diff --git a/arch/lza_extensions/customizations/GCGuardrailsRoles.yaml b/arch/lza_extensions/customizations/GCGuardrailsRoles.yaml index a067f342..07cefdfb 100644 --- a/arch/lza_extensions/customizations/GCGuardrailsRoles.yaml +++ b/arch/lza_extensions/customizations/GCGuardrailsRoles.yaml @@ -53,7 +53,6 @@ Resources: "arn:aws:sts::${AuditAccountID}:assumed-role/${RolePrefix}default_assessment_role/${OrganizationName}gc02_check_password_protection_mechanisms", "arn:aws:sts::${AuditAccountID}:assumed-role/${RolePrefix}default_assessment_role/${OrganizationName}gc02_check_privileged_roles_review", "arn:aws:sts::${AuditAccountID}:assumed-role/${RolePrefix}default_assessment_role/${OrganizationName}gc03_check_endpoint_access_config", - "arn:aws:sts::${AuditAccountID}:assumed-role/${RolePrefix}default_assessment_role/${OrganizationName}gc03_check_iam_cloudwatch_alarms", "arn:aws:sts::${AuditAccountID}:assumed-role/${RolePrefix}default_assessment_role/${OrganizationName}gc03_check_trusted_devices_admin_access", "arn:aws:sts::${AuditAccountID}:assumed-role/${RolePrefix}default_assessment_role/${OrganizationName}gc04_check_alerts_flag_misuse", "arn:aws:sts::${AuditAccountID}:assumed-role/${RolePrefix}default_assessment_role/${OrganizationName}gc04_check_enterprise_monitoring", diff --git a/arch/templates/AuditAccountPreRequisitesPart4.yaml b/arch/templates/AuditAccountPreRequisitesPart4.yaml index 85dcf16a..ba68dc21 100644 --- a/arch/templates/AuditAccountPreRequisitesPart4.yaml +++ b/arch/templates/AuditAccountPreRequisitesPart4.yaml @@ -269,24 +269,6 @@ Resources: Variables: DEFAULT_CLOUD_PROFILE: !Ref DefaultCloudProfile - GC03CheckIAMCloudWatchAlarmsLambda: - Condition: IsAuditAccount - Type: AWS::Lambda::Function - Properties: - FunctionName: !Sub "${OrganizationName}gc03_check_iam_cloudwatch_alarms" - Code: "../../src/lambda/gc03_check_iam_cloudwatch_alarms/build/GC03CheckIAMCloudWatchAlarmsLambda/" - Handler: app.lambda_handler - Role: !Sub "arn:aws:iam::${AuditAccountID}:role/${RolePrefix}default_assessment_role" - Runtime: !Ref PythonRuntime - Timeout: 180 - Layers: - - !Ref CloudGuardrailsCommonLayer - LoggingConfig: - LogGroup: !Sub "${OrganizationName}gc_guardrails" - LogFormat: "JSON" - Environment: - Variables: - DEFAULT_CLOUD_PROFILE: !Ref DefaultCloudProfile GC03CheckTrustedDevicesAdminAccessLambda: Condition: IsAuditAccount diff --git a/arch/templates/ConformancePack.yaml b/arch/templates/ConformancePack.yaml index d67fc6aa..c5b7c1e0 100644 --- a/arch/templates/ConformancePack.yaml +++ b/arch/templates/ConformancePack.yaml @@ -691,38 +691,6 @@ Resources: SourceDetails: - EventSource: "aws.config" MessageType: "ScheduledNotification" - GC03CheckIAMCloudWatchAlarmsConfigRule: - Type: "AWS::Config::ConfigRule" - Properties: - ConfigRuleName: gc03_check_iam_cloudwatch_alarms - Description: Confirms if the ASEA CloudWatch Alarms for Unauthorized IPs and Sign-in without MFA are enabled - InputParameters: - ExecutionRoleName: - Fn::If: - - GCLambdaExecutionRoleName - - Ref: GCLambdaExecutionRoleName - - Ref: AWS::NoValue - AuditAccountID: - Fn::If: - - auditAccountID - - Ref: AuditAccountID - - Ref: AWS::NoValue - AlarmList: !Ref GC03AlarmList - Scope: - ComplianceResourceTypes: - - AWS::Account - MaximumExecutionFrequency: TwentyFour_Hours - Source: - Owner: CUSTOM_LAMBDA - SourceIdentifier: - Fn::Join: - - "" - - - "arn:aws:lambda:ca-central-1:" - - Ref: AuditAccountID - - !Sub ":function:${OrganizationName}gc03_check_iam_cloudwatch_alarms" - SourceDetails: - - EventSource: "aws.config" - MessageType: "ScheduledNotification" GC03CheckTrustedDevicesAdminAccessConfigRule: Type: "AWS::Config::ConfigRule" Properties: diff --git a/cloudshell.zip b/cloudshell.zip index 7025da05..1ce32a14 100644 Binary files a/cloudshell.zip and b/cloudshell.zip differ diff --git