Comments (5)
defvol
commented on September 26, 2024
Started w some basic layout here 5a60a32
from deprecated-patrol-rules-aws.
ianshward
commented on September 26, 2024
Looking 👌 @rodowi. In case you hadn't seen it yet, once you add S3 store, you can add the IAM permissions needed for that via the statements property in the rule. This is discussed briefly in the [rule spec](https://github.com/mapbox/lambda-cfn/blob/master/RULE-SPEC.md and there's an example of it in this security-group auditing rule PR https://github.com/mapbox/patrol-rules-aws/pull/50/files#diff-9d1601b3d15acbe65755888f9e351821R13
from deprecated-patrol-rules-aws.
defvol
commented on September 26, 2024
awesome!
in this case, we would want to s3 permissions on a specific bucket, could this be a Ref to one of the Parameters defined before:
see deviceHistory:
name: 'loginFromNewDevice',
sourcePath: 'rules/loginFromNewDevice.js',
parameters: {
deviceHistory: {
Type: 'String',
Description: 'ARN of S3 bucket for storing a list of known devices'
}
},
statements: [
{
Effect: 'Allow',
Action: [
's3:GetObject'
],
Resource: { 'Ref': 'deviceHistory' }
}
],from deprecated-patrol-rules-aws.
ianshward
commented on September 26, 2024
Resource: { 'Ref': 'deviceHistory' }
I believe that will work. Here's the relevant code in lambda-cfn which handles interpreting the statements https://github.com/mapbox/lambda-cfn/blob/2dc4d70924fa50cf2369705aee7b4c4b75ddfcc6/lib/lambda-cfn.js#L928-L954
from deprecated-patrol-rules-aws.
ianshward
commented on September 26, 2024
@zmully will deviceHistory get namespaced (prefixed) with loginFromNewDevice ?
from deprecated-patrol-rules-aws.
Related Issues (20)
- Use CloudTrail events for Trusted Advisor checks HOT 1
- Update .eslintrc HOT 1
- TypeError: Cannot read property 'roleArn' of null HOT 1
- Output entire event JSON for CloudFront rule HOT 1
- SNS based rules HOT 1
- Parameterize lambda timeout and memorysize HOT 2
- Scheduled rules
- State storage
- Rule deletion HOT 1
- Reorganization HOT 1
- Are all error codes able to be ignored?
- Add scheduled state checks to IAM rules
- Rule on S3 bucket creation and deletion HOT 1
- Notify when a user signs in far from home
- Alarm on SSL certificate expiration
- Alarm on exposed access keys
- Alarm when private S3 files change to public
- policy statement is not always an array
- Trusted Advisor service limit check must be refreshed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deprecated-patrol-rules-aws.