Skip to content

Commit 075f0f2

Browse files
fcracker79fcracker79
committed
Releasing response actions
1 parent be88c30 commit 075f0f2

File tree

1 file changed

+38
-1
lines changed

1 file changed

+38
-1
lines changed

modules/Makefile

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
S3_BUCKET ?= "s4c-cft"
44
S3_PREFIX ?= "test"
55
S3_REGION ?= eu-west-1
6+
RESPONSE_ACTIONS_TEMP_S3_PREFIX = modules/$(S3_PREFIX)/temp
7+
RESPONSE_ACTIONS_TEMP_S3_URI = s3://$(S3_BUCKET)/$(RESPONSE_ACTIONS_TEMP_S3_PREFIX)/response_actions.cft.yaml
68
STACK_NAME = Sysdig-Secure
79
PARAM_NAME_SUFFIX ?= test
810
PARAM_IS_ORGANIZATIONAL ?= false
@@ -15,8 +17,13 @@ PARAM_TARGET_EVENT_BUS_ARN ?= arn:aws:events:us-east-1::event-bus/default
1517
PARAM_BUCKET_ARN ?= arn:aws:s3:::cloudtrail-$(PARAM_NAME_SUFFIX)
1618
PARAM_REGIONS ?= us-east-1
1719
PARAM_LAMBDA_SCANNING_ENABLED ?= true
20+
PARAM_API_BASE_URL ?= https://app-staging.sysdigcloud.com
21+
PARAM_LAMBDA_PACKAGES_BASE_URL ?= https://download.sysdig.com/cloud-response-actions
22+
PARAM_RESPONSE_ACTIONS_VERSION ?= 1.0.0
23+
PARAM_ENABLED_RESPONSE_ACTIONS ?= make_private,fetch_cloud_logs,create_volume_snapshot,quarantine_user
24+
PARAM_RESPONSE_ACTIONS_PARTITION ?= aws
1825

19-
.PHONY: validate lint deploy test clean
26+
.PHONY: validate lint deploy test clean response_actions
2027
validate: export AWS_PAGER=""
2128
validate:
2229
aws --region us-east-1 cloudformation validate-template --template-body file://./foundational.cft.yaml
@@ -25,6 +32,9 @@ validate:
2532
aws --region us-east-1 cloudformation validate-template --template-body file://./log_ingestion.s3.cft.yaml
2633
aws --region us-east-1 cloudformation validate-template --template-body file://./volume_access.cft.yaml
2734
aws --region us-east-1 cloudformation validate-template --template-body file://./vm_workload_scanning.cft.yaml
35+
@trap 'aws s3 rm $(RESPONSE_ACTIONS_TEMP_S3_URI) 2>/dev/null || true' EXIT; \
36+
aws s3 cp response_actions.cft.yaml $(RESPONSE_ACTIONS_TEMP_S3_URI) && \
37+
aws --region us-east-1 cloudformation validate-template --template-url `aws s3 presign $(RESPONSE_ACTIONS_TEMP_S3_URI) --region $(S3_REGION) --expires-in 60`
2838

2939
lint:
3040
cfn-lint *.cft.yaml
@@ -38,6 +48,8 @@ lint:
3848
yq '.Resources.AccountStackSet.Properties.TemplateBody' volume_access.cft.yaml | cfn-lint -
3949
yq '.Resources.OrganizationStackSet.Properties.TemplateBody' volume_access.cft.yaml | cfn-lint -
4050
yq '.Resources.ScanningOrgStackSet.Properties.TemplateBody' vm_workload_scanning.cft.yaml | cfn-lint -
51+
yq '.Resources.LambdaFunctionsStackSet.Properties.TemplateBody' response_actions.cft.yaml | cfn-lint -
52+
yq '.Resources.OrganizationDelegateRolesStackSet.Properties.TemplateBody' response_actions.cft.yaml | cfn-lint -
4153

4254
publish:
4355
aws s3 cp foundational.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/foundational.cft.yaml
@@ -46,6 +58,7 @@ publish:
4658
aws s3 cp log_ingestion.legacy_events.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/log_ingestion.legacy_events.cft.yaml
4759
aws s3 cp volume_access.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/volume_access.cft.yaml
4860
aws s3 cp vm_workload_scanning.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/vm_workload_scanning.cft.yaml
61+
aws s3 cp response_actions.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/response_actions.cft.yaml
4962

5063
deploy:
5164
aws cloudformation deploy \
@@ -139,6 +152,29 @@ deploy:
139152
"IncludeOUIDs=$(PARAM_INCLUDE_OU_IDS)" \
140153
"IncludeAccounts=$(PARAM_INCLUDE_ACCOUNTS)" \
141154
"ExcludeAccounts=$(PARAM_EXCLUDE_ACCOUNTS)"
155+
156+
aws cloudformation deploy \
157+
--stack-name $(STACK_NAME)-ResponseActions-$(PARAM_NAME_SUFFIX) \
158+
--template-file response_actions.cft.yaml \
159+
--s3-bucket $(S3_BUCKET) \
160+
--s3-prefix $(RESPONSE_ACTIONS_TEMP_S3_PREFIX) \
161+
--capabilities "CAPABILITY_NAMED_IAM" "CAPABILITY_AUTO_EXPAND" \
162+
--parameter-overrides \
163+
"NameSuffix=$(PARAM_NAME_SUFFIX)" \
164+
"ExternalID=$(PARAM_EXTERNAL_ID)" \
165+
"TrustedIdentity=$(PARAM_TRUSTED_IDENTITY)" \
166+
"ApiBaseUrl=$(PARAM_API_BASE_URL)" \
167+
"LambdaPackagesBaseUrl=$(PARAM_LAMBDA_PACKAGES_BASE_URL)" \
168+
"ResponseActionsVersion=$(PARAM_RESPONSE_ACTIONS_VERSION)" \
169+
"EnabledResponseActions=$(PARAM_ENABLED_RESPONSE_ACTIONS)" \
170+
"Regions=$(PARAM_REGIONS)" \
171+
"IsOrganizational=$(PARAM_IS_ORGANIZATIONAL)" \
172+
"Partition=$(PARAM_RESPONSE_ACTIONS_PARTITION)" \
173+
"RootOUID=$(PARAM_ROOT_OU_ID)" \
174+
"Partition=$(PARAM_RESPONSE_ACTIONS_PARTITION)" \
175+
"IncludeOUIDs=$(PARAM_INCLUDE_OU_IDS)" \
176+
"IncludeAccounts=$(PARAM_INCLUDE_ACCOUNTS)" \
177+
"ExcludeAccounts=$(PARAM_EXCLUDE_ACCOUNTS)"
142178

143179
clean:
144180
aws cloudformation delete-stack --stack-name $(STACK_NAME)-Foundational-$(PARAM_NAME_SUFFIX)
@@ -147,3 +183,4 @@ clean:
147183
aws cloudformation delete-stack --stack-name $(STACK_NAME)-LogIngestion-S3-$(PARAM_NAME_SUFFIX)
148184
aws cloudformation delete-stack --stack-name $(STACK_NAME)-VolumeAccess-$(PARAM_NAME_SUFFIX)
149185
aws cloudformation delete-stack --stack-name $(STACK_NAME)-VMWorkloadScanning-$(PARAM_NAME_SUFFIX)
186+
aws cloudformation delete-stack --stack-name $(STACK_NAME)-ResponseActions-$(PARAM_NAME_SUFFIX)

0 commit comments

Comments
 (0)