def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region auto_pause = [ "AuroraServerlessScalingAutoPause", "AuroraPostgresServerlessScalingAutoPause" ] backup_retention = [ "AuroraBackup", "AuroraBackupTerm", "AuroraServerlessBackupTerm", "AuroraPostgresServerlessBackupTerm" ] copytagstosnapshots = [ "AuroraCopyTagsToSnapshot", "AuroraServerlessCopyTagsToSnapshot", "AuroraPostgresServerlessCopyTagsToSnapshot" ] deletion_protection = [ "AuroraDeleteProtection", "AuroraServerlessDeleteProtection", "AuroraPostgresServerlessDeleteProtection" ] try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass #region CW Call if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print("assume-role" + str(e)) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] RDSClusterName = event["RDSClusterName"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: rds = boto3.client('rds', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print("rds-client" + str(e)) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(auto_pause).intersection(set(records)): try: rdscluster_autopause.run_remediation(rds, RDSClusterName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(backup_retention).intersection(set(records)): try: rdscluster_backupretention.run_remediation(rds, RDSClusterName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(copytagstosnapshots).intersection(set(records)): try: rdscluster_copytagstosnapshot.run_remediation( rds, RDSClusterName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(deletion_protection).intersection(set(records)): try: rdscluster_deletion_protection.run_remediation( rds, RDSClusterName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} print('remediated-' + RDSClusterName) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + RDSClusterName) } #endregion #region Portal Call else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) RDSClusterName = json.loads(event["body"])["ResourceName"] except: Region = "" try: rds = boto3.client('rds', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId in auto_pause: responseCode, output = rdscluster_autopause.run_remediation( rds, RDSClusterName) if PolicyId in backup_retention: responseCode, output = rdscluster_backupretention.run_remediation( rds, RDSClusterName) if PolicyId in copytagstosnapshots: responseCode, output = rdscluster_copytagstosnapshot.run_remediation( rds, RDSClusterName) if PolicyId in deletion_protection: responseCode, output = rdscluster_deletion_protection.run_remediation( rds, RDSClusterName) except ClientError as e: responseCode = 400 output = "Unable to remediate RDS cluster: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate RDS cluster: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region snapshot_access = ["RDSSnapshotNoPublicAccess"] try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass #region CW Call if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print("assume-role" + str(e)) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] RDSSnapshotName = event["RDSSnapshotName"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: rds = boto3.client('rds', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print("rds-client" + str(e)) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(snapshot_access).intersection(set(records)): try: rdssnapshot_access.run_remediation(rds, RDSSnapshotName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} print('remediated-' + RDSSnapshotName) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + RDSSnapshotName) } #endregion #region Portal Call else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) RDSSnapshotName = json.loads(event["body"])["ResourceName"] except: Region = "" try: rds = boto3.client('rds', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId in snapshot_access: responseCode, output = rdssnapshot_access.run_remediation( rds, RDSSnapshotName) except ClientError as e: responseCode = 400 output = "Unable to remediate RDS cluster: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate RDS cluster: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region = event["Region"] EKSClusterName = event["EKSClusterName"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal eks = boto3.client('eks', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "EKSClusterLogging" in str(records): try: eks_controlplanlogging.run_remediation(eks,EKSClusterName) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } print('remediated-' + EKSClusterName) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + EKSClusterName) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) EKSClusterName = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal eks = boto3.client('eks', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: if PolicyId == "EKSClusterLogging": responseCode,output = eks_controlplanlogging.run_remediation(eks,EKSClusterName) except ClientError as e: responseCode = 400 output = "Unable to remediate EKS Cluster: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate EKS Cluster: " + str(e) # returning the output Array in json format return { 'statusCode': responseCode, 'body': output }
