Skip to content

Commit

Permalink
feat gsn-10597: wip 2024-05-24-04
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlovoSBP
carlovoSBP committed May 24, 2024
1 parent 3b97eaa commit 1d2e49c
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 6 deletions.
3 changes: 2 additions & 1 deletion files/lambda-artifacts/securityhub-suppressor/securityhub_events.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

LOGGER = Logger()
S3_BUCKET_NAME = environ.get('S3_BUCKET_NAME')
S3_OBJECT_NAME = environ.get('S3_OBJECT_NAME')


class S3(Backend):
Expand All @@ -30,7 +31,7 @@ def _get_rules(self):
@LOGGER.inject_lambda_context(log_event=True)
def lambda_handler(event: Dict[str, Any], context):
LOGGER.info(event)
s3_backend = S3(S3_BUCKET_NAME, "suppressions.yaml")
s3_backend = S3(S3_BUCKET_NAME, S3_OBJECT_NAME)
rules = s3_backend.get_rules()
LOGGER.info(rules)
findings_manager = FindingsManager()
Expand Down
7 changes: 2 additions & 5 deletions files/lambda-artifacts/securityhub-suppressor/securityhub_trigger.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

LOGGER = Logger()
S3_BUCKET_NAME = environ.get('S3_BUCKET_NAME')
S3_OBJECT_NAME = environ.get('S3_OBJECT_NAME')


class S3(Backend):
Expand All @@ -29,11 +30,7 @@ def _get_rules(self):

@LOGGER.inject_lambda_context(log_event=True)
def lambda_handler(event: Dict[str, Any], context):
most_recent_event = event['Records'][-1]
LOGGER.info(most_recent_event)
s3_object_key = most_recent_event['s3']['object']['key']
LOGGER.info(s3_object_key)
s3_backend = S3(S3_BUCKET_NAME, s3_object_key)
s3_backend = S3(S3_BUCKET_NAME, S3_OBJECT_NAME)
rules = s3_backend.get_rules()
LOGGER.info(rules)
findings_manager = FindingsManager()
Expand Down
4 changes: 4 additions & 0 deletions suppressor.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ module "lambda_securityhub_events_suppressor" {

environment = {
S3_BUCKET_NAME = var.suppressions_s3_bucket_name
S3_OBJECT_NAME = var.suppressions_s3_object_name
LOG_LEVEL = var.lambda_events_suppressor.log_level
POWERTOOLS_LOGGER_LOG_EVENT = "false"
POWERTOOLS_SERVICE_NAME = "securityhub-suppressor"
Expand Down Expand Up @@ -208,6 +209,7 @@ module "lambda_securityhub_trigger_suppressor" {

environment = {
S3_BUCKET_NAME = var.suppressions_s3_bucket_name
S3_OBJECT_NAME = var.suppressions_s3_object_name
LOG_LEVEL = var.lambda_trigger_suppressor.log_level
POWERTOOLS_LOGGER_LOG_EVENT = "false"
POWERTOOLS_SERVICE_NAME = "securityhub-suppressor"
Expand Down Expand Up @@ -268,6 +270,8 @@ resource "aws_s3_bucket_notification" "bucket_notification" {
lambda_function {
lambda_function_arn = module.lambda_securityhub_trigger_suppressor.arn
events = ["s3:ObjectCreated:*"]
filter_prefix = var.suppressions_s3_object_name
filter_suffix = var.suppressions_s3_object_name
}

depends_on = [aws_lambda_permission.allow_s3_to_invoke_trigger_lambda]
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@ variable "suppressions_s3_bucket_name" {
description = "The S3 bucket containing the items to be suppressed in Security Hub"
}

variable "suppressions_s3_object_name" {
type = string
default = "suppressions.yaml"
description = "The S3 object containing the items to be suppressed in Security Hub"
}

variable "eventbridge_suppressor_iam_role_name" {
type = string
default = "EventBridgeSecurityHubSuppressorRole"
Expand Down

0 comments on commit 1d2e49c

Please sign in to comment.