Page 1 of 22

Snyk Serverless CI/CD for the Enterprise on the AWS Cloud

Quick Start Reference Deployment

July 2020

Jay Yeras, Snyk

Dylan Owen, AWS Quick Start team

Visit our GitHub repository for source files and to post feedback,

report bugs, or submit feature ideas for this Quick Start.

Contents

Overview ................................................................................................................................... 2

Snyk on AWS ......................................................................................................................... 3

Cost and licenses ................................................................................................................... 4

Architecture .............................................................................................................................. 5

Planning the deployment ......................................................................................................... 7

Specialized knowledge .......................................................................................................... 7

AWS account ......................................................................................................................... 7

Technical requirements ........................................................................................................ 8

Deployment steps ..................................................................................................................... 9

Step 1. Prepare your AWS account ........................................................................................ 9

Step 2. Get your Snyk organization ID ............................................................................... 10

Step 3. Enable cross-account access .................................................................................... 11

Create IAM roles in the development account ................................................................. 11

Create IAM roles in the production account .................................................................... 13

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 2 of 22

Step 4. Deploy resources ...................................................................................................... 15

Step 5. Test your CI/CD pipeline ........................................................................................ 18

AWS Solutions Consulting Offer .............................................................................................19

Troubleshooting ......................................................................................................................19

For further assistance ............................................................................................................. 20

Send us feedback .................................................................................................................... 20

Additional resources ............................................................................................................... 20

Document revisions ................................................................................................................. 21

This Quick Start was created by Snyk in collaboration with Amazon Web Services (AWS).

It is based on a Quick Start created by Trek10 in collaboration with AWS.

Quick Starts are automated reference deployments that use AWS CloudFormation

templates to deploy key technologies on AWS, following AWS best practices.

Overview

This Quick Start reference deployment guide provides step-by-step instructions to enable

integration between your Snyk organization and deployed AWS Lambda functions in your

AWS accounts.

The Quick Start is intended for users who want to use the Snyk software as a service (SaaS)

AWS integrations to secure their applications by finding, fixing, and monitoring potential

vulnerabilities in open-source dependencies. It builds a continuous integration and

continuous delivery (CI/CD) environment on the AWS Cloud. The Quick Start is based on

and deploys the resources in the Serverless CI/CD Quick Start created by Trek10.

Please know that we may share who uses AWS Quick Starts with the APN Partners that

collaborated with AWS on the content of the Quick Start.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 3 of 22

Snyk on AWS

Many companies embrace open-source software packages and libraries even when building

proprietary applications. Benefits include transparency, cost savings, flexibility, and a faster

time to market. Often, a developer’s own code is a small core within an application that is

primarily open source. So it’s not surprising that developers sometimes inadvertently

introduce vulnerabilities into a code base through open-source repositories that are

maintained in a distributed fashion by people with varying levels of security expertise.

These vulnerabilities open up applications to attacks downstream.

With Snyk, you can build security into your continuous-development process.

Following AWS best practices for isolating resources, this Quick Start requires you to create

three AWS accounts (subaccounts): development, shared services, and production. As

shown in Figure 1, you deploy AWS Identity and Access Management (IAM) roles and

policies into these AWS accounts to grant your Snyk organization access to the Lambda

resources in these accounts. (Depending on the workflow of your CI/CD pipeline, you may

want to integrate additional services as well.) This cross-account access establishes

integrations that secure your CI/CD pipeline so that you can use Snyk to perform security

scans of your applications.

Figure 1: AWS accounts integrated with Snyk

In addition, this Quick Start creates a serverless CI/CD environment. See the Trek10

Serverless CI/CD Quick Start deployment guide for details on the resources deployed.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 4 of 22

Cost and licenses

You are responsible for the cost of the AWS services used while running this Quick Start

reference deployment. There is no additional cost for using the Quick Start.

The AWS CloudFormation template for this Quick Start includes configuration parameters

that you can customize. Some of these settings, such as instance type, affect the cost of

deployment. For cost estimates, see the pricing pages for each AWS service you will be

using. Prices are subject to change.

