fix(event-bridge): Add state in AWS::Events::Rule (SSPROD-34618) (#113)

* Add state to event bridge rule

* add state also in cspm EB case

* add EventBridgeState as parameters

Author: matteopasa

templates_cspm_eventbridge/FullInstall.yaml

@@ -12,6 +12,7 @@ Metadata:
           - TrustedIdentity
           - EventBusARN
           - EventBridgeRoleName
+          - EventBridgeState
 
     ParameterLabels:
       RoleName:
@@ -24,6 +25,8 @@ Metadata:
         default: "Target Event Bus (Sysdig use only)"
       EventBridgeRoleName:
         default: "Integration Name (Sysdig use only)"
+      EventBridgeState:
+        default: "State of the EventBridge Rule (Sysdig use only)"
 
 
 Parameters:
@@ -42,6 +45,14 @@ Parameters:
   EventBusARN:
     Type: String
     Description: The destination in Sysdig's AWS account where your events are sent
+  EventBridgeState:
+    Type: String
+    Description: The state of the EventBridge Rule
+    Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+    AllowedValues:
+      - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+      - ENABLED
+      - DISABLED
 
 Resources:
   CloudAgentlessRole:
@@ -96,6 +107,7 @@ Resources:
           - 'AWS API Call via CloudTrail'
           - 'AWS Console Sign In via CloudTrail'
           - 'AWS Service Event via CloudTrail'
+      State: !Ref EventBridgeState
       Targets:
         - Id: !Ref EventBridgeRoleName
           Arn: !Ref EventBusARN

templates_cspm_eventbridge/OrgFullInstall.yaml

@@ -13,6 +13,7 @@ Metadata:
           - EventBusARN
           - Regions
           - OrganizationUnitIDs
+          - EventBridgeState
     ParameterLabels:
       CSPMRoleName:
         default: "CSPM Role Name (Sysdig use only)"
@@ -27,7 +28,9 @@ Metadata:
       Regions:
         default: "EventBridge Regions (Sysdig use only)"
       OrganizationUnitIDs:
-        default: "Organization Unit IDs (Sysdig use only)"       
+        default: "Organization Unit IDs (Sysdig use only)"
+      EventBridgeState:
+        default: "State of the EventBridge Rule (Sysdig use only)"  
 Parameters:
   CSPMRoleName:
     Type: String
@@ -50,6 +53,14 @@ Parameters:
   OrganizationUnitIDs:
     Type: String
     Description: Organization Unit IDs to deploy
+  EventBridgeState:
+    Type: String
+    Description: The state of the EventBridge Rule
+    Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+    AllowedValues:
+      - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+      - ENABLED
+      - DISABLED
 
 Resources:
   AdministrationRole:
@@ -176,7 +187,7 @@ Resources:
             Description: A unique identifier used to create an IAM Role and EventBridge Rule
           EventBusARN:
             Type: String
-            Description: The destination in Sysdig's AWS account where your events are sent                        
+            Description: The destination in Sysdig's AWS account where your events are sent                       
         Resources:
           CloudAgentlessRole:
             Type: "AWS::IAM::Role"
@@ -237,6 +248,8 @@ Resources:
           ParameterValue: !Ref EventBridgeRoleName
         - ParameterKey: EventBusARN
           ParameterValue: !Ref EventBusARN
+        - ParameterKey: EventBridgeState
+          ParameterValue: !Ref EventBridgeState
       StackInstancesGroup:
         - DeploymentTargets:
             OrganizationalUnitIds: !Split [ ",", !Ref OrganizationUnitIDs]
@@ -250,7 +263,15 @@ Resources:
             Description: A unique identifier used to create an IAM Role and EventBridge Rule
           EventBusARN:
             Type: String
-            Description: The destination in Sysdig's AWS account where your events are sent                        
+            Description: The destination in Sysdig's AWS account where your events are sent 
+          EventBridgeState:
+            Type: String
+            Description: The state of the EventBridge Rule
+            Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+            AllowedValues:
+              - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+              - ENABLED
+              - DISABLED                        
         Resources:           
           EventBridgeRule:
             Type: "AWS::Events::Rule"
@@ -262,6 +283,7 @@ Resources:
                   - 'AWS API Call via CloudTrail'
                   - 'AWS Console Sign In via CloudTrail'
                   - 'AWS Service Event via CloudTrail'
+              State: !Sub ${EventBridgeState}
               Targets:
                 - Id: !Sub ${EventBridgeRoleName}
                   Arn: !Sub ${EventBusARN}
@@ -290,6 +312,8 @@ Resources:
           ParameterValue: !Ref EventBridgeRoleName
         - ParameterKey: EventBusARN
           ParameterValue: !Ref EventBusARN
+        - ParameterKey: EventBridgeState
+          ParameterValue: !Ref EventBridgeState
       StackInstancesGroup:
         - DeploymentTargets:
             Accounts:
@@ -304,7 +328,15 @@ Resources:
             Description: A unique identifier used to create an IAM Role and EventBridge Rule
           EventBusARN:
             Type: String
-            Description: The destination in Sysdig's AWS account where your events are sent                        
+            Description: The destination in Sysdig's AWS account where your events are sent
+          EventBridgeState:
+            Type: String
+            Description: The state of the EventBridge Rule
+            Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+            AllowedValues:
+              - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+              - ENABLED
+              - DISABLED                     
         Resources:           
           EventBridgeRule:
             Type: "AWS::Events::Rule"
@@ -316,6 +348,7 @@ Resources:
                   - 'AWS API Call via CloudTrail'
                   - 'AWS Console Sign In via CloudTrail'
                   - 'AWS Service Event via CloudTrail'
+              State: !Sub ${EventBridgeState}
               Targets:
                 - Id: !Sub ${EventBridgeRoleName}
                   Arn: !Sub ${EventBusARN}

templates_eventbridge/EventBridge.yaml

@@ -21,6 +21,8 @@ Metadata:
         default: "Target Event Bus (Sysdig use only)"
       EventBridgeRoleName:
         default: "Integration Name (Sysdig use only)"
+      EventBridgeState:
+        default: "State of the EventBridge Rule (Sysdig use only)"
 
