Merge pull request #235 from aws-solutions/release/v3.2.5

Updated to version v3.2.5

Author: aijunpeng

CHANGELOG.md

@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.5] - 2023-04-18
+### Patched
+- Patch s3 logging bucket settings
+- Updated the timeout for requests
 ## [3.2.4] - 2023-02-06
 ### Changed
 - Upgraded pytest to mitigate CVE-2022-42969

deployment/aws-waf-security-automations.template

@@ -1289,7 +1289,6 @@ Resources:
     DeletionPolicy: Retain
     UpdateReplacePolicy: Retain
     Properties:
-      AccessControl: LogDeliveryWrite
       BucketEncryption:
         ServerSideEncryptionConfiguration:
           - ServerSideEncryptionByDefault:
@@ -1323,6 +1322,22 @@ Resources:
             - !GetAtt AccessLoggingBucket.Arn
             - !Join ["/", [!GetAtt AccessLoggingBucket.Arn, "*"]]
           Sid: HttpsOnly
+        - Sid: S3ServerAccessLogsPolicy
+          Effect: Allow
+          Principal:
+            Service: logging.s3.amazonaws.com
+          Action:
+          - s3:PutObject
+          Resource: 
+            - !GetAtt AccessLoggingBucket.Arn
+            - !Join ["/", [!GetAtt AccessLoggingBucket.Arn, "*"]]
+          Condition:
+            ArnLike:
+              aws:SourceArn:
+              - !If [HttpFloodProtectionLogParserActivated, !GetAtt WafLogBucket.Arn, !GetAtt AccessLoggingBucket.Arn]
+              - !Join ["", ["arn:aws:s3:::", !Ref AppAccessLogBucket]]
+            StringEquals:
+              aws:SourceAccount: !Ref 'AWS::AccountId'
         Version: '2012-10-17'
 
   LogParser:

source/custom_resource/custom-resource.py

@@ -125,7 +125,7 @@ def put_s3_bucket_access_logging(log, s3_client, bucket_name, access_logging_buc
             BucketLoggingStatus={
                 'LoggingEnabled': {
                     'TargetBucket': access_logging_bucket_name,
-                    'TargetPrefix': 'AppAccess_Logs'
+                    'TargetPrefix': 'AppAccess_Logs/'
                 }
             }
         )
@@ -423,7 +423,8 @@ def send_response(log, event, context, responseStatus, responseData, resourceId,
     try:
         response = requests.put(responseUrl,
                                 data=json_responseBody,
-                                headers=headers)
+                                headers=headers,
+                                timeout=600)
         log.debug("Status code: " + response.reason)
 
     except Exception as error:

source/helper/helper.py

@@ -201,7 +201,8 @@ def send_response(log, event, context, responseStatus, responseData, resourceId,
     try:
         response = requests.put(responseUrl,
                                 data=json_responseBody,
-                                headers=headers)
+                                headers=headers,
+                                timeout=600)
         log.debug("Status code: " + response.reason)
 
     except Exception as error:

source/lib/solution_metrics.py

@@ -46,7 +46,7 @@ def send_metrics(data,
             }
         json_data = dumps(metrics_data)
         headers = {'content-type': 'application/json'}
-        response = requests.post(url, data=json_data, headers=headers)
+        response = requests.post(url, data=json_data, headers=headers, timeout=300)
         return response
     except Exception as e:
         log.error("[solution_metrics:send_metrics] Failed to send solution metrics.")

source/reputation_lists_parser/reputation-lists.py

@@ -44,7 +44,7 @@ def find_ips(line, prefix=""):
 def read_url_list(log, current_list, url, prefix=""):
     try:
         log.info("[read_url_list]reading url " + url)
-        file = requests.get(url)
+        file = requests.get(url, timeout=600)
         new_ip_count = 0
         line_count = 0
         current_ip_count = len(current_list)
@@ -149,7 +149,8 @@ def send_response(log, event, context, responseStatus, responseData, resourceId,
     try:
         response = requests.put(responseUrl,
                                 data=json_responseBody,
-                                headers=headers)
+                                headers=headers,
+                                timeout=600)
         log.debug("Status code: " + response.reason)
 
     except Exception as error:

source/timer/timer.py

@@ -48,7 +48,8 @@ def send_response(log, event, context, responseStatus, responseData, resourceId,
     try:
         response = requests.put(responseUrl,
                                 data=json_responseBody,
-                                headers=headers)
+                                headers=headers,
+                                timeout=600)
         log.debug("Status code: " + response.reason)
 
     except Exception as error: