|
10 | 10 | }, |
11 | 11 | "BucketName": { |
12 | 12 | "Type": "String", |
| 13 | + "MinLength": "3", |
| 14 | + "MaxLength": "63", |
13 | 15 | "AllowedPattern": "^[a-z0-9][a-z0-9-.]{1,61}[a-z0-9]$", |
14 | | - "Description": "Enter the name of the S3 bucket for storing server access logs.", |
15 | | - "Default": "microsoft-sentinel-s3-server-logs" |
| 16 | + "ConstraintDescription": "S3 bucket name is required. Must be 3-63 characters, lowercase letters, numbers, dots, and hyphens only. Must start and end with letter or number.", |
| 17 | + "Description": "Enter a unique S3 bucket name for storing server access logs. Bucket name must be globally unique." |
16 | 18 | }, |
17 | 19 | "SentinelSQSQueueName": { |
18 | | - "Default": "MicrosoftSentinelS3ServerAccessLogsQueue", |
19 | 20 | "Type": "String", |
20 | | - "Description": "Enter the name for the SQS Queue." |
| 21 | + "MinLength": "1", |
| 22 | + "MaxLength": "80", |
| 23 | + "ConstraintDescription": "SQS queue name is required. Must be 1-80 characters.", |
| 24 | + "Description": "Enter a unique SQS queue name." |
21 | 25 | }, |
22 | 26 | "SentinelWorkspaceId": { |
23 | 27 | "Type": "String", |
|
87 | 91 | "DeletionPolicy": "Retain", |
88 | 92 | "Properties": { |
89 | 93 | "BucketName": { |
90 | | - "Fn::Sub": "${BucketName}" |
| 94 | + "Ref": "BucketName" |
91 | 95 | }, |
92 | 96 | "LoggingConfiguration": { |
93 | 97 | "DestinationBucketName": { |
94 | | - "Fn::Sub": "${BucketName}" |
| 98 | + "Ref": "BucketName" |
95 | 99 | }, |
96 | 100 | "LogFilePrefix": "server-logs/" |
97 | 101 | }, |
|
137 | 141 | }, |
138 | 142 | "Action": "s3:PutObject", |
139 | 143 | "Resource": { |
140 | | - "Fn::Sub": "arn:aws:s3:::${BucketName}/*" |
| 144 | + "Fn::Join": [ |
| 145 | + "", |
| 146 | + [ |
| 147 | + { |
| 148 | + "Fn::GetAtt": [ |
| 149 | + "S3Bucket", |
| 150 | + "Arn" |
| 151 | + ] |
| 152 | + }, |
| 153 | + "/*" |
| 154 | + ] |
| 155 | + ] |
141 | 156 | }, |
142 | 157 | "Condition": { |
143 | 158 | "ArnLike": { |
144 | 159 | "aws:SourceArn": { |
145 | | - "Fn::Sub": "arn:aws:s3:::${BucketName}" |
| 160 | + "Fn::GetAtt": [ |
| 161 | + "S3Bucket", |
| 162 | + "Arn" |
| 163 | + ] |
146 | 164 | } |
147 | 165 | } |
148 | 166 | } |
|
157 | 175 | }, |
158 | 176 | "Action": "s3:GetObject", |
159 | 177 | "Resource": { |
160 | | - "Fn::Sub": "arn:aws:s3:::${BucketName}/*" |
| 178 | + "Fn::Join": [ |
| 179 | + "", |
| 180 | + [ |
| 181 | + { |
| 182 | + "Fn::GetAtt": [ |
| 183 | + "S3Bucket", |
| 184 | + "Arn" |
| 185 | + ] |
| 186 | + }, |
| 187 | + "/*" |
| 188 | + ] |
| 189 | + ] |
161 | 190 | } |
162 | 191 | } |
163 | 192 | ] |
|
168 | 197 | "Type": "AWS::SQS::Queue", |
169 | 198 | "Properties": { |
170 | 199 | "QueueName": { |
