Skip to content

Commit

Permalink
aws - cloudfront - support fetching with arns for trail mode (cloud-c…
Browse files Browse the repository at this point in the history 
…ustodian#7588)
  • Loading branch information
Harish Achappa authored Aug 10, 2022
1 parent 4f6b221 commit 0608738
Show file tree
Hide file tree
Showing 7 changed files with 469 additions and 2 deletions.
14 changes: 14 additions & 0 deletions c7n/resources/cloudfront.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from .aws import shape_validate
from c7n.exceptions import PolicyValidationError

from c7n.resources.aws import Arn
from c7n.resources.shield import IsShieldProtected, SetShieldProtection
from c7n.resources.securityhub import PostFinding

Expand All @@ -21,6 +22,19 @@ class DescribeDistribution(DescribeSource):
def augment(self, resources):
return universal_augment(self.manager, resources)

def get_resources(self, ids, cache=True):
results = []
distribution_ids = []
for i in ids:
# if we get cloudfront distribution arn, we pick distribution id
if i.startswith('arn:'):
distribution_ids.append(Arn.parse(i).resource)
else:
distribution_ids.append(i)
if distribution_ids:
results = super().get_resources(distribution_ids, cache)
return results


@resources.register('distribution')
class Distribution(QueryResourceManager):
Expand Down
62 changes: 62 additions & 0 deletions tests/data/cwe/event-cloud-trail-appelb-add-tags.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"version": "0",
"id": "5471314a-e675-32d7-2742-690d2d978102",
"detail-type": "AWS API Call via CloudTrail",
"source": "aws.elasticloadbalancing",
"account": "123456789123",
"time": "2022-07-13T20:07:38Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAVD4IK2M7GWZXER5DZ:HarishAchappa",
"arn": "arn:aws:sts::123456789123:assumed-role/c7nbot/HarishAchappa",
"accountId": "123456789123",
"accessKeyId": "ASIAVD4IK2M7LCL6FD6T",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAVD4IK2M7GWZXER5DZ",
"arn": "arn:aws:iam::123456789123:role/c7nbot",
"accountId": "123456789123",
"userName": "c7nbot"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-07-13T19:09:22Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-07-13T20:07:38Z",
"eventSource": "elasticloadbalancing.amazonaws.com",
"eventName": "AddTags",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "AWS Internal",
"requestParameters": {
"tags": [
{
"value": "Internal",
"key": "WAF"
}
],
"resourceArns": [
"arn:aws:elasticloadbalancing:us-east-1:123456789123:loadbalancer/app/test/433ae0ba96204181"
]
},
"responseElements": null,
"requestID": "fe506154-00a9-4a09-84f7-d63cae6ebd1f",
"eventID": "e9f72371-5fc5-48fc-999d-462e13fdc6bd",
"readOnly": false,
"eventType": "AwsApiCall",
"apiVersion": "2015-12-01",
"managementEvent": true,
"recipientAccountId": "123456789123",
"eventCategory": "Management",
"sessionCredentialFromConsole": "true"
},
"debug": true
}
262 changes: 262 additions & 0 deletions tests/data/cwe/event-cloud-trail-create-distribution.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
{
"version": "0",
"id": "93a7a030-e28a-6aa0-a35c-7bdbca54b7f6",
"detail-type": "AWS API Call via CloudTrail",
"source": "aws.cloudfront",
"account": "012345678912",
"time": "2022-07-13T18:09:19Z",
"region": "us-east-1",
"resources": [],
"detail": {
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAVD4IK2M7GWZXER5DZ:HarishAchappa",
"arn": "arn:aws:sts::012345678912:assumed-role/c7nbot/HarishAchappa",
"accountId": "012345678912",
"accessKeyId": "ASIAVD4IK2M7C6RULHH3",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAVD4IK2M7GWZXER5DZ",
"arn": "arn:aws:iam::012345678912:role/c7nbot",
"accountId": "012345678912",
"userName": "c7nbot"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-07-13T17:55:21Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-07-13T18:09:19Z",
"eventSource": "cloudfront.amazonaws.com",
"eventName": "CreateDistribution",
"awsRegion": "us-east-1",
"sourceIPAddress": "AWS Internal",
"userAgent": "AWS Internal",
"requestParameters": {
"distributionConfig": {
"origins": {
"quantity": 1,
"items": [
{
"connectionAttempts": 3,
"customHeaders": {
"items": [],
"quantity": 0
},
