Skip to content

Commit 714c092

Browse files
fcracker79fcracker79
authored
feat(response actions) add release support for response actions (#164)
* Releasing response actions * Fix * Attempting to fix * Fix * Removed duplicate Partition * Fix * Fix * Fix * Fix
1 parent be88c30 commit 714c092

File tree

2 files changed

+40
-2
lines changed

2 files changed

+40
-2
lines changed

.github/workflows/ci-modules.yaml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,11 +46,13 @@ jobs:
4646
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
4747
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
4848
aws-region: eu-west-1
49-
49+
5050
- name: Validate Templates
5151
run: make validate
5252
working-directory: modules
53-
53+
env:
54+
S3_BUCKET: cf-templates-cloudvision-ci
55+
5456
publish:
5557
name: Publish Templates
5658
runs-on: ubuntu-latest

modules/Makefile

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
S3_BUCKET ?= "s4c-cft"
44
S3_PREFIX ?= "test"
55
S3_REGION ?= eu-west-1
6+
RESPONSE_ACTIONS_TEMP_S3_PREFIX = modules/$(S3_PREFIX)/temp
7+
RESPONSE_ACTIONS_TEMP_S3_URI = s3://$(S3_BUCKET)/$(RESPONSE_ACTIONS_TEMP_S3_PREFIX)/response_actions.cft.yaml
68
STACK_NAME = Sysdig-Secure
79
PARAM_NAME_SUFFIX ?= test
810
PARAM_IS_ORGANIZATIONAL ?= false
@@ -15,6 +17,11 @@ PARAM_TARGET_EVENT_BUS_ARN ?= arn:aws:events:us-east-1::event-bus/default
1517
PARAM_BUCKET_ARN ?= arn:aws:s3:::cloudtrail-$(PARAM_NAME_SUFFIX)
1618
PARAM_REGIONS ?= us-east-1
1719
PARAM_LAMBDA_SCANNING_ENABLED ?= true
20+
PARAM_API_BASE_URL ?= https://app-staging.sysdigcloud.com
21+
PARAM_LAMBDA_PACKAGES_BASE_URL ?= https://download.sysdig.com/cloud-response-actions
22+
PARAM_RESPONSE_ACTIONS_VERSION ?= 1.0.0
23+
PARAM_ENABLED_RESPONSE_ACTIONS ?= make_private,fetch_cloud_logs,create_volume_snapshot,quarantine_user
24+
PARAM_RESPONSE_ACTIONS_PARTITION ?= aws
1825

1926
.PHONY: validate lint deploy test clean
2027
validate: export AWS_PAGER=""
@@ -25,6 +32,9 @@ validate:
2532
aws --region us-east-1 cloudformation validate-template --template-body file://./log_ingestion.s3.cft.yaml
2633
aws --region us-east-1 cloudformation validate-template --template-body file://./volume_access.cft.yaml
2734
aws --region us-east-1 cloudformation validate-template --template-body file://./vm_workload_scanning.cft.yaml
35+
@trap 'aws s3 rm $(RESPONSE_ACTIONS_TEMP_S3_URI) 2>/dev/null || true' EXIT; \
36+
aws s3 cp response_actions.cft.yaml $(RESPONSE_ACTIONS_TEMP_S3_URI) && \
37+
aws --region us-east-1 cloudformation validate-template --template-url `aws s3 presign $(RESPONSE_ACTIONS_TEMP_S3_URI) --region $(S3_REGION) --expires-in 60`
2838

2939
lint:
3040
cfn-lint *.cft.yaml
@@ -38,6 +48,8 @@ lint:
3848
yq '.Resources.AccountStackSet.Properties.TemplateBody' volume_access.cft.yaml | cfn-lint -
3949
yq '.Resources.OrganizationStackSet.Properties.TemplateBody' volume_access.cft.yaml | cfn-lint -
4050
yq '.Resources.ScanningOrgStackSet.Properties.TemplateBody' vm_workload_scanning.cft.yaml | cfn-lint -
51+
yq '.Resources.LambdaFunctionsStackSet.Properties.TemplateBody' response_actions.cft.yaml | cfn-lint -
52+
yq '.Resources.OrganizationDelegateRolesStackSet.Properties.TemplateBody' response_actions.cft.yaml | cfn-lint -
4153