Tip: After you deploy the Quick Start, we recommend that you enable the AWS Cost

and Usage Report. This report delivers billing metrics to an Amazon Simple Storage

Service (Amazon S3) bucket in your account. It provides cost estimates based on

usage throughout each month and finalizes the data at the end of the month. For

more information about the report, see the AWS documentation.

Snyk, called Snyk: Developer-First Security in the AWS Marketplace, is fulfilled as a SaaS

offering. SaaS is a delivery model for software applications whereby the vendor hosts and

operates the application over the internet. Customers pay for using the software without

owning the underlying infrastructure. With SaaS contracts, customers pay for usage

through their AWS bill.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 5 of 22

Architecture

Deploying this Quick Start with default parameters builds the following Snyk serverless

CI/CD environment in the AWS Cloud.

Figure 2: Quick Start architecture for Snyk serverless CI/CD on AWS

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 6 of 22

As shown in Figure 2, the Quick Start integrates your Lambda functions into your Snyk

organization. In addition, using the Trek10 Quick Start as a submodule, it automatically

sets up the following:

• IAM users, roles, and groups that control access to pipeline operations and deployed

resources. These IAM users, roles, and groups are in the following AWS accounts:

– The development account, a staging environment for developing your serverless-

application code.

– The shared services account, which hosts the core deployment infrastructure and

serverless-application source code.

– The production account, into which you deploy your final production code.

• An AWS CodeCommit repository for storing application code.

• AWS Secrets Manager to store sensitive configuration data in a central location.

• Amazon S3 buckets for pipeline artifacts.

• Integration with other AWS services such as AWS Key Management Service

(AWS KMS), Lambda, and Amazon Simple Notification Service (Amazon SNS).

• A dynamic branch pipeline that uses AWS CodePipeline to deploy and test new feature

code in Git branches as well as AWS CodeBuild and AWS CodeDeploy configurations for

building, deploying, and testing serverless applications.

• A master code pipeline that deploys to multiple AWS accounts, using AWS CodePipeline

as well as AWS CodeBuild and AWS CodeDeploy configurations for building, deploying,

and testing serverless applications.

• A sample serverless application that uses Lambda, Amazon API Gateway, and Amazon

DynamoDB.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 7 of 22

Planning the deployment

Specialized knowledge

This Quick Start assumes familiarity with the following concepts:

• Version-control concepts, using Git or another distributed-source-code-management

tool.

• CI/CD best practices, including automated testing and code promotion.

• Serverless concepts and services, including AWS Lambda and AWS Serverless

Application Model (AWS SAM).

• Container registry and working with Docker images.

This deployment guide also requires a moderate level of familiarity with these services:

AWS Lambda, AWS CodePipeline, AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy,

Amazon S3, and IAM. If you’re new to AWS, visit the Getting Started Resource Center and

the AWS Training and Certification website for materials and programs that help you

develop the skills to design, deploy, and operate your infrastructure and applications on the

AWS Cloud.

AWS account

If you don’t already have an AWS account, create one at https://aws.amazon.com by

following the on-screen instructions. Part of the sign-up process involves receiving a phone

call and entering a PIN using the phone keypad.

Your AWS account is automatically signed up for all AWS services. You are charged only for

the services you use.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 8 of 22

Technical requirements

Before you launch the Quick Start, configure your AWS account as specified in the following

table. Otherwise, deployment might fail.

AWS accounts This Quick Start follows AWS multiaccount best practices for isolation of resources. You

these three AWS accounts (subaccounts) must be ready to use:

• Development account: This is a staging environment for developing your

application code.

• Shared services account: This hosts the core deployment infrastructure

and application source code.

• Production account: The final production code for your application is

deployed into this account.

To prepare these accounts, see Step 1 of the deployment section.

Resources If necessary, request service quota increases for the following resources. You might

need to do this if an existing deployment uses these resources, and you might exceed the

default quotas with this deployment. The Service Quotas console displays your usage

and quotas for some aspects of some services. For more information, see the AWS

documentation.

Resource This deployment uses

IAM roles 9

Regions This deployment includes AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS

CodeCommit, and AWS Secrets Manager, which aren’t currently supported in all AWS

Regions. For a current list of supported Regions, see the service endpoints and quotas

page in the AWS documentation.

IAM permissions Before launching the Quick Start, you must log in to the AWS Management Console

with IAM permissions for the resources and actions the templates deploy. The

AdministratorAccess managed policy within IAM provides sufficient permissions,

although your organization may choose to use a custom policy with more restrictions.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 9 of 22

Deployment steps

Step 1. Prepare your AWS account

1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has

the necessary permissions. For details, see Planning the deployment earlier in this

guide.

2. Make sure that your AWS account is configured correctly, as discussed in the Technical

requirements section.

3. Set up accounts (subaccounts) for development, shared services, and production:

a. Open the AWS Organizations console at

https://console.aws.amazon.com/organizations/. Follow the instructions in the

AWS documentation to create an organization.

b. Follow the instructions in the AWS documentation to create three accounts:

development, shared services, and production. If you have a large development

organization, consider creating separate sets of these three accounts for each

business unit or logical grouping of applications.

c. Save the AWS account IDs for all three accounts (development, shared services, and

production). You will use these in a later step. For additional information, see

Finding your AWS account ID in the AWS documentation.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 10 of 22

Step 2. Get your Snyk organization ID

This Quick Start requires that you have a Snyk login or subscription. If you don't have a

Snyk login, open the page for Snyk: Developer-First Security in AWS Marketplace, and

choose Continue to Subscribe. Review the terms and conditions for software usage, and

choose Accept Terms. A confirmation page loads, and an email confirmation is sent to the

account owner. For detailed subscription instructions, see the AWS Marketplace

documentation.

1. Sign in to your Snyk account.

2. Select the Settings tab. Under Organization ID, choose Copy, as shown in Figure 3.

3. Paste this ID some place where you can find it when you need it (in Step 3. Enable cross-

account access).

Figure 3: Snyk settings, organization ID

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 11 of 22

Step 3. Enable cross-account access

In Step 1, you created development and production accounts. Now you need to deploy four

IAM roles (“child-account roles”)—a Trek10 role in each account and a Snyk role in each

account. You will name the two Trek10 roles; the names of the Snyk roles are generated.

These IAM roles enable Snyk integration and cross-account access from the shared services

account. The Quick Start includes AWS CloudFormation templates that automatically

create these roles for you.

CREATE IAM ROLES IN THE DEVELOPMENT ACCOUNT

1. Sign in to the development account as a user with IAM permissions to create a

CloudFormation stack and IAM roles.

2. Choose Deploy to launch the AWS CloudFormation template to create the Snyk and

Trek10 IAM roles:

Deploy the template for the Snyk and Trek10

IAM roles in the development account

The deployment takes about two minutes to complete.

3. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar,

and change it if necessary. The template is launched in the US East (N. Virginia) Region

by default.

Note: This deployment includes AWS CodePipeline, AWS CodeBuild, AWS

CodeDeploy, AWS CodeCommit, and AWS Secrets Manager, which aren’t currently

supported in all AWS Regions. For a current list of supported Regions, see the

Service endpoints and quotas webpage.

4. On the Create stack page, keep the default setting for the template URL. Choose Next.

5. On the Specify stack details page, change the stack name if needed. Review the

parameters for the template. Provide values for the parameters that require input. For

all other parameters, review the default settings and customize them as necessary.

Dev account IAM roles

Deploy

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 12 of 22

View template

Snyk configuration:

Parameter label

(name)

Default Description

Snyk organization ID

(SnykExternalId)

Requires input You may find this by logging in to https://app.snyk.io and

navigate to Settings.

Trek10 Serverless CI/CD:

Parameter label

(name)

Default Description

Shared services

account ID

(CentralAwsAccountId)

Requires input The AWS account ID of the shared services account. For

guidance, see Finding Your AWS Account ID in the AWS

documentation.

Child account role

name

(ChildAccountRoleName)

ChildAccountRole The name of the role to create in the account. This name must

be unique in the account.

