def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
auto_pause = [
"AuroraServerlessScalingAutoPause",
"AuroraPostgresServerlessScalingAutoPause"
]
backup_retention = [
"AuroraBackup", "AuroraBackupTerm", "AuroraServerlessBackupTerm",
"AuroraPostgresServerlessBackupTerm"
]
copytagstosnapshots = [
"AuroraCopyTagsToSnapshot", "AuroraServerlessCopyTagsToSnapshot",
"AuroraPostgresServerlessCopyTagsToSnapshot"
]
deletion_protection = [
"AuroraDeleteProtection", "AuroraServerlessDeleteProtection",
"AuroraPostgresServerlessDeleteProtection"
]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
#region CW Call
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print("assume-role" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
RDSClusterName = event["RDSClusterName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print("rds-client" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(auto_pause).intersection(set(records)):
try:
rdscluster_autopause.run_remediation(rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(backup_retention).intersection(set(records)):
try:
rdscluster_backupretention.run_remediation(rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(copytagstosnapshots).intersection(set(records)):
try:
rdscluster_copytagstosnapshot.run_remediation(
rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(deletion_protection).intersection(set(records)):
try:
rdscluster_deletion_protection.run_remediation(
rds, RDSClusterName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + RDSClusterName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + RDSClusterName)
}
#endregion
#region Portal Call
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
RDSClusterName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in auto_pause:
responseCode, output = rdscluster_autopause.run_remediation(
rds, RDSClusterName)
if PolicyId in backup_retention:
responseCode, output = rdscluster_backupretention.run_remediation(
rds, RDSClusterName)
if PolicyId in copytagstosnapshots:
responseCode, output = rdscluster_copytagstosnapshot.run_remediation(
rds, RDSClusterName)
if PolicyId in deletion_protection:
responseCode, output = rdscluster_deletion_protection.run_remediation(
rds, RDSClusterName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
snapshot_access = ["RDSSnapshotNoPublicAccess"]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
#region CW Call
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print("assume-role" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
RDSSnapshotName = event["RDSSnapshotName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print("rds-client" + str(e))
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(snapshot_access).intersection(set(records)):
try:
rdssnapshot_access.run_remediation(rds, RDSSnapshotName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + RDSSnapshotName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + RDSSnapshotName)
}
#endregion
#region Portal Call
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
RDSSnapshotName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in snapshot_access:
responseCode, output = rdssnapshot_access.run_remediation(
rds, RDSSnapshotName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate RDS cluster: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
EKSClusterName = event["EKSClusterName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
eks = boto3.client('eks', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "EKSClusterLogging" in str(records):
try:
eks_controlplanlogging.run_remediation(eks,EKSClusterName)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
print('remediated-' + EKSClusterName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + EKSClusterName)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
EKSClusterName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
eks = boto3.client('eks', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "EKSClusterLogging":
responseCode,output = eks_controlplanlogging.run_remediation(eks,EKSClusterName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate EKS Cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate EKS Cluster: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
docdb_clustername = event["DocdbClusterName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
docdb = boto3.client('docdb', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "DocDBDeletionProtection" in str(records):
try:
docdbcluster_deletion_protection.run_remediation(docdb,docdb_clustername)
print('remediated-' + docdb_clustername)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "DocDBBackupRetentionPeriod" in str(records):
try:
docdbcluster_backup_retention.run_remediation(docdb,docdb_clustername)
print('remediated-' + docdb_clustername)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "DocDBCloudWatchLogsEnabled" in str(records):
try:
docdbcluster_logexport.run_remediation(docdb,docdb_clustername)
print('remediated-' + docdb_clustername)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + docdb_clustername)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
docdb_clustername = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
docdb = boto3.client('docdb', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "DocDBBackupRetentionPeriod":
responseCode,output = docdbcluster_backup_retention.run_remediation(docdb,docdb_clustername)
if PolicyId == "DocDBCloudWatchLogsEnabled":
responseCode,output = docdbcluster_logexport.run_remediation(docdb,docdb_clustername)
if PolicyId == "DocDBDeletionProtection":