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region = event["Region"] docdb_clustername = event["DocdbClusterName"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal docdb = boto3.client('docdb', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "DocDBDeletionProtection" in str(records): try: docdbcluster_deletion_protection.run_remediation(docdb,docdb_clustername) print('remediated-' + docdb_clustername) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "DocDBBackupRetentionPeriod" in str(records): try: docdbcluster_backup_retention.run_remediation(docdb,docdb_clustername) print('remediated-' + docdb_clustername) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "DocDBCloudWatchLogsEnabled" in str(records): try: docdbcluster_logexport.run_remediation(docdb,docdb_clustername) print('remediated-' + docdb_clustername) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + docdb_clustername) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) docdb_clustername = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal docdb = boto3.client('docdb', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: if PolicyId == "DocDBBackupRetentionPeriod": responseCode,output = docdbcluster_backup_retention.run_remediation(docdb,docdb_clustername) if PolicyId == "DocDBCloudWatchLogsEnabled": responseCode,output = docdbcluster_logexport.run_remediation(docdb,docdb_clustername) if PolicyId == "DocDBDeletionProtection": responseCode,output = docdbcluster_deletion_protection.run_remediation(docdb,docdb_clustername) except ClientError as e: responseCode = 400 output = "Unable to remediate docdb cluster: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate docdb cluster: " + str(e) # returning the output Array in json format return { 'statusCode': responseCode, 'body': output }
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] queue_url = event["QueueUrl"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal sqs = boto3.client('sqs', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "SQSSSEEnabled" in str(records): try: sqs_enable_sse.run_remediation(sqs, queue_url) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} print('remediated-' + queue_url) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + queue_url) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) queue_name = json.loads(event["body"])["ResourceName"] queue_url = "https://sqs." + Region_name + ".amazonaws.com/" + CustAccID + "/" + queue_name except: Region = "" try: # Establish a session with the portal sqs = boto3.client('sqs', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: # Create KMS client kms = boto3.client('kms', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId == "SQSSSEEnabled": responseCode, output = sqs_enable_sse.run_remediation( sqs, queue_url) except ClientError as e: responseCode = 400 output = "Unable to remediate sqs queue : " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate sqs queue : " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region = event["Region"] redshift_name = event["redshift"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal redshift = boto3.client('redshift', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "RedShiftNotPublic" in str(records): try: redshift_not_public.run_remediation(redshift,redshift_name) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "RedShiftVersionUpgrade" in str(records): try: redshift_autoversionupgrade.run_remediation(redshift,redshift_name) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "RedShiftAutomatedSnapshot" in str(records): try: redshift_automatic_retention.run_remediation(redshift,redshift_name) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } print('remediated-' + redshift_name) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + redshift_name) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) redshift_name = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal redshift = boto3.client('redshift', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: if PolicyId == "RedShiftNotPublic": responseCode,output = redshift_not_public.run_remediation(redshift,redshift_name) if PolicyId == "RedShiftVersionUpgrade": responseCode,output = redshift_autoversionupgrade.run_remediation(redshift,redshift_name) if PolicyId == "RedShiftAutomatedSnapshot": responseCode,output = redshift_automatic_retention.run_remediation(redshift,redshift_name) except ClientError as e: responseCode = 400 output = "Unable to remediate redshift: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate redshift: " + str(e) # returning the output Array in json format return { 'statusCode': responseCode, 'body': output }