4254
publish:
4355
aws s3 cp foundational.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/foundational.cft.yaml
@@ -46,6 +58,7 @@ publish:
4658
aws s3 cp log_ingestion.legacy_events.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/log_ingestion.legacy_events.cft.yaml
4759
aws s3 cp volume_access.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/volume_access.cft.yaml
4860
aws s3 cp vm_workload_scanning.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/vm_workload_scanning.cft.yaml
61+
aws s3 cp response_actions.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/response_actions.cft.yaml
4962

5063
deploy:
5164
aws cloudformation deploy \
@@ -139,6 +152,28 @@ deploy:
139152
"IncludeOUIDs=$(PARAM_INCLUDE_OU_IDS)" \
140153
"IncludeAccounts=$(PARAM_INCLUDE_ACCOUNTS)" \
141154
"ExcludeAccounts=$(PARAM_EXCLUDE_ACCOUNTS)"
155+
156+
aws cloudformation deploy \
157+
--stack-name $(STACK_NAME)-ResponseActions-$(PARAM_NAME_SUFFIX) \
158+
--template-file response_actions.cft.yaml \
159+
--s3-bucket $(S3_BUCKET) \
160+
--s3-prefix $(RESPONSE_ACTIONS_TEMP_S3_PREFIX) \
161+
--capabilities "CAPABILITY_NAMED_IAM" "CAPABILITY_AUTO_EXPAND" \
162+
--parameter-overrides \
163+
"NameSuffix=$(PARAM_NAME_SUFFIX)" \
164+
"ExternalID=$(PARAM_EXTERNAL_ID)" \
165+
"TrustedIdentity=$(PARAM_TRUSTED_IDENTITY)" \
166+
"ApiBaseUrl=$(PARAM_API_BASE_URL)" \
167+
"LambdaPackagesBaseUrl=$(PARAM_LAMBDA_PACKAGES_BASE_URL)" \
168+
"ResponseActionsVersion=$(PARAM_RESPONSE_ACTIONS_VERSION)" \
169+
"EnabledResponseActions=$(PARAM_ENABLED_RESPONSE_ACTIONS)" \
170+
"Regions=$(PARAM_REGIONS)" \
171+
"IsOrganizational=$(PARAM_IS_ORGANIZATIONAL)" \
172+
"Partition=$(PARAM_RESPONSE_ACTIONS_PARTITION)" \
173+
"RootOUID=$(PARAM_ROOT_OU_ID)" \
174+
"IncludeOUIDs=$(PARAM_INCLUDE_OU_IDS)" \
175+
"IncludeAccounts=$(PARAM_INCLUDE_ACCOUNTS)" \
176+
"ExcludeAccounts=$(PARAM_EXCLUDE_ACCOUNTS)"
142177

143178
clean:
144179
aws cloudformation delete-stack --stack-name $(STACK_NAME)-Foundational-$(PARAM_NAME_SUFFIX)
@@ -147,3 +182,4 @@ clean:
147182
aws cloudformation delete-stack --stack-name $(STACK_NAME)-LogIngestion-S3-$(PARAM_NAME_SUFFIX)
148183
aws cloudformation delete-stack --stack-name $(STACK_NAME)-VolumeAccess-$(PARAM_NAME_SUFFIX)
149184
aws cloudformation delete-stack --stack-name $(STACK_NAME)-VMWorkloadScanning-$(PARAM_NAME_SUFFIX)
185+
aws cloudformation delete-stack --stack-name $(STACK_NAME)-ResponseActions-$(PARAM_NAME_SUFFIX)

0 commit comments

Comments
 (0)