responseCode,output = docdbcluster_deletion_protection.run_remediation(docdb,docdb_clustername)
except ClientError as e:
responseCode = 400
output = "Unable to remediate docdb cluster: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate docdb cluster: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
queue_url = event["QueueUrl"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
sqs = boto3.client('sqs',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "SQSSSEEnabled" in str(records):
try:
sqs_enable_sse.run_remediation(sqs, queue_url)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + queue_url)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + queue_url)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
queue_name = json.loads(event["body"])["ResourceName"]
queue_url = "https://sqs." + Region_name + ".amazonaws.com/" + CustAccID + "/" + queue_name
except:
Region = ""
try:
# Establish a session with the portal
sqs = boto3.client('sqs',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
# Create KMS client
kms = boto3.client('kms',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "SQSSSEEnabled":
responseCode, output = sqs_enable_sse.run_remediation(
sqs, queue_url)
except ClientError as e:
responseCode = 400
output = "Unable to remediate sqs queue : " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate sqs queue : " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
redshift_name = event["redshift"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
redshift = boto3.client('redshift', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "RedShiftNotPublic" in str(records):
try:
redshift_not_public.run_remediation(redshift,redshift_name)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "RedShiftVersionUpgrade" in str(records):
try:
redshift_autoversionupgrade.run_remediation(redshift,redshift_name)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "RedShiftAutomatedSnapshot" in str(records):
try:
redshift_automatic_retention.run_remediation(redshift,redshift_name)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
print('remediated-' + redshift_name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + redshift_name)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
redshift_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
redshift = boto3.client('redshift', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "RedShiftNotPublic":
responseCode,output = redshift_not_public.run_remediation(redshift,redshift_name)
if PolicyId == "RedShiftVersionUpgrade":
responseCode,output = redshift_autoversionupgrade.run_remediation(redshift,redshift_name)
if PolicyId == "RedShiftAutomatedSnapshot":
responseCode,output = redshift_automatic_retention.run_remediation(redshift,redshift_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate redshift: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate redshift: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try:
# common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
FileSystemId = event["FileSystemId"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
fsx = boto3.client('fsx',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "AWSFSxBackupRetentionPeriod7Days" in str(
records) or "AWSFSxBackupRetentionPeriod" in str(records):
try:
fsx_windows_backup_retention.run_remediation(fsx, FileSystemId)
print('remediated-' + FileSystemId)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + FileSystemId)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
FileSystemId = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
fsx = boto3.client('fsx',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in [
"AWSFSxBackupRetentionPeriod7Days",
"AWSFSxBackupRetentionPeriod"
]:
responseCode, output = fsx_windows_backup_retention.run_remediation(
fsx, FileSystemId)
except ClientError as e:
responseCode = 400
output = "Unable to remediate fsx: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate fsx: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
ConfigRoleARN = event["ConfigRoleARN"]
Name = event["Name"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
config = boto3.client('config', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "ConfigCaptureGlobalResources" in str(records):
try:
config_include_global_resources.run_remediation(config,ConfigRoleARN,Name)
print('remediated-' + Name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + Name)
}
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
ConfigRoleARN = ''
Name = ''
except:
Region = ""
try:
# Establish a session with the portal
config = boto3.client('config', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "ConfigCaptureGlobalResources":
responseCode,output = config_include_global_resources.run_remediation(config,ConfigRoleARN,Name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
Trail = event["Trail"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
cloudtrail_client = boto3.client(
'cloudtrail',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "CTMultiRegionTrail" in str(records):
try:
cloudtrail_enable_multi_region_trail.run_remediation(
cloudtrail_client, Trail)
print('remediated-' + Trail)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "CTLogFileValidation" in str(records):
try:
cloudtrail_enable_log_file_validation.run_remediation(
cloudtrail_client, Trail)
print('remediated-' + Trail)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "CTIsLogging" in str(records):
try:
cloudtrail_enable_trail_logging.run_remediation(
cloudtrail_client, Trail)
