Merge pull request #1 from zype/INF-2383

gdacunda · web-flow · commit 070bca7f5fdf · 2023-12-14T16:48:21.000-03:00
INF-2383 feat: Added support for System Manager Run Command notification format
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ Doing serverless with Terraform? Check out [serverless.tf framework](https://ser
   - AWS CloudWatch Alarms
   - AWS CloudWatch LogMetrics Alarms
   - AWS GuardDuty Findings
-
+  - AWS System Manager Run Command Notifications
 
 ## Usage
 
diff --git a/functions/events/ssm_run_command_event_failed.json b/functions/events/ssm_run_command_event_failed.json
@@ -0,0 +1,9 @@
+{
+    "commandId": "6f69316a-e502-5a20-99bc-2408825b6dee",
+    "documentName": "AWS-RunPatchBaseline",
+    "instanceId": "i-99999999999999999",
+    "requestedDateTime": "2023-12-14T10:48:47.127Z",
+    "status": "Failed",
+    "detailedStatus": "Failed",
+    "eventTime": "2023-12-14T10:52:22.114Z"
+}
diff --git a/functions/events/ssm_run_command_event_success.json b/functions/events/ssm_run_command_event_success.json
@@ -0,0 +1,9 @@
+{
+    "commandId": "6f69316a-e502-5a20-99bc-2408825b6dee",
+    "documentName": "AWS-RunPatchBaseline",
+    "instanceId": "i-99999999999999999",
+    "requestedDateTime": "2023-12-14T10:48:47.127Z",
+    "status": "Success",
+    "detailedStatus": "Success",
+    "eventTime": "2023-12-14T10:52:22.114Z"
+}
diff --git a/functions/events/ssm_run_command_event_timedout.json b/functions/events/ssm_run_command_event_timedout.json
@@ -0,0 +1,9 @@
+{
+    "commandId": "6f69316a-e502-5a20-99bc-2408825b6dee",
+    "documentName": "AWS-RunPatchBaseline",
+    "instanceId": "i-99999999999999999",
+    "requestedDateTime": "2023-12-14T10:48:47.127Z",
+    "status": "TimedOut",
+    "detailedStatus": "DeliveryTimedOut",
+    "eventTime": "2023-12-14T10:52:22.114Z"
+}
diff --git a/functions/messages/ssm_run_command_event.json b/functions/messages/ssm_run_command_event.json
@@ -0,0 +1,22 @@
+{
+    "Records": [
+        {
+            "EventSource": "aws:sns",
+            "EventVersion": "1.0",
+            "EventSubscriptionArn": "arn:aws:sns:us-east-1::ExampleTopic",
+            "Sns": {
+                "Type": "Notification",
+                "MessageId": "d3cece60-336d-5967-844b-9394d3cb44ba",
+                "TopicArn": "arn:aws:sns:us-east-1:123456789012:ExampleTopic",
+                "Subject": "EC2 Run Command Notification us-east-1",
+                "Message": "{\"commandId\":\"6f69316a-e502-5a20-99bc-2408825b6dee\",\"documentName\":\"AWS-RunPatchBaseline\",\"instanceId\":\"i-99999999999999999\",\"requestedDateTime\":\"2023-12-14T10:48:47.127Z\",\"status\":\"Success\",\"detailedStatus\":\"Success\",\"eventTime\":\"2023-12-14T10:52:22.114Z\"}",
+                "Timestamp": "2023-12-14T10:52:22.173Z",
+                "SignatureVersion": "1",
+                "Signature": "EXAMPLE",
+                "SigningCertUrl": "EXAMPLE",
+                "UnsubscribeUrl": "EXAMPLE",
+                "MessageAttributes": {}
+            }
+        }
+    ]
+}
diff --git a/functions/notify_slack.py b/functions/notify_slack.py
@@ -31,6 +31,7 @@ class AwsService(Enum):
 
     cloudwatch = "cloudwatch"
     guardduty = "guardduty"
+    systems_manager = "systems-manager"
 
 
 def decrypt_url(encrypted_url: str) -> str:
@@ -266,6 +267,77 @@ def format_aws_health(message: Dict[str, Any], region: str) -> Dict[str, Any]:
     }
 
