container are available to buy on the AWS Marketplace, as well as through private offers and custom contracts.

Additional resources

Snyk resources

AWS resources

AWS services

wordpress-sync/aws-feature-1

Level Up Your CI/CD Pipelines

See how these 8 tips can help you catch security issues in the pipe BEFORE you push to production ⭐️