print('remediated-' + Trail)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
#returning the output Array in json format
return {'statusCode': 200, 'body': json.dumps('remediated-' + Trail)}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
Trail = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
cloudtrail_client = boto3.client(
'cloudtrail',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "CTMultiRegionTrail":
responseCode, output = cloudtrail_enable_multi_region_trail.run_remediation(
cloudtrail_client, Trail)
except ClientError as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
try:
if PolicyId == "CTLogFileValidation":
responseCode, output = cloudtrail_enable_log_file_validation.run_remediation(
cloudtrail_client, Trail)
except ClientError as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
try:
if PolicyId == "CTIsLogging":
responseCode, output = cloudtrail_enable_trail_logging.run_remediation(
cloudtrail_client, Trail)
except ClientError as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate Cloudtrail: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
backup_retention = [
"SQLBackup", "SQLBackupTerm", "MariadbBackup", "MariadbBackupTerm",
"OracleBackup", "OracleBackupTerm", "SQLServerBackup",
"SQLServerBackupTerm", "MySQLBackup", "MySQLBackupTerm"
]
copytagstosnapshot = [
"SQLCopyTagsToSnapshot", "MariadbCopyTagsToSnapshot",
"OracleCopyTagsToSnapshot", "SQLServerCopyTagsToSnapshot",
"MySQLCopyTagsToSnapshot"
]
deletion_protection = [
"SQLDeletionProtection", "MariadbDeletionProtection",
"OracleDeletionProtection", "SQLServerDeletionProtection",
"MySQLDeletionProtection"
]
disable_public_access = [
"SQLPrivateInstance", "MariadbPrivateInstance",
"OraclePrivateInstance", "SQLServerPrivateInstance",
"AuroraInstancePrivateInstance", "MySQLPrivateInstance"
]
minor_version = [
"SQLVersionUpgrade", "MariadbVersionUpgrade", "OracleVersionUpgrade",
"SQLServerVersionUpgrade", "AuroraInstanceVersionUpgrade",
"MySQLVersionUpgrade"
]
multiaz = [
"SQLMultiAZEnabled", "MariadbMultiAZEnabled", "OracleMultiAZEnabled",
"SQLServerMultiAZEnabled", "MySQLMultiAZEnabled"
]
performance_insights = [
"SQLPerformanceInsights", "MariadbPerformanceInsights",
"OraclePerformanceInsights", "SQLServerPerformanceInsights",
"AuroraInstancePerformanceInsights", "MySQLPerformanceInsights"
]
instance_logexport = [
"MySQLlogExport", "MariadblogExport", "OraclelogExport"
]
instance_iam_auth = ["SQLIAMAuthEnabled", "MySQLIAMAuthEnabled"]
db_parameters = ["MySQLBlockEncryption", "MySQLEnableFIPS"]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
#region CW Call
if not PolicyId:
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
RDSInstanceName = event["RDSInstanceName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(backup_retention).intersection(set(records)):
try:
rdsinstance_backupretention.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(copytagstosnapshot).intersection(set(records)):
try:
rdsinstance_copytagstosnapshot.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(deletion_protection).intersection(set(records)):
try:
rdsinstance_deletion_protection.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(disable_public_access).intersection(set(records)):
try:
rdsinstance_disable_public_access.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(minor_version).intersection(set(records)):
try:
rdsinstance_minorversionupgrade.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(performance_insights).intersection(set(records)):
try:
rdsinstance_performanceinsights.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(instance_logexport).intersection(set(records)):
try:
rdsinstance_logsenabled.run_remediation(rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(instance_iam_auth).intersection(set(records)):
try:
rdsinstance_iam_auth.run_remediation(rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(db_parameters).intersection(set(records)):
try:
rdsinstance_updateparameters.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(multiaz).intersection(set(records)):
try:
rdsinstance_multizone.run_remediation(rds, RDSInstanceName)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + RDSInstanceName)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + RDSInstanceName)
}
#endregion
#region Portal Call
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
RDSInstanceName = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
rds = boto3.client('rds',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in backup_retention:
responseCode, output = rdsinstance_backupretention.run_remediation(
rds, RDSInstanceName)
if PolicyId in copytagstosnapshot:
responseCode, output = rdsinstance_copytagstosnapshot.run_remediation(
rds, RDSInstanceName)
if PolicyId in deletion_protection:
responseCode, output = rdsinstance_deletion_protection.run_remediation(
rds, RDSInstanceName)
if PolicyId in disable_public_access:
responseCode, output = rdsinstance_disable_public_access.run_remediation(
rds, RDSInstanceName)
if PolicyId in minor_version:
responseCode, output = rdsinstance_minorversionupgrade.run_remediation(
rds, RDSInstanceName)
if PolicyId in multiaz:
responseCode, output = rdsinstance_multizone.run_remediation(
rds, RDSInstanceName)
if PolicyId in performance_insights:
responseCode, output = rdsinstance_performanceinsights.run_remediation(
rds, RDSInstanceName)
if PolicyId in instance_logexport:
responseCode, output = rdsinstance_logsenabled.run_remediation(
rds, RDSInstanceName)
if PolicyId in instance_iam_auth:
responseCode, output = rdsinstance_iam_auth.run_remediation(
rds, RDSInstanceName)