 
+class SSMRunCommandStatus(Enum):
+    """Maps System Manager Run Command status to Slack message format color"""
+
+    Success = "good"
+    TimedOut = "danger"
+    Failed = "danger"
+
+
+def format_ssm_run_command(message: Dict[str, Any], region: str) -> Dict[str, Any]:
+    """
+    Format AWS System Manager Run Document event into Slack message format
+
+    :params message: SNS message body containing AWS Health event
+    :params region: AWS region where the event originated from
+    :returns: formatted Slack message payload
+    """
+
+    systems_manager_url = get_service_url(region=region, service="systems_manager")
+    run_command_url = systems_manager_url.replace(
+        "/home", f"/run-command/{message.get('commandId')}"
+    )
+
+    return {
+        "color": SSMRunCommandStatus[message.get("status")].value,
+        "text": f"EC2 Run Command Notification {region}",
+        "fallback": f"EC2 Run Command Notification  {region}",
+        "fields": [
+            {
+                "title": "Command Id",
+                "value": f"`{message.get('commandId')}`",
+                "short": False,
+            },
+            {
+                "title": "Document Name",
+                "value": f"`{message.get('documentName')}`",
+                "short": True,
+            },
+            {
+                "title": "Instance Id",
+                "value": f"`{message.get('instanceId')}`",
+                "short": True,
+            },
+            {
+                "title": "Requested Time",
+                "value": f"`{message.get('requestedDateTime')}`",
+                "short": True,
+            },
+            {
+                "title": "Event Time",
+                "value": f"`{message.get('eventTime')}`",
+                "short": True,
+            },
+            {
+                "title": "Status",
+                "value": f"`{message.get('status')}`",
+                "short": True,
+            },
+            {
+                "title": "Detailed Status",
+                "value": f"`{message.get('detailedStatus')}`",
+                "short": True,
+            },
+            {
+                "title": "Link to Event",
+                "value": f"{run_command_url}",
+                "short": False,
+            },
+        ],
+    }
+
+
 def format_default(
     message: Union[str, Dict], subject: Optional[str] = None
 ) -> Dict[str, Any]:
@@ -344,6 +416,10 @@ def get_slack_message_payload(
         notification = format_aws_health(message=message, region=message["region"])
         attachment = notification
 
+    elif "documentName" in message:
+        notification = format_ssm_run_command(message=message, region=region)
+        attachment = notification
+
     elif "attachments" in message or "text" in message:
         payload = {**payload, **message}
 
diff --git a/functions/snapshots/snap_notify_slack_test.py b/functions/snapshots/snap_notify_slack_test.py
@@ -4,6 +4,7 @@
 
 from snapshottest import Snapshot
 
+
 snapshots = Snapshot()
 
 snapshots[
@@ -231,6 +232,163 @@
     }
 ]
 