 Parameters:
   EventBridgeRoleName:
@@ -35,6 +37,14 @@ Parameters:
   EventBusARN:
     Type: String
     Description: The destination in Sysdig's AWS account where your events are sent
+  EventBridgeState:
+    Type: String
+    Description: The state of the EventBridge Rule
+    Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+    AllowedValues:
+      - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+      - ENABLED
+      - DISABLED
 
 Resources:
   EventBridgeRole:
@@ -72,6 +82,7 @@ Resources:
           - 'AWS API Call via CloudTrail'
           - 'AWS Console Sign In via CloudTrail'
           - 'AWS Service Event via CloudTrail'
+      State: !Ref EventBridgeState
       Targets:
         - Id: !Ref EventBridgeRoleName
           Arn: !Ref EventBusARN

templates_eventbridge/OrgEventBridge.yaml

@@ -13,6 +13,7 @@ Metadata:
           - EventBusARN
           - Regions
           - OrganizationUnitIDs
+          - EventBridgeState
     ParameterLabels:
       CSPMRoleName:
         default: "CSPM Role Name (Sysdig use only)"    
@@ -28,6 +29,8 @@ Metadata:
         default: "EventBridge Regions (Sysdig use only)"
       OrganizationUnitIDs:
         default: "Organization Unit IDs (Sysdig use only)"
+      EventBridgeState:
+        default: "State of the EventBridge Rule (Sysdig use only)"
 Parameters:
   CSPMRoleName:
     Type: String
@@ -50,6 +53,15 @@ Parameters:
   OrganizationUnitIDs:
     Type: String
     Description: Comma separated list of Organization Unit IDs to deploy
+  EventBridgeState:
+    Type: String
+    Description: The state of the EventBridge Rule
+    Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+    AllowedValues:
+      - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+      - ENABLED
+      - DISABLED
+
 Resources:
   AdministrationRole:
     Type: AWS::IAM::Role
@@ -153,7 +165,9 @@ Resources:
         - ParameterKey: EventBridgeRoleName
           ParameterValue: !Ref EventBridgeRoleName
         - ParameterKey: EventBusARN
-          ParameterValue: !Ref EventBusARN                      
+          ParameterValue: !Ref EventBusARN
+        - ParameterKey: EventBridgeState
+          ParameterValue: !Ref EventBridgeState                     
       StackInstancesGroup:
         - DeploymentTargets:
             Accounts: 
@@ -168,7 +182,15 @@ Resources:
             Description: A unique identifier used to create an IAM Role and EventBridge Rule
           EventBusARN:
             Type: String
-            Description: The destination in Sysdig's AWS account where your events are sent                        
+            Description: The destination in Sysdig's AWS account where your events are sent
+          EventBridgeState:
+            Type: String
+            Description: The state of the EventBridge Rule
+            Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+            AllowedValues:
+              - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+              - ENABLED
+              - DISABLED                         
         Resources:           
           EventBridgeRule:
             Type: "AWS::Events::Rule"
@@ -180,6 +202,7 @@ Resources:
                   - 'AWS API Call via CloudTrail'
                   - 'AWS Console Sign In via CloudTrail'
                   - 'AWS Service Event via CloudTrail'
+              State: !Sub ${EventBridgeState}
               Targets:
                 - Id: !Sub ${EventBridgeRoleName}
                   Arn: !Sub ${EventBusARN}
@@ -268,7 +291,9 @@ Resources:
         - ParameterKey: EventBridgeRoleName
           ParameterValue: !Ref EventBridgeRoleName
         - ParameterKey: EventBusARN
-          ParameterValue: !Ref EventBusARN                      
+          ParameterValue: !Ref EventBusARN
+        - ParameterKey: EventBridgeState
+          ParameterValue: !Ref EventBridgeState                    
       StackInstancesGroup:
         - DeploymentTargets:
             OrganizationalUnitIds: !Split [ ",", !Ref OrganizationUnitIDs]
@@ -282,7 +307,15 @@ Resources:
             Description: A unique identifier used to create an IAM Role and EventBridge Rule
           EventBusARN:
             Type: String
-            Description: The destination in Sysdig's AWS account where your events are sent                        
+            Description: The destination in Sysdig's AWS account where your events are sent
+          EventBridgeState:
+            Type: String
+            Description: The state of the EventBridge Rule
+            Default: ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+            AllowedValues:
+              - ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS
+              - ENABLED
+              - DISABLED                 
         Resources:           
           EventBridgeRule:
             Type: "AWS::Events::Rule"
@@ -294,6 +327,7 @@ Resources:
                   - 'AWS API Call via CloudTrail'
                   - 'AWS Console Sign In via CloudTrail'
                   - 'AWS Service Event via CloudTrail'
+              State: !Sub ${EventBridgeState}
               Targets:
                 - Id: !Sub ${EventBridgeRoleName}
                   Arn: !Sub ${EventBusARN}