if PolicyId in db_parameters:
responseCode, output = rdsinstance_updateparameters.run_remediation(
rds, RDSInstanceName)
except ClientError as e:
responseCode = 400
output = "Unable to remediate RDS Instance: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate RDS Instance: " + str(e)
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
common_policies = [
"S3bucketNoPublicAAUFull", "S3bucketNoPublicAAURead",
"S3bucketNoPublicAAUReadACP", "S3bucketNoPublicAAUWrite",
"S3bucketNoPublicAAUWriteACP", "S3notPublictoInternet",
"S3notPublicRead", "S3notPublicReadACP", "S3notPublicWrite",
"S3notPublicWriteACP"
]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
bucket_name = event["bucket"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
s3_client = boto3.client(
's3',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "S3EncryptionEnabled" in str(records):
try:
s3_put_bucket_encryption.run_remediation(
s3_client, bucket_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "S3VersioningEnabled" in str(records):
try:
s3_put_bucket_versioning.run_remediation(
s3_client, bucket_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(common_policies).intersection(set(records)):
try:
s3_put_bucket_acl.run_remediation(s3_client, bucket_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + bucket_name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + bucket_name)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
bucket_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
s3_client = boto3.client(
's3',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print("Error:" + str(e))
return {'statusCode': 400, 'body': ("Error:" + str(e))}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': ("Error:" + str(e))}
try:
if PolicyId == "S3EncryptionEnabled":
responseCode, output = s3_put_bucket_encryption.run_remediation(
s3_client, bucket_name)
if PolicyId == "S3VersioningEnabled":
responseCode, output = s3_put_bucket_versioning.run_remediation(
s3_client, bucket_name)
if PolicyId in str(common_policies):
responseCode, output = s3_put_bucket_acl.run_remediation(
s3_client, bucket_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate bucket: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate bucket: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
pass
try:
# Establish a session with the portal
iam_client = boto3.client(
'iam',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordRequiredNumber" in str(records):
try:
iam_require_numbers.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordUpCaseLetter" in str(records):
try:
iam_require_uppercaseletters.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordRequiredSymbols" in str(records):
try:
iam_require_symbols.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMRequireLowercaseLetter" in str(records):
try:
iam_require_lowercaseletters.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMMinPasswordLength" in str(records):
try:
iam_minimum_passwordlength.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMExpirePasswords" in str(records):
try:
iam_password_expiration.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "IAMPasswordReusePrevention" in str(records):
try:
iam_password_reuse.run_remediation(iam_client)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print("Remediated IAM policies")
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps("Remediated IAM policies")
}
else:
print("CN-portal triggered remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
# Establish a session with the portal
iam_client = boto3.client(
'iam',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
responseCode = 400
output = "Policies not configured"
if PolicyId == "IAMPasswordRequiredNumber":
responseCode, output = iam_require_numbers.run_remediation(
iam_client)
if PolicyId == "IAMPasswordUpCaseLetter":
responseCode, output = iam_require_uppercaseletters.run_remediation(
iam_client)
if PolicyId == "IAMPasswordRequiredSymbols":
responseCode, output = iam_require_symbols.run_remediation(
iam_client)
if PolicyId == "IAMRequireLowercaseLetter":
responseCode, output = iam_require_lowercaseletters.run_remediation(
iam_client)
if PolicyId == "IAMMinPasswordLength":
responseCode, output = iam_minimum_passwordlength.run_remediation(
iam_client)
if PolicyId == "IAMExpirePasswords":
responseCode, output = iam_password_expiration.run_remediation(
iam_client)
if PolicyId == "IAMPasswordReusePrevention":
responseCode, output = iam_password_reuse.run_remediation(
iam_client)
except ClientError as e:
responseCode = 400
output = "Unable to remediate IAM Policies: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate IAM Policies: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
neptune_name = event["NeptuneInstanceName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
neptune = boto3.client('neptune',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "NeptuneAutoMinorVersionUpgrade" in str(records):
try:
neptuneinstance_minorversionupgrade.run_remediation(
neptune, neptune_name)
print('remediated-' + neptune_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "NeptuneCpoyTagsToSnapshots" in str(records):
try:
neptuneinstance_copytagstosnapshot.run_remediation(
neptune, neptune_name)
print('remediated-' + neptune_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "NeptunePrivateAccess" in str(records):
try:
neptuneinstance_disable_public_access.run_remediation(
neptune, neptune_name)
print('remediated-' + neptune_name)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + neptune_name)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
neptune_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
neptune = boto3.client('neptune',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "NeptuneAutoMinorVersionUpgrade":
responseCode, output = neptuneinstance_minorversionupgrade.run_remediation(
neptune, neptune_name)
if PolicyId == "NeptuneCpoyTagsToSnapshots":
responseCode, output = neptuneinstance_copytagstosnapshot.run_remediation(
neptune, neptune_name)
if PolicyId == "NeptunePrivateAccess":
responseCode, output = neptuneinstance_disable_public_accessw.run_remediation(
neptune, neptune_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate neptune: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate neptune: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
deletion_protection = [
"AppLBDeletionProtection", "NetworkLBDeletionProtection"
]
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
LoadBalancerArn = event["LoadBalancerArn"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
elbv2 = boto3.client('elbv2',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if set(deletion_protection).intersection(set(records)):
try:
elbv2_deletionprotection.run_remediation(
elbv2, LoadBalancerArn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
print('remediated-' + LoadBalancerArn)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + LoadBalancerArn)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
LoadBalancerArn = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
elbv2 = boto3.client('elbv2',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId in deletion_protection:
responseCode, output = elbv2_deletionprotection.run_remediation(
elbv2, LoadBalancerArn)
except ClientError as e:
responseCode = 400
output = "Unable to remediate load balancer: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate load balancer: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region = event["Region"]
delivery_stream_name = event["StreamName"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
kinesis_firehose = boto3.client(
'firehose',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
if "KinesisFirehoseEncryption" in str(records):
try:
kinesis_firehose_default_encryption.run_remediation(
kinesis_firehose, delivery_stream_name)
print('remediated-' + delivery_stream_name)
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + delivery_stream_name)
}
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(
role_arn)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
delivery_stream_name = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
kinesis_firehose = boto3.client(
'firehose',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token,
region_name=Region)
except ClientError as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
except Exception as e:
print(e)
return {'statusCode': 400, 'body': str(e)}
try:
if PolicyId == "KinesisFirehoseEncryption":
responseCode, output = kinesis_firehose_default_encryption.run_remediation(
kinesis_firehose, delivery_stream_name)
except ClientError as e:
responseCode = 400
output = "Unable to remediate kinesis firehose: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate kinesis firehose: " + str(e)
# returning the output Array in json format
return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context):
global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region
try:
PolicyId = json.loads(event["body"])["PolicyId"]
except:
PolicyId = ''
pass
if not PolicyId:
print("Executing auto-remediation")
try: # common code
CustAccID, role_arn = common.getRoleArn_cwlogs(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region = event["Region"]
Instance_ID = event["InstanceID"]
records_json = json.loads(event["policies"])
records = records_json["RemediationPolicies"]
except:
Region = ""
try:
# Establish a session with the portal
ec2 = boto3.client('ec2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "EC2MonitoringState" in str(records):
try:
ec2_detailed_monitoring.run_remediation(ec2,Instance_ID)
print('remediated-' + Instance_ID)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
if "EC2TerminationProtection" in str(records):
try:
ec2_termination_protection.run_remediation(ec2,Instance_ID)
print('remediated-' + Instance_ID)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
#returning the output Array in json format
return {
'statusCode': 200,
'body': json.dumps('remediated-' + Instance_ID)
}
else:
print("CN-portal triggered remediation")
try:
CustAccID, role_arn = common.getRoleArn(event)
aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
Region_name = json.loads(event["body"])["Region"]
Region = common.getRegionName(Region_name)
Instance_ID = json.loads(event["body"])["ResourceName"]
except:
Region = ""
try:
# Establish a session with the portal
ec2 = boto3.client('ec2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region)
except ClientError as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
except Exception as e:
print(e)
return {
'statusCode': 400,
'body': str(e)
}
try:
if PolicyId == "EC2MonitoringState":
responseCode,output = ec2_detailed_monitoring.run_remediation(ec2,Instance_ID)
if PolicyId == "EC2TerminationProtection":
responseCode,output = ec2_termination_protection.run_remediation(ec2,Instance_ID)
except ClientError as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
except Exception as e:
responseCode = 400
output = "Unable to remediate classic load balancer: " + str(e)
# returning the output Array in json format
return {
'statusCode': responseCode,
'body': output
}