AWS Quick Start configuration:

Note: We recommend keeping these default settings for the “AWS Quick Start

configuration” parameters, unless you are customizing the Quick Start templates for

your own deployment projects. Changing these parameter settings automatically

updates code references to point to a new Quick Start location. For details, see the

AWS Quick Start Contributor’s Guide.

Parameter label

(name)

Default Description

Quick Start S3

bucket name

(QSS3BucketName)

aws-quickstart S3 bucket name for the Quick Start assets. This string can include

numbers, lowercase letters, uppercase letters, and hyphens (-).

It cannot start or end with a hyphen (-).

Quick Start S3

bucket Region

(QSS3BucketRegion)

us-east-1 The AWS Region where the Quick Start S3 bucket

(QSSBucketName) is hosted. When using your own bucket,

you must specify this value.

Quick Start S3

key prefix

(QSS3KeyPrefix)

quickstart-snyk-

serverless/

S3 key name prefix for the Quick Start assets. Quick Start key prefix

can include numbers, lowercase letters, uppercase letters,

hyphens (-), dots (.), and forward slashes (/).

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 13 of 22

6. When you finish reviewing and customizing the parameters, choose Next.

7. On the options page, you can specify tags (key-value pairs) for resources in your stack,

set permissions, and set advanced options. When you’re done, choose Next.

8. On the Review page, review and confirm the template settings. Under Capabilities,

select the two check boxes to acknowledge that the template creates IAM resources and

might require the capability to automatically expand macros.

9. Choose Create stack to deploy the stack.

10. Monitor the status of the stack. When the status is CREATE_COMPLETE, the

deployment is done.

11. Sign out of the development account.

CREATE IAM ROLES IN THE PRODUCTION ACCOUNT

1. Sign in to the production account as a user with IAM permissions to create a

CloudFormation stack and IAM roles.

2. Choose Deploy to launch the AWS CloudFormation template to create the Snyk and

Trek10 IAM roles:

Deploy the template for the Snyk and Trek10

IAM roles in the production account

The deployment takes about two minutes to complete.

3. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar.

If it’s not the same as the AWS Region you used in the development account, change it

to match.

4. On the Create stack page, keep the default setting for the template URL, and then

choose Next.

5. On the Specify stack details page, change the stack name if needed. Review the

parameters for the template. Provide values for the parameters that require input. For

all other parameters, review the default settings and customize them as necessary.

Prod account IAM roles

Deploy

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 14 of 22

View template

Snyk configuration:

Parameter label

(name)

Default Description

Snyk organization ID

(SnykExternalId)

Requires input You may find this by logging in to https://app.snyk.io and

navigate to Settings.

Trek10 Serverless CI/CD:

Parameter label

(name)

Default Description

Shared services

account ID

(CentralAwsAccountId)

Requires input The AWS account ID of the shared services account. For

guidance, see Finding Your AWS Account ID in the AWS

documentation.

Child account role

name

(ChildAccountRoleName)

ChildAccountRole The name of the role to create in the account. This name must

be unique in the account.

AWS Quick Start configuration:

Note: We recommend keeping these default settings for the “AWS Quick Start

configuration” parameters, unless you are customizing the Quick Start templates for

your own deployment projects. Changing these parameter settings automatically

updates code references to point to a new Quick Start location. For details, see the

AWS Quick Start Contributor’s Guide.

Parameter label

(name)

Default Description

Quick Start S3

bucket name

(QSS3BucketName)

aws-quickstart S3 bucket name for the Quick Start assets. This string can include

numbers, lowercase letters, uppercase letters, and hyphens (-).

It cannot start or end with a hyphen (-).

Quick Start S3

bucket Region

(QSS3BucketRegion)

us-east-1 The AWS Region where the Quick Start S3 bucket

(QSSBucketName) is hosted. When using your own bucket,

you must specify this value.

Quick Start S3

key prefix

(QSS3KeyPrefix)

quickstart-snyk-

serverless/

S3 key name prefix for the Quick Start assets. Quick Start key prefix

can include numbers, lowercase letters, uppercase letters,

hyphens (-), dots (.), and forward slashes (/).