a/doc/NOTES.md b/doc/NOTES.md index 7c0eec69..e271d9a6 100644 --- a/doc/NOTES.md +++ b/doc/NOTES.md @@ -129,7 +129,6 @@ Note: since both buckets are generated by the same lambda function, ensure to pr f"{organization_name}gc02_check_account_mgmt_plan": ["GC02CheckAccountManagementPlanLambda"], f"{organization_name}gc02_check_iam_password_policy": ["GC02CheckIAMPasswordPolicyLambda"], f"{organization_name}gc03_check_endpoint_access_config": ["GC03CheckEndpointAccessConfigLambda"], - f"{organization_name}gc03_check_iam_cloudwatch_alarms": ["GC03CheckIAMCloudWatchAlarmsLambda"], f"{organization_name}gc03_check_trusted_devices_admin_access": ["GC03CheckTrustedDevicesAdminAccessLambda"], f"{organization_name}gc04_check_enterprise_monitoring": ["GC04CheckEnterpriseMonitoringLambda"], f"{organization_name}gc05_check_data_location": ["GC05CheckDataLocationLambda"], @@ -277,28 +276,6 @@ The following lambdas (starting with gc(n)\_ prefix) are used as part of AWS Con - Testing Status: SUCCESS ✅ - Note: evaluation not recorded in AWS Config when there are no IAM users -## gc03_check_iam_cloudwatch_alarms - -- Hardcoded values (defaults) 🔥 - - ```py - def check_cloudwatch_alarms( - alarm_names=[ - "ASEA-AWS-IAM-Authentication-From-Unapproved-IP", - "ASEA-AWS-SSO-Authentication-From-Unapproved-IP", - "ASEA-AWS-Console-SignIn-Without-MFA", - ] - ): - ``` - -- Linting info - - Score 9.15/10 💡 - - Line Length >100 (mainly loggers) - - Unused arguments - - Global variables (from main handler method) -- Check against the Management Account -- Testing Status: SUCCESS ✅ - ## gc04_check_enterprise_monitoring - No hardcoding ✅ diff --git a/src/lambda/aws_auditmanager_resources_config_setup/audit_manager_custom_framework.py b/src/lambda/aws_auditmanager_resources_config_setup/audit_manager_custom_framework.py index 7a006ff4..77690db7 100644 --- a/src/lambda/aws_auditmanager_resources_config_setup/audit_manager_custom_framework.py +++ b/src/lambda/aws_auditmanager_resources_config_setup/audit_manager_custom_framework.py @@ -337,27 +337,6 @@ ], "tags": {}, }, - { - "type": "Custom", - "name": "gc03_check_iam_cloudwatch_alarms", - "description": "Confirm ASEA CloudWatch Alarms are configured for access from Unauthorized IP addresses and sign-in without MFA..Source: https://github.com/canada-ca/cloud-guardrails/blob/master/EN/03_Secure-Endpoints.md", - "testingInformation": "", - "actionPlanTitle": "Review CloudWatch Alarms", - "actionPlanInstructions": "Go to AWS CloudWatch Alarms, and ensure alarms have been configured as required.", - "controlSources": "AWS Config", - "controlMappingSources": [ - { - "sourceName": "CW-check", - "sourceSetUpOption": "System_Controls_Mapping", - "sourceType": "AWS_Config", - "sourceKeyword": { - "keywordInputType": "SELECT_FROM_LIST", - "keywordValue": "Custom_gc03_check_iam_cloudwatch_alarms-conformance-pack", - }, - } - ], - "tags": {}, - }, { "type": "Custom", "name": "gc03_check_trusted_devices_admin_access", diff --git a/src/lambda/aws_lambda_permissions_setup/app.py b/src/lambda/aws_lambda_permissions_setup/app.py index eda6d858..1566d273 100644 --- a/src/lambda/aws_lambda_permissions_setup/app.py +++ b/src/lambda/aws_lambda_permissions_setup/app.py @@ -85,7 +85,6 @@ def apply_lambda_permissions(): f"{organization_name}gc02_check_password_protection_mechanisms": ["GC02CheckPasswordProtectionMechanismsLambda"], f"{organization_name}gc02_check_privileged_roles_review": ["GC02CheckPrivilegedRolesReviewLambda"], f"{organization_name}gc03_check_endpoint_access_config": ["GC03CheckEndpointAccessConfigLambda"], - f"{organization_name}gc03_check_iam_cloudwatch_alarms": ["GC03CheckIAMCloudWatchAlarmsLambda"], f"{organization_name}gc03_check_trusted_devices_admin_access": ["GC03CheckTrustedDevicesAdminAccessLambda"], f"{organization_name}gc04_check_alerts_flag_misuse": ["GC04CheckAlertsFlagMisuseLambda"], f"{organization_name}gc04_check_enterprise_monitoring": ["GC04CheckEnterpriseMonitoringLambda"], diff --git a/src/lambda/gc03_check_iam_cloudwatch_alarms/.gitignore b/src/lambda/gc03_check_iam_cloudwatch_alarms/.gitignore deleted file mode 100644 index 4808264d..00000000 --- a/src/lambda/gc03_check_iam_cloudwatch_alarms/.gitignore +++ /dev/null @@ -1,244 +0,0 @@ - -# Created by https://www.gitignore.io/api/osx,linux,python,windows,pycharm,visualstudiocode - -### Linux ### -*~ - -# temporary files which can be created if a process still has a handle open of a deleted file -.fuse_hidden* - -# KDE directory preferences -.directory - -# Linux trash folder which might appear on any partition or disk -.Trash-* - -# .nfs files are created when an open file is removed but is still being accessed -.nfs* - -### OSX ### -*.DS_Store -.AppleDouble -.LSOverride - -# Icon must end with two \r -Icon - -# Thumbnails -._* - -# Files that might appear in the root of a volume -.DocumentRevisions-V100 -.fseventsd -.Spotlight-V100 -.TemporaryItems -.Trashes -.VolumeIcon.icns -.com.apple.timemachine.donotpresent - -# Directories potentially created on remote AFP share -.AppleDB -.AppleDesktop -Network Trash Folder -Temporary Items -.apdisk - -### PyCharm ### -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# User-specific stuff: -.idea/**/workspace.xml -.idea/**/tasks.xml -.idea/dictionaries - -# Sensitive or high-churn files: -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.xml -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml - -# Gradle: -.idea/**/gradle.xml -.idea/**/libraries - -# CMake -cmake-build-debug/ - -# Mongo Explorer plugin: -.idea/**/mongoSettings.xml - -## File-based project format: -*.iws - -## Plugin-specific files: - -# IntelliJ -/out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# Ruby plugin and RubyMine -/.rakeTasks - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -### PyCharm Patch ### -# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721 - -# *.iml -# modules.xml -# .idea/misc.xml -# *.ipr - -# Sonarlint plugin -.idea/sonarlint - -### Python ### -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -*.egg-info/ -.installed.cfg -*.egg - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.coverage -.coverage.* -.cache -.pytest_cache/ -nosetests.xml -coverage.xml -*.cover -.hypothesis/ - -# Translations -*.mo -*.pot - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# pyenv -.python-version - -# celery beat schedule file -celerybeat-schedule.* - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ - -### VisualStudioCode ### -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json -.history - -### Windows ### -# Windows thumbnail cache files -Thumbs.db -ehthumbs.db -ehthumbs_vista.db - -# Folder config file -Desktop.ini - -# Recycle Bin used on file shares -$RECYCLE.BIN/ - -# Windows Installer files -*.cab -*.msi -*.msm -*.msp - -# Windows shortcuts -*.lnk - -# Build folder - -*/build/* - -# End of https://www.gitignore.io/api/osx,linux,python,windows,pycharm,visualstudiocode \ No newline at end of file diff --git a/src/lambda/gc03_check_iam_cloudwatch_alarms/README.md b/src/lambda/gc03_check_iam_cloudwatch_alarms/README.md deleted file mode 100644 index 3da06e05..00000000 --- a/src/lambda/gc03_check_iam_cloudwatch_alarms/README.md +++ /dev/null @@ -1,47 +0,0 @@ -*This readme file was created by AWS Bedrock: anthropic.claude-v2* - -# app.py - -## Overview - -This is a lambda function that checks for the existence of specific CloudWatch alarms related to IAM and console login events. It is intended to run in the AWS management account and submit evaluations to AWS Config. - -## Main Functions - -- `lambda_handler` - The main entry point for the lambda function. It checks