+snapshots[
+    "test_event_get_slack_message_payload_snapshots event_ssm_run_command_event_failed.json"
+] = [
+    {
+        "attachments": [
+            {
+                "color": "danger",
+                "fallback": "EC2 Run Command Notification  us-east-1",
+                "fields": [
+                    {
+                        "short": False,
+                        "title": "Command Id",
+                        "value": "`6f69316a-e502-5a20-99bc-2408825b6dee`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Document Name",
+                        "value": "`AWS-RunPatchBaseline`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Instance Id",
+                        "value": "`i-99999999999999999`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Requested Time",
+                        "value": "`2023-12-14T10:48:47.127Z`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Event Time",
+                        "value": "`2023-12-14T10:52:22.114Z`",
+                    },
+                    {"short": True, "title": "Status", "value": "`Failed`"},
+                    {"short": True, "title": "Detailed Status", "value": "`Failed`"},
+                    {
+                        "short": False,
+                        "title": "Link to Event",
+                        "value": "https://console.aws.amazon.com/systems-manager/run-command/6f69316a-e502-5a20-99bc-2408825b6dee?region=us-east-1",
+                    },
+                ],
+                "text": "EC2 Run Command Notification us-east-1",
+            }
+        ],
+        "channel": "slack_testing_sandbox",
+        "icon_emoji": ":aws:",
+        "username": "notify_slack_test",
+    }
+]
+
+snapshots[
+    "test_event_get_slack_message_payload_snapshots event_ssm_run_command_event_success.json"
+] = [
+    {
+        "attachments": [
+            {
+                "color": "good",
+                "fallback": "EC2 Run Command Notification  us-east-1",
+                "fields": [
+                    {
+                        "short": False,
+                        "title": "Command Id",
+                        "value": "`6f69316a-e502-5a20-99bc-2408825b6dee`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Document Name",
+                        "value": "`AWS-RunPatchBaseline`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Instance Id",
+                        "value": "`i-99999999999999999`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Requested Time",
+                        "value": "`2023-12-14T10:48:47.127Z`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Event Time",
+                        "value": "`2023-12-14T10:52:22.114Z`",
+                    },
+                    {"short": True, "title": "Status", "value": "`Success`"},
+                    {"short": True, "title": "Detailed Status", "value": "`Success`"},
+                    {
+                        "short": False,
+                        "title": "Link to Event",
+                        "value": "https://console.aws.amazon.com/systems-manager/run-command/6f69316a-e502-5a20-99bc-2408825b6dee?region=us-east-1",
+                    },
+                ],
+                "text": "EC2 Run Command Notification us-east-1",
+            }
+        ],
+        "channel": "slack_testing_sandbox",
+        "icon_emoji": ":aws:",
+        "username": "notify_slack_test",
+    }
+]
+
+snapshots[
+    "test_event_get_slack_message_payload_snapshots event_ssm_run_command_event_timedout.json"
+] = [
+    {
+        "attachments": [
+            {
+                "color": "danger",
+                "fallback": "EC2 Run Command Notification  us-east-1",
+                "fields": [
+                    {
+                        "short": False,
+                        "title": "Command Id",
+                        "value": "`6f69316a-e502-5a20-99bc-2408825b6dee`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Document Name",
+                        "value": "`AWS-RunPatchBaseline`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Instance Id",
+                        "value": "`i-99999999999999999`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Requested Time",
+                        "value": "`2023-12-14T10:48:47.127Z`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Event Time",
+                        "value": "`2023-12-14T10:52:22.114Z`",
+                    },
+                    {"short": True, "title": "Status", "value": "`TimedOut`"},
+                    {
+                        "short": True,
+                        "title": "Detailed Status",
+                        "value": "`DeliveryTimedOut`",
+                    },
+                    {
+                        "short": False,
+                        "title": "Link to Event",
+                        "value": "https://console.aws.amazon.com/systems-manager/run-command/6f69316a-e502-5a20-99bc-2408825b6dee?region=us-east-1",
+                    },
+                ],
+                "text": "EC2 Run Command Notification us-east-1",
+            }
+        ],
+        "channel": "slack_testing_sandbox",
+        "icon_emoji": ":aws:",
+        "username": "notify_slack_test",
+    }
+]
+
 snapshots[
     "test_sns_get_slack_message_payload_snapshots message_cloudwatch_alarm.json"
 ] = [
@@ -406,6 +564,57 @@
     }
 ]
 
+snapshots[
+    "test_sns_get_slack_message_payload_snapshots message_ssm_run_command_event.json"
+] = [
+    {
+        "attachments": [
+            {
+                "color": "good",
+                "fallback": "EC2 Run Command Notification  us-east-1",
+                "fields": [
+                    {
+                        "short": False,
+                        "title": "Command Id",
+                        "value": "`6f69316a-e502-5a20-99bc-2408825b6dee`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Document Name",
+                        "value": "`AWS-RunPatchBaseline`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Instance Id",
+                        "value": "`i-99999999999999999`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Requested Time",
+                        "value": "`2023-12-14T10:48:47.127Z`",
+                    },
+                    {
+                        "short": True,
+                        "title": "Event Time",
+                        "value": "`2023-12-14T10:52:22.114Z`",
+                    },
+                    {"short": True, "title": "Status", "value": "`Success`"},
+                    {"short": True, "title": "Detailed Status", "value": "`Success`"},
+                    {
+                        "short": False,
+                        "title": "Link to Event",
+                        "value": "https://console.aws.amazon.com/systems-manager/run-command/6f69316a-e502-5a20-99bc-2408825b6dee?region=us-east-1",
+                    },
+                ],
+                "text": "EC2 Run Command Notification us-east-1",
+            }
+        ],
+        "channel": "slack_testing_sandbox",
+        "icon_emoji": ":aws:",
+        "username": "notify_slack_test",
+    }
+]
+
 snapshots["test_sns_get_slack_message_payload_snapshots message_text_message.json"] = [
     {
         "attachments": [
