Skip to content

Commit

Permalink
Merge pull request airbnb#509 from airbnb/jacknaglieri-cloudtrail-eve…
Browse files Browse the repository at this point in the history 
…nt-patterns-fix

[cli][tf] bug fix for custom event patterns + cleanup
  • Loading branch information
@jacknagz
jacknagz authored Dec 5, 2017
2 parents 1c00060 + 2b5ad06 commit a4de47b
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 11 deletions.
16 changes: 11 additions & 5 deletions stream_alert_cli/terraform/cloudtrail.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@ def generate_cloudtrail(cluster_name, cluster_dict, config):
enabled_legacy = modules['cloudtrail'].get('enabled')
cloudtrail_enabled = modules['cloudtrail'].get('enable_logging')
kinesis_enabled = modules['cloudtrail'].get('enable_kinesis')
account_ids = list(set(
[config['global']['account']['aws_account_id']] +
modules['cloudtrail'].get('cross_account_ids', [])))
account_ids = list(
set([config['global']['account']['aws_account_id']] + modules['cloudtrail'].get(
'cross_account_ids', [])))

# Allow for backwards compatilibity
if enabled_legacy:
Expand All @@ -51,8 +51,14 @@ def generate_cloudtrail(cluster_name, cluster_dict, config):

existing_trail = modules['cloudtrail'].get('existing_trail', False)
is_global_trail = modules['cloudtrail'].get('is_global_trail', True)
event_pattern_default = {'account': [config['global']['account']['aws_account_id']]}
event_pattern = modules['cloudtrail'].get('event_pattern', event_pattern_default)

event_pattern_default = json.dumps({'account': [config['global']['account']['aws_account_id']]})
try:
event_pattern = json.loads(modules['cloudtrail'].get('event_pattern',
event_pattern_default))
except ValueError:
LOGGER_CLI.error('Event Pattern is not valid JSON')
return False

# From here: http://amzn.to/2zF7CS0
valid_event_pattern_keys = {
Expand Down
6 changes: 4 additions & 2 deletions terraform/modules/tf_stream_alert_cloudtrail/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
// StreamAlert CloudTrail
resource "aws_cloudtrail" "streamalert" {
count = "${var.existing_trail ? 0 : 1}"
name = "${var.prefix}.${var.cluster}.streamalert.cloudtrail"
s3_bucket_name = "${aws_s3_bucket.cloudtrail_bucket.id}"
enable_log_file_validation = true
enable_logging = "${var.enable_logging}"
include_global_service_events = true
is_multi_region_trail = "${var.is_global_trail}"
count = "${var.existing_trail ? 0 : 1}"
}

// S3 bucket for CloudTrail output
resource "aws_s3_bucket" "cloudtrail_bucket" {
count = "${var.existing_trail ? 0 : 1}"
bucket = "${var.prefix}.${var.cluster}.streamalert.cloudtrail"
force_destroy = false
count = "${var.existing_trail ? 0 : 1}"

versioning {
enabled = true
Expand All @@ -33,6 +33,8 @@ resource "aws_s3_bucket" "cloudtrail_bucket" {
}

data "aws_iam_policy_document" "cloudtrail_bucket" {
count = "${var.existing_trail ? 0 : 1}"

statement {
sid = "AWSCloudTrailAclCheck"

Expand Down
10 changes: 6 additions & 4 deletions tests/unit/stream_alert_cli/terraform/test_generate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
See the License for the specific language governing permissions and
limitations under the License.
"""
import json

from stream_alert_cli.config import CLIConfig
from stream_alert_cli.terraform import (
_common,
Expand Down Expand Up @@ -347,13 +349,13 @@ def test_generate_cloudtrail_all_options(self):
'enable_kinesis': True,
'existing_trail': False,
'is_global_trail': False,
'event_pattern': {
'event_pattern': json.dumps({
'source': ['aws.ec2'],
'account': '12345678910',
'detail': {
'state': ['running']
}
}
})
}
cloudtrail.generate_cloudtrail(
cluster_name,
Expand Down Expand Up @@ -386,9 +388,9 @@ def test_generate_cloudtrail_invalid_event_pattern(self, mock_logging):
'enable_kinesis': True,
'existing_trail': False,
'is_global_trail': False,
'event_pattern': {
'event_pattern': json.dumps({
'invalid': ['aws.ec2']
}
})
}
result = cloudtrail.generate_cloudtrail(cluster_name, self.cluster_dict, self.config)
assert_false(result)
Expand Down

0 comments on commit a4de47b

Please sign in to comment.