There are many examples available for how to return an error from an AWS Lambda
function through API Gateway to a client in Node.js, but relatively few for how
to do so using the Python runtime. Here we will try to give some basic info
using Python with a POST action.
Git doesn’t have the concept of a per user global hook. It would be nice if you could create hooks in your home directory that could be executed in all repositories that you work with. Instead, it does allow you to write hooks that reside in a user specific template directory to then be copied into any repositories that you clone or create from scratch.
Working on AWS CodeCommit today, I setup SSH access to the repository. During the initial configuration I provided the SSH public key in the AWS Console, but then couldn’t connect to my repository. In the brief instructions on the IAM Console page they tell you how to update your ~/.ssh/config file, but the example doesn’t explicitly say what the IdentityFile is supposed to be set to. In the more detailed instructions they do specify the IdentityFile should reference your private key, not your public key.
While writing a Python library that performs scanning of Git repositories similar to AWS Labs’ git-secrets, I was surprised by some 3rd party scanning services randomly scanning my repository for AWS credentials. I had included deactivated AWS credentials in my repository so that I could test my library. My plan was to replace these credentials with a randomly generated string later on but at first I was satisfied to commit the actual (but not active) credentials to Github themselves.
While using AWS Lambda SAM Local to test Lambda functions locally, I encountered an error writing to the current directory where the function was running in the container (/var/task/). I’m not claiming a best practice of writing to the filesystem while running a Lambda function, but that’s part of my learning process for the moment, and I will investigate other workflows shortly. But what I was able to get working successfuly was writing to the /tmp filesystem instead of the current working directory.
Even if you’re not involved in the Python community, you might have heard about this security incident a while back. This is a not uncommon scenario where developers who may not be Github or distribution tooling (or security) experts make a mistake and breed mistrust in their project as well as the distribution medium itself.
But setting up your environment to prevent these accidental credential disclosures is easy to do, and will enhance your security posture.