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] FileSystemId = event["FileSystemId"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal fsx = boto3.client('fsx', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "AWSFSxBackupRetentionPeriod7Days" in str( records) or "AWSFSxBackupRetentionPeriod" in str(records): try: fsx_windows_backup_retention.run_remediation(fsx, FileSystemId) print('remediated-' + FileSystemId) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + FileSystemId) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) FileSystemId = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal fsx = boto3.client('fsx', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId in [ "AWSFSxBackupRetentionPeriod7Days", "AWSFSxBackupRetentionPeriod" ]: responseCode, output = fsx_windows_backup_retention.run_remediation( fsx, FileSystemId) except ClientError as e: responseCode = 400 output = "Unable to remediate fsx: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate fsx: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region = event["Region"] ConfigRoleARN = event["ConfigRoleARN"] Name = event["Name"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal config = boto3.client('config', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "ConfigCaptureGlobalResources" in str(records): try: config_include_global_resources.run_remediation(config,ConfigRoleARN,Name) print('remediated-' + Name) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + Name) } except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) ConfigRoleARN = '' Name = '' except: Region = "" try: # Establish a session with the portal config = boto3.client('config', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: if PolicyId == "ConfigCaptureGlobalResources": responseCode,output = config_include_global_resources.run_remediation(config,ConfigRoleARN,Name) except ClientError as e: responseCode = 400 output = "Unable to remediate classic load balancer: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate classic load balancer: " + str(e) # returning the output Array in json format return { 'statusCode': responseCode, 'body': output }
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] Trail = event["Trail"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal cloudtrail_client = boto3.client( 'cloudtrail', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "CTMultiRegionTrail" in str(records): try: cloudtrail_enable_multi_region_trail.run_remediation( cloudtrail_client, Trail) print('remediated-' + Trail) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "CTLogFileValidation" in str(records): try: cloudtrail_enable_log_file_validation.run_remediation( cloudtrail_client, Trail) print('remediated-' + Trail) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "CTIsLogging" in str(records): try: cloudtrail_enable_trail_logging.run_remediation( cloudtrail_client, Trail) print('remediated-' + Trail) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} #returning the output Array in json format return {'statusCode': 200, 'body': json.dumps('remediated-' + Trail)} else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) Trail = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal cloudtrail_client = boto3.client( 'cloudtrail', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId == "CTMultiRegionTrail": responseCode, output = cloudtrail_enable_multi_region_trail.run_remediation( cloudtrail_client, Trail) except ClientError as e: responseCode = 400 output = "Unable to remediate Cloudtrail: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate Cloudtrail: " + str(e) try: if PolicyId == "CTLogFileValidation": responseCode, output = cloudtrail_enable_log_file_validation.run_remediation( cloudtrail_client, Trail) except ClientError as e: responseCode = 400 output = "Unable to remediate Cloudtrail: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate Cloudtrail: " + str(e) try: if PolicyId == "CTIsLogging": responseCode, output = cloudtrail_enable_trail_logging.run_remediation( cloudtrail_client, Trail) except ClientError as e: responseCode = 400 output = "Unable to remediate Cloudtrail: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate Cloudtrail: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region backup_retention = [ "SQLBackup", "SQLBackupTerm", "MariadbBackup", "MariadbBackupTerm", "OracleBackup", "OracleBackupTerm", "SQLServerBackup", "SQLServerBackupTerm", "MySQLBackup", "MySQLBackupTerm" ] copytagstosnapshot = [ "SQLCopyTagsToSnapshot", "MariadbCopyTagsToSnapshot", "OracleCopyTagsToSnapshot", "SQLServerCopyTagsToSnapshot", "MySQLCopyTagsToSnapshot" ] deletion_protection = [ "SQLDeletionProtection", "MariadbDeletionProtection", "OracleDeletionProtection", "SQLServerDeletionProtection", "MySQLDeletionProtection" ] disable_public_access = [ "SQLPrivateInstance", "MariadbPrivateInstance", "OraclePrivateInstance", "SQLServerPrivateInstance", "AuroraInstancePrivateInstance", "MySQLPrivateInstance" ] minor_version = [ "SQLVersionUpgrade", "MariadbVersionUpgrade", "OracleVersionUpgrade", "SQLServerVersionUpgrade", "AuroraInstanceVersionUpgrade", "MySQLVersionUpgrade" ] multiaz = [ "SQLMultiAZEnabled", "MariadbMultiAZEnabled", "OracleMultiAZEnabled", "SQLServerMultiAZEnabled", "MySQLMultiAZEnabled" ] performance_insights = [ "SQLPerformanceInsights", "MariadbPerformanceInsights", "OraclePerformanceInsights", "SQLServerPerformanceInsights", "AuroraInstancePerformanceInsights", "MySQLPerformanceInsights" ] instance_logexport = [ "MySQLlogExport", "MariadblogExport", "OraclelogExport" ] instance_iam_auth = ["SQLIAMAuthEnabled", "MySQLIAMAuthEnabled"] db_parameters = ["MySQLBlockEncryption", "MySQLEnableFIPS"] try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass #region CW Call if not PolicyId: try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] RDSInstanceName = event["RDSInstanceName"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: rds = boto3.client('rds', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(backup_retention).intersection(set(records)): try: rdsinstance_backupretention.run_remediation( rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(copytagstosnapshot).intersection(set(records)): try: rdsinstance_copytagstosnapshot.run_remediation( rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(deletion_protection).intersection(set(records)): try: rdsinstance_deletion_protection.run_remediation( rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(disable_public_access).intersection(set(records)): try: rdsinstance_disable_public_access.run_remediation( rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(minor_version).intersection(set(records)): try: rdsinstance_minorversionupgrade.run_remediation( rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(performance_insights).intersection(set(records)): try: rdsinstance_performanceinsights.run_remediation( rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(instance_logexport).intersection(set(records)): try: rdsinstance_logsenabled.run_remediation(rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(instance_iam_auth).intersection(set(records)): try: rdsinstance_iam_auth.run_remediation(rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(db_parameters).intersection(set(records)): try: rdsinstance_updateparameters.run_remediation( rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(multiaz).intersection(set(records)): try: rdsinstance_multizone.run_remediation(rds, RDSInstanceName) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} print('remediated-' + RDSInstanceName) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + RDSInstanceName) } #endregion #region Portal Call else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) RDSInstanceName = json.loads(event["body"])["ResourceName"] except: Region = "" try: rds = boto3.client('rds', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId in backup_retention: responseCode, output = rdsinstance_backupretention.run_remediation( rds, RDSInstanceName) if PolicyId in copytagstosnapshot: responseCode, output = rdsinstance_copytagstosnapshot.run_remediation( rds, RDSInstanceName) if PolicyId in deletion_protection: responseCode, output = rdsinstance_deletion_protection.run_remediation( rds, RDSInstanceName) if PolicyId in disable_public_access: responseCode, output = rdsinstance_disable_public_access.run_remediation( rds, RDSInstanceName) if PolicyId in minor_version: responseCode, output = rdsinstance_minorversionupgrade.run_remediation( rds, RDSInstanceName) if PolicyId in multiaz: responseCode, output = rdsinstance_multizone.run_remediation( rds, RDSInstanceName) if PolicyId in performance_insights: responseCode, output = rdsinstance_performanceinsights.run_remediation( rds, RDSInstanceName) if PolicyId in instance_logexport: responseCode, output = rdsinstance_logsenabled.run_remediation( rds, RDSInstanceName) if PolicyId in instance_iam_auth: responseCode, output = rdsinstance_iam_auth.run_remediation( rds, RDSInstanceName) if PolicyId in db_parameters: responseCode, output = rdsinstance_updateparameters.run_remediation( rds, RDSInstanceName) except ClientError as e: responseCode = 400 output = "Unable to remediate RDS Instance: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate RDS Instance: " + str(e) return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region common_policies = [ "S3bucketNoPublicAAUFull", "S3bucketNoPublicAAURead", "S3bucketNoPublicAAUReadACP", "S3bucketNoPublicAAUWrite", "S3bucketNoPublicAAUWriteACP", "S3notPublictoInternet", "S3notPublicRead", "S3notPublicReadACP", "S3notPublicWrite", "S3notPublicWriteACP" ] try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] bucket_name = event["bucket"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal s3_client = boto3.client( 's3', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "S3EncryptionEnabled" in str(records): try: s3_put_bucket_encryption.run_remediation( s3_client, bucket_name) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "S3VersioningEnabled" in str(records): try: s3_put_bucket_versioning.run_remediation( s3_client, bucket_name) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(common_policies).intersection(set(records)): try: s3_put_bucket_acl.run_remediation(s3_client, bucket_name) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} print('remediated-' + bucket_name) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + bucket_name) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) bucket_name = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal s3_client = boto3.client( 's3', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token) except ClientError as e: print("Error:" + str(e)) return {'statusCode': 400, 'body': ("Error:" + str(e))} except Exception as e: print(e) return {'statusCode': 400, 'body': ("Error:" + str(e))} try: if PolicyId == "S3EncryptionEnabled": responseCode, output = s3_put_bucket_encryption.run_remediation( s3_client, bucket_name) if PolicyId == "S3VersioningEnabled": responseCode, output = s3_put_bucket_versioning.run_remediation( s3_client, bucket_name) if PolicyId in str(common_policies): responseCode, output = s3_put_bucket_acl.run_remediation( s3_client, bucket_name) except ClientError as e: responseCode = 400 output = "Unable to remediate bucket: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate bucket: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: pass try: # Establish a session with the portal iam_client = boto3.client( 'iam', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "IAMPasswordRequiredNumber" in str(records): try: iam_require_numbers.run_remediation(iam_client) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "IAMPasswordUpCaseLetter" in str(records): try: iam_require_uppercaseletters.run_remediation(iam_client) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "IAMPasswordRequiredSymbols" in str(records): try: iam_require_symbols.run_remediation(iam_client) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "IAMRequireLowercaseLetter" in str(records): try: iam_require_lowercaseletters.run_remediation(iam_client) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "IAMMinPasswordLength" in str(records): try: iam_minimum_passwordlength.run_remediation(iam_client) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "IAMExpirePasswords" in str(records): try: iam_password_expiration.run_remediation(iam_client) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "IAMPasswordReusePrevention" in str(records): try: iam_password_reuse.run_remediation(iam_client) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} print("Remediated IAM policies") #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps("Remediated IAM policies") } else: print("CN-portal triggered remediation") try: # common code CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: # Establish a session with the portal iam_client = boto3.client( 'iam', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: responseCode = 400 output = "Policies not configured" if PolicyId == "IAMPasswordRequiredNumber": responseCode, output = iam_require_numbers.run_remediation( iam_client) if PolicyId == "IAMPasswordUpCaseLetter": responseCode, output = iam_require_uppercaseletters.run_remediation( iam_client) if PolicyId == "IAMPasswordRequiredSymbols": responseCode, output = iam_require_symbols.run_remediation( iam_client) if PolicyId == "IAMRequireLowercaseLetter": responseCode, output = iam_require_lowercaseletters.run_remediation( iam_client) if PolicyId == "IAMMinPasswordLength": responseCode, output = iam_minimum_passwordlength.run_remediation( iam_client) if PolicyId == "IAMExpirePasswords": responseCode, output = iam_password_expiration.run_remediation( iam_client) if PolicyId == "IAMPasswordReusePrevention": responseCode, output = iam_password_reuse.run_remediation( iam_client) except ClientError as e: responseCode = 400 output = "Unable to remediate IAM Policies: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate IAM Policies: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] neptune_name = event["NeptuneInstanceName"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal neptune = boto3.client('neptune', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "NeptuneAutoMinorVersionUpgrade" in str(records): try: neptuneinstance_minorversionupgrade.run_remediation( neptune, neptune_name) print('remediated-' + neptune_name) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "NeptuneCpoyTagsToSnapshots" in str(records): try: neptuneinstance_copytagstosnapshot.run_remediation( neptune, neptune_name) print('remediated-' + neptune_name) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "NeptunePrivateAccess" in str(records): try: neptuneinstance_disable_public_access.run_remediation( neptune, neptune_name) print('remediated-' + neptune_name) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + neptune_name) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) neptune_name = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal neptune = boto3.client('neptune', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId == "NeptuneAutoMinorVersionUpgrade": responseCode, output = neptuneinstance_minorversionupgrade.run_remediation( neptune, neptune_name) if PolicyId == "NeptuneCpoyTagsToSnapshots": responseCode, output = neptuneinstance_copytagstosnapshot.run_remediation( neptune, neptune_name) if PolicyId == "NeptunePrivateAccess": responseCode, output = neptuneinstance_disable_public_accessw.run_remediation( neptune, neptune_name) except ClientError as e: responseCode = 400 output = "Unable to remediate neptune: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate neptune: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region deletion_protection = [ "AppLBDeletionProtection", "NetworkLBDeletionProtection" ] try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] LoadBalancerArn = event["LoadBalancerArn"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal elbv2 = boto3.client('elbv2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if set(deletion_protection).intersection(set(records)): try: elbv2_deletionprotection.run_remediation( elbv2, LoadBalancerArn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} print('remediated-' + LoadBalancerArn) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + LoadBalancerArn) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) LoadBalancerArn = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal elbv2 = boto3.client('elbv2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId in deletion_protection: responseCode, output = elbv2_deletionprotection.run_remediation( elbv2, LoadBalancerArn) except ClientError as e: responseCode = 400 output = "Unable to remediate load balancer: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate load balancer: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region = event["Region"] delivery_stream_name = event["StreamName"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal kinesis_firehose = boto3.client( 'firehose', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} if "KinesisFirehoseEncryption" in str(records): try: kinesis_firehose_default_encryption.run_remediation( kinesis_firehose, delivery_stream_name) print('remediated-' + delivery_stream_name) #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + delivery_stream_name) } except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials( role_arn) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) delivery_stream_name = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal kinesis_firehose = boto3.client( 'firehose', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, aws_session_token=aws_session_token, region_name=Region) except ClientError as e: print(e) return {'statusCode': 400, 'body': str(e)} except Exception as e: print(e) return {'statusCode': 400, 'body': str(e)} try: if PolicyId == "KinesisFirehoseEncryption": responseCode, output = kinesis_firehose_default_encryption.run_remediation( kinesis_firehose, delivery_stream_name) except ClientError as e: responseCode = 400 output = "Unable to remediate kinesis firehose: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate kinesis firehose: " + str(e) # returning the output Array in json format return {'statusCode': responseCode, 'body': output}
def lambda_handler(event, context): global aws_access_key_id, aws_secret_access_key, aws_session_token, CustAccID, Region try: PolicyId = json.loads(event["body"])["PolicyId"] except: PolicyId = '' pass if not PolicyId: print("Executing auto-remediation") try: # common code CustAccID, role_arn = common.getRoleArn_cwlogs(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region = event["Region"] Instance_ID = event["InstanceID"] records_json = json.loads(event["policies"]) records = records_json["RemediationPolicies"] except: Region = "" try: # Establish a session with the portal ec2 = boto3.client('ec2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "EC2MonitoringState" in str(records): try: ec2_detailed_monitoring.run_remediation(ec2,Instance_ID) print('remediated-' + Instance_ID) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } if "EC2TerminationProtection" in str(records): try: ec2_termination_protection.run_remediation(ec2,Instance_ID) print('remediated-' + Instance_ID) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } #returning the output Array in json format return { 'statusCode': 200, 'body': json.dumps('remediated-' + Instance_ID) } else: print("CN-portal triggered remediation") try: CustAccID, role_arn = common.getRoleArn(event) aws_access_key_id, aws_secret_access_key, aws_session_token = common.getCredentials(role_arn) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: Region_name = json.loads(event["body"])["Region"] Region = common.getRegionName(Region_name) Instance_ID = json.loads(event["body"])["ResourceName"] except: Region = "" try: # Establish a session with the portal ec2 = boto3.client('ec2', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key,aws_session_token=aws_session_token,region_name=Region) except ClientError as e: print(e) return { 'statusCode': 400, 'body': str(e) } except Exception as e: print(e) return { 'statusCode': 400, 'body': str(e) } try: if PolicyId == "EC2MonitoringState": responseCode,output = ec2_detailed_monitoring.run_remediation(ec2,Instance_ID) if PolicyId == "EC2TerminationProtection": responseCode,output = ec2_termination_protection.run_remediation(ec2,Instance_ID) except ClientError as e: responseCode = 400 output = "Unable to remediate classic load balancer: " + str(e) except Exception as e: responseCode = 400 output = "Unable to remediate classic load balancer: " + str(e) # returning the output Array in json format return { 'statusCode': responseCode, 'body': output }