171 | | - "Fn::Sub": "${SentinelSQSQueueName}" |
| 200 | + "Ref": "SentinelSQSQueueName" |
172 | 201 | } |
173 | 202 | } |
174 | 203 | }, |
|
179 | 208 | "Version": "2008-10-17", |
180 | 209 | "Statement": [ |
181 | 210 | { |
182 | | - "Sid": "StmtAllowReceiveDeleteChangeVisibility", |
| 211 | + "Sid": "AllowS3ToSendToQueue", |
183 | 212 | "Effect": "Allow", |
184 | 213 | "Principal": { |
185 | 214 | "Service": "s3.amazonaws.com" |
186 | 215 | }, |
187 | | - "Action": [ |
188 | | - "SQS:ReceiveMessage", |
189 | | - "SQS:DeleteMessage", |
190 | | - "SQS:ChangeMessageVisibility" |
191 | | - ], |
| 216 | + "Action": "SQS:SendMessage", |
192 | 217 | "Resource": { |
193 | 218 | "Fn::GetAtt": [ |
194 | 219 | "SentinelSQSQueue", |
195 | 220 | "Arn" |
196 | 221 | ] |
| 222 | + }, |
| 223 | + "Condition": { |
| 224 | + "StringEquals": { |
| 225 | + "aws:SourceAccount": { |
| 226 | + "Ref": "AWS::AccountId" |
| 227 | + } |
| 228 | + }, |
| 229 | + "ArnLike": { |
| 230 | + "aws:SourceArn": { |
| 231 | + "Fn::Sub": "arn:aws:s3:::*" |
| 232 | + } |
| 233 | + } |
197 | 234 | } |
198 | 235 | }, |
199 | 236 | { |
200 | | - "Sid": "AllowS3ToSendToQueue", |
| 237 | + "Sid": "AllowSentinelRoleToReadFromQueue", |
201 | 238 | "Effect": "Allow", |
202 | 239 | "Principal": { |
203 | | - "Service": "s3.amazonaws.com" |
| 240 | + "AWS": { |
| 241 | + "Fn::GetAtt": [ |
| 242 | + "SentinelWebIdentityBasedRole", |
| 243 | + "Arn" |
| 244 | + ] |
| 245 | + } |
204 | 246 | }, |
205 | | - "Action": "SQS:SendMessage", |
| 247 | + "Action": [ |
| 248 | + "SQS:ReceiveMessage", |
| 249 | + "SQS:DeleteMessage", |
| 250 | + "SQS:ChangeMessageVisibility", |
| 251 | + "SQS:GetQueueUrl" |
| 252 | + ], |
206 | 253 | "Resource": { |
207 | 254 | "Fn::GetAtt": [ |
208 | 255 | "SentinelSQSQueue", |
209 | 256 | "Arn" |
210 | 257 | ] |
211 | | - }, |
212 | | - "Condition": { |
213 | | - "ArnLike": { |
214 | | - "aws:SourceArn": { |
215 | | - "Fn::Sub": "arn:aws:s3:::${BucketName}" |
216 | | - } |
217 | | - } |
218 | 258 | } |
219 | 259 | } |
220 | 260 | ] |
|
237 | 277 | }, |
238 | 278 | "Description": "Role ARN for Sentinel Role that is inserted into Amazon Web Service S3 Connector in the Sentinel Data Connectors portal." |
239 | 279 | }, |
| 280 | + "S3BucketName": { |
| 281 | + "Value": { |
| 282 | + "Ref": "S3Bucket" |
| 283 | + }, |
| 284 | + "Description": "S3 Bucket name where server access logs are stored.", |
| 285 | + "Condition": "CreateNewBucketCondition" |
| 286 | + }, |
240 | 287 | "SentinelSQSQueueURL": { |
241 | 288 | "Description": "AWS SQS Queue URL that is inserted into Amazon Web Service S3 Connector in the Sentinel Data Connectors portal.", |
242 | 289 | "Value": { |
|
0 commit comments