"domainName": "c7n-activeresponse-test-to-be-deleted.s3.us-east-1.amazonaws.com",
"connectionTimeout": 10,
"s3OriginConfig": {
"originAccessIdentity": ""
},
"originShield": {
"enabled": false
},
"originPath": "",
"id": "c7n-activeresponse-test-to-be-deleted.s3.us-east-1.amazonaws.com"
}
]
},
"aliases": {
"items": [],
"quantity": 0
},
"defaultCacheBehavior": {
"functionAssociations": {
"quantity": 0,
"items": []
},
"lambdaFunctionAssociations": {
"items": [],
"quantity": 0
},
"fieldLevelEncryptionId": "",
"trustedSigners": {
"items": [],
"enabled": false,
"quantity": 0
},
"trustedKeyGroups": {
"enabled": false,
"quantity": 0,
"items": []
},
"cachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"allowedMethods": {
"items": [
"GET",
"HEAD"
],
"quantity": 2,
"cachedMethods": {
"items": [
"GET",
"HEAD"
],
"quantity": 2
}
},
"smoothStreaming": false,
"targetOriginId": "c7n-activeresponse-test-to-be-deleted.s3.us-east-1.amazonaws.com",
"viewerProtocolPolicy": "allow-all",
"compress": true
},
"callerReference": "9c8970c1-b26e-4131-b3cf-985880574e96",
"defaultRootObject": "",
"enabled": true,
"httpVersion": "http2",
"comment": "HIDDEN_DUE_TO_SECURITY_REASONS",
"logging": {
"includeCookies": false,
"prefix": "",
"bucket": "",
"enabled": false
},
"isIPV6Enabled": true,
"viewerCertificate": {
"cloudFrontDefaultCertificate": true,
"minimumProtocolVersion": "TLSv1"
},
"priceClass": "PriceClass_All",
"originGroups": {
"quantity": 0,
"items": []
}
}
},
"responseElements": {
"location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E53370FUHBNLK",
"eTag": "E3DFGD1PHNLYY3",
"distribution": {
"aRN": "arn:aws:cloudfront::012345678912:distribution/E53370FUHBNLK",
"id": "E53370FUHBNLK",
"lastModifiedTime": "Jul 13, 2022 6:09:18 PM",
"activeTrustedSigners": {
"quantity": 0,
"enabled": false
},
"domainName": "d1bftvz1j2jyjs.cloudfront.net",
"activeTrustedKeyGroups": {
"quantity": 0,
"enabled": false
},
"inProgressInvalidationBatches": 0,
"status": "InProgress",
"distributionConfig": {
"origins": {
"quantity": 1,
"items": [
{
"connectionAttempts": 3,
"customHeaders": {
"quantity": 0
},
"oacSigningBehavior": "never",
"domainName": "c7n-activeresponse-test-to-be-deleted.s3.us-east-1.amazonaws.com",
"connectionTimeout": 10,
"s3OriginConfig": {
"originAccessIdentity": ""
},
"originShield": {
"enabled": false
},
"originAccessControlId": "",
"originPath": "",
"id": "c7n-activeresponse-test-to-be-deleted.s3.us-east-1.amazonaws.com"
}
]
},
"aliases": {
"quantity": 0
},
"defaultCacheBehavior": {
"functionAssociations": {
"quantity": 0
},
"lambdaFunctionAssociations": {
"quantity": 0
},
"fieldLevelEncryptionId": "",
"trustedSigners": {
"enabled": false,
"quantity": 0
},
"trustedKeyGroups": {
"enabled": false,
"quantity": 0
},
"cachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"allowedMethods": {
"items": [
"HEAD",
"GET"
],
"quantity": 2,
"cachedMethods": {
"items": [
"HEAD",
"GET"
],
"quantity": 2
}
},
"smoothStreaming": false,
"targetOriginId": "c7n-activeresponse-test-to-be-deleted.s3.us-east-1.amazonaws.com",
"viewerProtocolPolicy": "allow-all",
"compress": true
},
"callerReference": "9c8970c1-b26e-4131-b3cf-985880574e96",
"staging": false,
"webACLId": "",
"defaultRootObject": "",
"customErrorResponses": {
"quantity": 0
},
"enabled": true,
"cacheBehaviors": {
"quantity": 0
},
"continuousDeploymentPolicyId": "",
"httpVersion": "http2",
"comment": "HIDDEN_DUE_TO_SECURITY_REASONS",
"restrictions": {
"geoRestriction": {
"restrictionType": "none",
"quantity": 0
}
},
"logging": {
"includeCookies": false,
"prefix": "",
"bucket": "",
"enabled": false
},
"isIPV6Enabled": true,
"viewerCertificate": {
"cloudFrontDefaultCertificate": true,
"certificateSource": "cloudfront",
"sSLSupportMethod": "vip",
"minimumProtocolVersion": "TLSv1"
},
"priceClass": "PriceClass_All",
"originGroups": {
"quantity": 0
}
}
}
},
"requestID": "5e3a89ec-4fb3-4407-a7a1-26e52122ca46",
"eventID": "a1474634-7457-45e1-bc0f-d47e7ad72f79",
"readOnly": false,
"eventType": "AwsApiCall",
"apiVersion": "2020_05_31",
"managementEvent": true,
"recipientAccountId": "012345678912",
"eventCategory": "Management",
"sessionCredentialFromConsole": "true"
},
"debug": true
}
Loading

0 comments on commit 0608738

Please sign in to comment.