-
Notifications
You must be signed in to change notification settings - Fork 1
/
code.cft
73 lines (70 loc) · 2.09 KB
/
code.cft
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
---
AWSTemplateFormatVersion: "2010-09-09"
Description: "Provisions infrastructure for github.com/unbounce/paw"
Parameters:
IamRoleArn:
Type: String
Description: "ARN of the IAM for Lambda to use"
SlackWebhookUrl:
Type: "AWS::SSM::Parameter::Value<String>"
Description: "URL for the project's incoming webhook"
Default: "/paw/slack/incoming-webhook/url"
NoEcho: true
SlackChannels:
Type: CommaDelimitedList
Description: "Comma-delimited list of Slack channels to notify"
Default: "#security-alerts"
Resources:
EventRule:
Type: "AWS::Events::Rule"
Properties:
Description: "Watches for membership changes to privileged groups"
State: ENABLED
EventPattern:
source:
- "aws.iam"
detail-type:
- "AWS API Call via CloudTrail"
detail:
eventSource:
- "iam.amazonaws.com"
eventName:
- "AddUserToGroup"
- "RemoveUserFromGroup"
Targets:
- Id: !Ref LambdaFn
Arn: !GetAtt LambdaFn.Arn
LambdaPermission:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !GetAtt LambdaFn.Arn
Principal: "events.amazonaws.com"
SourceArn: !GetAtt EventRule.Arn
LambdaFn:
Type: "AWS::Lambda::Function"
Properties:
Code:
ZipFile: !Sub |
def lambda_handler(event, context):
print("Initial Lambda Python stub.")
print("Replace with real deployment package.")
Description: "Notifies Slack of privileged group membership changes"
Handler: "index.lambda_handler"
Role: !Ref IamRoleArn
MemorySize: 128 # MB
Runtime: "go1.x"
Timeout: 60 # seconds
Environment:
Variables:
SLACK_WEBHOOK_URL: !Ref SlackWebhookUrl
SLACK_CHANNELS:
Fn::Join:
- ","
- !Ref SlackChannels
Outputs:
LambdaFunctionArn:
Value: !GetAtt LambdaFn.Arn
Description: "ARN of the Lambda function that notifies Slack"
Export:
Name: "paw:lambda:function:arn"