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 15 of 22

6. When you finish reviewing and customizing the parameters, choose Next.

7. On the options page, you can specify tags (key-value pairs) for resources in your stack,

set permissions, and set advanced options. When you’re done, choose Next.

8. On the Review page, review and confirm the template settings. Under Capabilities,

select the two check boxes to acknowledge that the template creates IAM resources and

might require the capability to automatically expand macros.

9. Choose Create stack to deploy the stack.

10. Monitor the status of the stack. When the status is CREATE_COMPLETE, the

deployment is complete.

11. Sign out of the production account.

Step 4. Deploy resources

1. Sign in to the AWS shared services account as a user with IAM permissions to create

resources in several AWS services. We recommend using the AdministratorAccess

managed policy.

2. Choose Deploy to launch the AWS CloudFormation template to deploy resources

across all three accounts (development, shared services, and production):

Launch the AWS CloudFormation template

that deploys resources across all three accounts

Note: This deployment includes AWS CodePipeline, AWS CodeBuild, AWS

CodeDeploy, AWS CodeCommit, and AWS Secrets Manager, which aren’t currently

supported in all AWS Regions. For a current list of supported regions, see the

endpoints and quotas webpage.

The deployment takes 10–15 minutes to complete.

3. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar.

If it’s not the same as the AWS Region you used before, change it to match.

Resources Deploy

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 16 of 22

4. On the Create stack page, keep the default setting for the template URL, and then

choose Next.

5. On the Specify stack details page, change the stack name if needed. Review the

parameters (described in the following tables) for the template. Provide values for the

parameters that require input. For all other parameters, review the default settings and

customize them as necessary.

View template

Snyk configuration:

Parameter label

(name)

Default Description

Snyk organization ID

(SnykExternalId)

Requires input You may find this by logging in to https://app.snyk.io and

navigate to Settings.

Application configuration:

Parameter label

(name)

Default Description

Application name

(AppName)

Sample Application name, used for the repository and child stack name.

Accounts configuration:

Parameter label

(name)

Default Description

Development account

ID (child)

(DevAwsAccountId)

Requires input Enter the AWS account ID for your development account. For

guidance, see Finding Your AWS Account ID in the AWS

documentation.

Development account

role name

(DevChildAccountRole

Name)

ChildAccountRole Name of role created by ChildAccountRole template in your

development account.

Production account

ID (child)

(ProdAwsAccountId)

Requires input AWS account ID for your production account.

Production account

role name

(ProdChildAccountRole

Name)

ChildAccountRole Name of role created by ChildAccountRole template in your

development account.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 17 of 22

Pipeline configuration:

Parameter label

(name)

Default Description

Build image

(BuildImageName)

aws/codebuild/

nodejs:10.1.0

Docker image for application build.

AWS Quick Start configuration:

Note: We recommend keeping these default settings for the “AWS Quick Start

configuration” parameters, unless you are customizing the Quick Start templates for

your own deployment projects. Changing these parameter settings automatically

updates code references to point to a new Quick Start location. For details, see the

AWS Quick Start Contributor’s Guide.

Parameter label

(name)

Default Description

Quick Start S3

bucket name

(QSS3BucketName)

aws-quickstart S3 bucket name for the Quick Start assets. This string can include

numbers, lowercase letters, uppercase letters, and hyphens (-).

It cannot start or end with a hyphen (-).

Quick Start S3

bucket Region

(QSS3BucketRegion)

us-east-1 The AWS Region where the Quick Start S3 bucket

(QSSBucketName) is hosted. When using your own bucket,

you must specify this value.

Quick Start S3

key prefix

(QSS3KeyPrefix)

quickstart-snyk-

serverless/

S3 key name prefix for the Quick Start assets. Quick Start key prefix

can include numbers, lowercase letters, uppercase letters,

hyphens (-), dots (.), and forward slashes (/).

6. When you finish reviewing and customizing the parameters, choose Next.

7. On the options page, you can specify tags (key-value pairs) for resources in your stack

and set advanced options. When you’re done, choose Next.