if this is a scheduled invocation, and if so, calls the alarm checking function. - -- `check_cloudwatch_alarms` - Checks if the specified CloudWatch alarms exist. Returns a compliance status and annotation. - -- `build_evaluation` - Builds an evaluation object to submit to AWS Config. - -- `get_client` - Gets a boto3 client, using STS assume role if needed. - -- `get_organizations_mgmt_account_id` - Calls Organizations to get the management account ID. - -- `is_scheduled_notification` - Checks if the invocation is a scheduled notification. - -- `evaluate_parameters` - Evaluates rule parameters. - -## Input Events - -- Lambda is triggered by AWS Config on a scheduled basis. -- Event contains account ID, region, invoking event, rule parameters etc. - -## Output - -- Evaluations are submitted to AWS Config using the PutEvaluations API. - -## Permissions Required - -- `organizations:DescribeOrganization` - To determine management account ID -- `cloudwatch:DescribeAlarms` - To check for existence of alarms -- `config:PutEvaluations` - To submit evaluations to AWS Config -- `sts:AssumeRole` - If assuming roles is enabled - -## Logging - -- Uses Python logging to log to CloudWatch Logs. - -## Testing - -No automated testing is included. diff --git a/src/lambda/gc03_check_iam_cloudwatch_alarms/__init__.py b/src/lambda/gc03_check_iam_cloudwatch_alarms/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/src/lambda/gc03_check_iam_cloudwatch_alarms/app.py b/src/lambda/gc03_check_iam_cloudwatch_alarms/app.py deleted file mode 100644 index 5b122a47..00000000 --- a/src/lambda/gc03_check_iam_cloudwatch_alarms/app.py +++ /dev/null @@ -1,214 +0,0 @@ -""" GC03 - Check IAM/ CloudWatch Alarms - https://canada-ca.github.io/cloud-guardrails/EN/03_Cloud-Console-Access.html -""" - -import json -import logging - -from utils import is_scheduled_notification, check_required_parameters, check_guardrail_requirement_by_cloud_usage_profile, get_cloud_profile_from_tags, GuardrailType, GuardrailRequirementType -from boto_util.organizations import get_account_tags, get_organizations_mgmt_account_id -from boto_util.client import get_client -from boto_util.config import build_evaluation, submit_evaluations - -import botocore.exceptions - -# Logging setup -logger = logging.getLogger() -logger.setLevel(logging.INFO) - - -def check_cloudwatch_alarms( - cloudwatch_client, - alarm_names=[ - "AWS-IAM-Authentication-From-Unapproved-IP", - "AWS-SSO-Authentication-From-Unapproved-IP", - "AWS-Console-SignIn-Without-MFA", - "AWSAccelerator-AWS-IAM-Authentication-From-Unapproved-IP", - "AWSAccelerator-AWS-SSO-Authentication-From-Unapproved-IP", - "AWSAccelerator-AWS-Console-SignIn-Without-MFA" - ], -): - """Check CloudWatch alarms for compliance. - Keyword arguments: - alarm_names -- the list of CloudWatch alarms to check - """ - result = {"status": "NON_COMPLIANT", "annotation": "No alarms found"} - if len(alarm_names) < 1: - # no alarms to check - result = { - "status": "COMPLIANT", - "annotation": "No alarms checked for compliance", - } - return result - # initialize our lists - alarms_not_found = alarm_names - alarms_found = [] - try: - # describe CloudWatch alarms - response = cloudwatch_client.describe_alarms( - AlarmNames=alarm_names, - AlarmTypes=["MetricAlarm"], - ) - # results may be paginated, and we may have to retry - b_more_data = True - i_retries = 0 - i_retry_limit = 10 - next_token = "" - while b_more_data and (i_retries < i_retry_limit): - # did we get a response? - if response: - # yes - alarms_found.extend(response.get("MetricAlarms")) - # results paginated? - next_token = response.get("NextToken") - if next_token: - # yes - response = cloudwatch_client.describe_alarms( - AlarmNames=alarm_names, - AlarmTypes=["MetricAlarm"], - NextToken=next_token, - ) - else: - # no more data - b_more_data = False - else: - logger.error("Empty response. Retry call.") - i_retries += 1 - if next_token: - response = cloudwatch_client.describe_alarms( - AlarmNames=alarm_names, - AlarmTypes=["MetricAlarm"], - NextToken=next_token, - ) - else: - response = cloudwatch_client.describe_alarms( - AlarmNames=alarm_names, - AlarmTypes=["MetricAlarm"], - ) - # did we time out trying? - if i_retries >= i_retry_limit: - # yes - result["annotation"] = "Empty response while trying describe_alarms in CloudWatch API." - return result - except botocore.exceptions.ClientError as error: - logger.error("Error while trying to describe_alarms - boto3 Client error - %s", error) - result["annotation"] = "Error while trying to describe_alarms." - return result - - # checking the alarms we found - alarms_not_found_set = set(alarms_not_found) - for alarm in alarms_found: - if not alarms_not_found_set: - # All alarms have been found, exit the loop - break - alarm_name = alarm.get("AlarmName") - if alarm_name: - for not_found_alarm in alarms_not_found_set: - if not_found_alarm in alarm_name: - logger.info("CloudWatch Alarm %s found.", alarm_name) - alarms_not_found_set.remove(not_found_alarm) - - # Stop the inner loop as we found a match - break - - # prepare the annotation (if needed) - if len(alarms_not_found_set) > 0: - annotation = "Alarms not found: " - for alarm in alarms_not_found_set: - annotation += f"{alarm}; " - result["annotation"] = annotation - else: - result = {"status": "COMPLIANT", "annotation": "All alarms found"} - - logger.info(result) - return result - - -def lambda_handler(event, context): - """ - This function is the main entry point for Lambda. - - Keyword arguments: - - event -- the event variable given in the lambda handler - - context -- the context variable given in the lambda handler - """ - logger.info("Received Event: %s", json.dumps(event, indent=2)) - - invoking_event = json.loads(event["invokingEvent"]) - if not is_scheduled_notification(invoking_event["messageType"]): - logger.error("Skipping assessments as this is not a scheduled invocation") - return - - rule_parameters = check_required_parameters( - json.loads(event.get("ruleParameters", "{}")), ["ExecutionRoleName", "AlarmList"] - ) - execution_role_name = rule_parameters.get("ExecutionRoleName") - audit_account_id = rule_parameters.get("AuditAccountID", "") - aws_account_id = event["accountId"] - is_not_audit_account = aws_account_id != audit_account_id - - evaluations = [] - - try: - client = get_client("organizations") - response = client.describe_account(AccountId=aws_account_id) - account_status = response["Account"]["Status"] - - logger.info(f"account_status is {account_status}") - - if account_status != "ACTIVE": - return - - aws_organizations_client = get_client("organizations", aws_account_id, execution_role_name) - - if aws_account_id != get_organizations_mgmt_account_id(aws_organizations_client): - logger.info( - "CloudWatch Alarms not checked in account %s as this is not the Management Account", - aws_account_id, - ) - return - - - aws_config_client = get_client("config", aws_account_id, execution_role_name) - aws_cloudwatch_client = get_client("cloudwatch", aws_account_id, execution_role_name) - - # Check cloud profile - tags = get_account_tags(get_client("organizations", assume_role=False), aws_account_id) - cloud_profile = get_cloud_profile_from_tags(tags) - gr_requirement_type = check_guardrail_requirement_by_cloud_usage_profile(GuardrailType.Guardrail3, cloud_profile) - - # If the guardrail is recommended - if gr_requirement_type == GuardrailRequirementType.Recommended: - return submit_evaluations(aws_config_client, event, [build_evaluation( - aws_account_id, - "COMPLIANT", - event, - gr_requirement_type=gr_requirement_type - )]) - # If the guardrail is not required - elif gr_requirement_type == GuardrailRequirementType.Not_Required: - return submit_evaluations(aws_config_client, event, [build_evaluation( - aws_account_id, - "NOT_APPLICABLE", - event, - gr_requirement_type=gr_requirement_type - )]) - - results = check_cloudwatch_alarms( - aws_cloudwatch_client, alarm_names=str(rule_parameters["AlarmList"]).split(",") - ) - if results: - compliance_type = results.get("status") - annotation = results.get("annotation") - else: - compliance_type = "NON_COMPLIANT" - annotation = "Unable to assess CloudWatch Alarms" - - logger.info(f"{compliance_type}: {annotation}") - evaluations.append(build_evaluation(aws_account_id, compliance_type, event, annotation=annotation)) - submit_evaluations(aws_config_client, event, evaluations) - - except: - logger.info("This account Id is not active. Compliance evaluation not available for suspended accounts") diff --git a/src/lambda/gc03_check_iam_cloudwatch_alarms/events/event.json b/src/lambda/gc03_check_iam_cloudwatch_alarms/events/event.json deleted file mode 100644 index a6197dea..00000000 --- a/src/lambda/gc03_check_iam_cloudwatch_alarms/events/event.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "body": "{\"message\": \"hello world\"}", - "resource": "/hello", - "path": "/hello", - "httpMethod": "GET", - "isBase64Encoded": false, - "queryStringParameters": { - "foo": "bar" - }, - "pathParameters": { - "proxy": "/path/to/resource" - }, - "stageVariables": { - "baz": "qux" - }, - "headers": { - "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", - "Accept-Encoding": "gzip, deflate, sdch", - "Accept-Language": "en-US,en;q=0.8", - "Cache-Control": "max-age=0", - "CloudFront-Forwarded-Proto": "https", - "CloudFront-Is-Desktop-Viewer": "true", - "CloudFront-Is-Mobile-Viewer": "false", - "CloudFront-Is-SmartTV-Viewer": "false", - "CloudFront-Is-Tablet-Viewer": "false", - "CloudFront-Viewer-Country": "US", - "Host": "1234567890.execute-api.us-east-1.amazonaws.com", - "Upgrade-Insecure-Requests": "1", - "User-Agent": "Custom User Agent String", - "Via": "1.1 08f323deadbeefa7af34d5feb414ce27.cloudfront.net (CloudFront)", - "X-Amz-Cf-Id": "cDehVQoZnx43VYQb9j2-nvCh-9z396Uhbp027Y2JvkCPNLmGJHqlaA==", - "X-Forwarded-For": "127.0.0.1, 127.0.0.2", - "X-Forwarded-Port": "443", - "X-Forwarded-Proto": "https" - }, - "requestContext": { - "accountId": "123456789012", - "resourceId": "123456", - "stage": "prod", - "requestId": "c6af9ac6-7b61-11e6-9a41-93e8deadbeef", - "requestTime": "09/Apr/2015:12:34:56 +0000", - "requestTimeEpoch": 1428582896000, - "identity": { - "cognitoIdentityPoolId": null, - "accountId": null, - "cognitoIdentityId": null, - "caller": null, - "accessKey": null, - "sourceIp": "127.0.0.1", - "cognitoAuthenticationType": null, - "cognitoAuthenticationProvider": null, - "userArn": null, - "userAgent": "Custom User Agent String", - "user": null - }, - "path": "/prod/hello", - "resourcePath": "/hello", - "httpMethod": "POST", - "apiId": "1234567890", - "protocol": "HTTP/1.1" - } -} diff --git a/src/lambda/gc03_check_iam_cloudwatch_alarms/requirements.txt b/src/lambda/gc03_check_iam_cloudwatch_alarms/requirements.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/src/lambda/gc03_check_iam_cloudwatch_alarms/template.yaml b/src/lambda/gc03_check_iam_cloudwatch_alarms/template.yaml deleted file mode 100644 index 72ccd1fd..00000000 --- a/src/lambda/gc03_check_iam_cloudwatch_alarms/template.yaml +++ /dev/null @@ -1,19 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Transform: AWS::Serverless-2016-10-31 -Description: > - gc03_check_iam_cloudwatch_alarms - -Globals: - Function: - Timeout: 180 - MemorySize: 128 - -Resources: - GC03CheckIAMCloudWatchAlarmsLambda: - Type: AWS::Serverless::Function - Properties: - CodeUri: . - Handler: app.lambda_handler - Runtime: python3.9 - Architectures: - - x86_64