diff --git a/admin_guide/install/install_defender/images/lambda_env_varialbles.png b/admin_guide/install/install_defender/images/lambda_env_varialbles.png new file mode 100644 index 00000000..e7f62758 Binary files /dev/null and b/admin_guide/install/install_defender/images/lambda_env_varialbles.png differ diff --git a/admin_guide/install/install_defender/images/lambda_handler.png b/admin_guide/install/install_defender/images/lambda_handler.png new file mode 100644 index 00000000..c4f94b05 Binary files /dev/null and b/admin_guide/install/install_defender/images/lambda_handler.png differ diff --git a/admin_guide/install/install_defender/images/serverless_layer_function_designer_layers3.png b/admin_guide/install/install_defender/images/serverless_layer_function_designer_layers3.png deleted file mode 100644 index ddf24edb..00000000 Binary files a/admin_guide/install/install_defender/images/serverless_layer_function_designer_layers3.png and /dev/null differ diff --git a/admin_guide/install/install_defender/install_serverless_defender_layer.adoc b/admin_guide/install/install_defender/install_serverless_defender_layer.adoc index d20c98b4..6fa3d4e6 100644 --- a/admin_guide/install/install_defender/install_serverless_defender_layer.adoc +++ b/admin_guide/install/install_defender/install_serverless_defender_layer.adoc @@ -29,7 +29,7 @@ To secure an AWS Lambda function with the Serverless Defender layer: . Define a serverless CNAF policy. -. Add the layer to your function, wrap your handler, and set an environment variable. +. Add the layer to your function, update the handler, and set an environment variable. After completing this integration, Serverless Defender runs when your function is invoked. @@ -185,39 +185,12 @@ When you return to the function designer, you'll see that your function now uses + image::serverless_layer_function_designer_layers2.png[width=250] -. Import the Serverless Defender layer into your function by adding the appropriate line to your code depending on your runtime. -+ -* If your runtime is *Python*, wrap your function's handler as follows: - - import twistlock - @twistlock.serverless.handler - def handler(event, context): - . - . - . -+ -* If your runtime is *Node.js*, and your handler is asynchronous, wrap your function as follows: - - // Async handler - var twistlock = require('twistlock'); - exports.handler = async (event, context) => { - . - . - . - }; -+ -* If your runtime is *Node.js*, and your handler is synchronous, wrap your function as follows: +. Update the handler for your function to be _twistlock.handler_. - // Non-async handler - var twistlock = require('twistlock'); - exports.handler = (event, context, callback) => { - . - . - . - }; - exports.handler = twistlock.handler(exports.handler); +image::lambda_handler.png[width=700] -. Set the TW_POLICY environment variable, which specifies how your function connects to Compute Console to retrieve policy and send audits. + +. Set the _TW_POLICY_ and _ORIGINAL_HANDLER_ environment variable, which specifies how your function connects to Compute Console to retrieve policy and send audits. .. In Compute Console, go to *Manage > Defenders > Deploy > Single Defender*. @@ -233,8 +206,11 @@ image::serverless_layer_function_designer_layers2.png[width=250] .. For *Value*, paste the rule you copied from Compute Console. +.. For _ORIGINAL_HANDLER_, this is the original value of handelr for your function before your modification. + . Click *Save* to preserve all your changes. + -image::serverless_layer_function_designer_layers3.png[width=250] +image::lambda_env_variables.png[width=700] +