8. On the Review page, review and confirm the template settings. Under Capabilities,

select the two check boxes to acknowledge that the template creates IAM resources and

might require the ability to automatically expand macros.

9. Choose Create stack to deploy the stack.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 18 of 22

10. Monitor the status of the stack. When the status is CREATE_COMPLETE, the

deployment is done.

11. Use the Amazon Resource Name (ARN) displayed in the Outputs tab for the stack, as

illustrated in Figure 4, to view the resources that were created. Copy the value to your

clipboard.

Figure 4: Snyk outputs after successful deployment

12. Return to the Snyk console, choose Settings, Integrations. Paste in the ARN you

copied in the previous step, as illustrated in Figure 5, for the AWS Lambda integration.

Choose Save.

Figure 5: Enable AWS Lambda integration

Step 5. Test your CI/CD pipeline

Test the deployment of the CI/CD pipeline as documented in the Trek10 deployment guide.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 19 of 22

AWS Solutions Consulting Offer

This Quick Start provides a self-service reference architecture that can be used in

production environments. For users who would like to explore additional use cases or who

require consulting services, an AWS Solutions Consulting Offer is available.

Troubleshooting

Q. I encountered a CREATE_FAILED error when I launched the Quick Start.

A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the

template with Rollback on failure set to No. (This setting is under Advanced in the

AWS CloudFormation console, Options page.) With this setting, the stack’s state will be

retained and the instance will be left running, so you can troubleshoot the issue.

Important: When you set Rollback on failure to No, you will continue to incur

AWS charges for this stack. Please make sure to delete the stack when you finish

troubleshooting.

For additional information, see Troubleshooting AWS CloudFormation on the AWS

website.

Q. I encountered a size limitation error when I deployed the AWS CloudFormation

templates.

A. We recommend that you launch the Quick Start templates from the links in this guide or

from another S3 bucket. If you deploy the templates from a local copy on your computer or

from a location other than an S3 bucket, you might encounter template size limitations

when you create the stack. For more information about AWS CloudFormation limits, see

the AWS documentation.

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 20 of 22

For further assistance

In addition to this Quick Start guide, please search the Snyk Knowledge Center for detailed

product documentation. You can also email support@snyk.io for technical support and

guidance.

Additionally, Trek10 offers architectural guidance, engineering, and 24/7 operational

support for AWS. If you are interested in a further engagement with Trek10 to deploy and

manage your serverless application infrastructure, see the Serverless Developer

Acceleration offering from Trek10, or contact Trek10 at https://www.trek10.com/contact.

Send us feedback

To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub

repository for this Quick Start. If you’d like to submit code, please review the Quick Start

Contributor’s Guide.

Additional resources

AWS resources

• Getting Started Resource Center

• AWS general reference

• AWS glossary

AWS services

• AWS CloudFormation

• AWS CodeBuild

• AWS CodeDeploy

• AWS CodeCommit

• AWS CodePipeline

• AWS KMS

• AWS Secrets Manager

• AWS Lambda

• IAM

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 21 of 22

Snyk documentation

• AWS Lambda integration

Serverless application development

• Introduction to serverless computing

• AWS Serverless Application Model (AWS SAM)

• AWS Serverless Application Repository

• Additional example AWS SAM apps

Other Quick Start reference deployments

• AWS Quick Start home page

Document revisions

Date Change In sections

July 2020 Initial publication —

Amazon Web Services – Snyk serverless CI/CD for the enterprise on the AWS Cloud July 2020

Page 22 of 22

© 2020, Amazon Web Services, Inc. or its affiliates, and Snyk. All rights reserved.

Notices

This document is provided for informational purposes only. It represents AWS’s current product offerings

and practices as of the date of issue of this document, which are subject to change without notice. Customers

are responsible for making their own independent assessment of the information in this document and any

use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether

express or implied. This document does not create any warranties, representations, contractual

commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities

and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of,

nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, Version 2.0 (the "License"). You

may not use this file except in compliance with the License. A copy of the License is located at

http://aws.amazon.com/apache2.0/ or in the "license" file accompanying this file. This code is distributed

on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or

implied. See the License for the specific language governing permissions and limitations under the License.