def lambda_handler()

in aws-auditmanager-securityhub/lambda/CustomAuditManagerFramework_Lambda.py [0:0]


def lambda_handler(event, context):
   
    print ("boto3 version: " +  boto3.__version__)
    auditmanager = boto3.client('auditmanager')
    ssm = boto3.client('ssm')

    logger.info('EVENT Received: {}'.format(event))
    responseData = {}
    controlSets_List =[]

    #Handle cfnsend delete event
    eventType = event['RequestType']
    if eventType == 'Delete':
        logger.info(f'Request Type is Delete; unsupported')
        cfnsend(event, context, 'SUCCESS', responseData)
        return 'SUCCESS'
    
    #Create a Custom Security Hub IAM Audit Manager Control
    iam_controls = ['IAM.1', 'IAM.2', 'IAM.3', 'IAM.4', 'IAM.5', 'IAM.6', 'PCI.IAM.7', '1.16', '1.20', 'PCI.IAM.8']
    iam_controlid = create_custom_auditmanager_control(iam_controls,'IAM')
    
    #Create a Custom Security Hub IAM Control Set   
    sh_iam_controlset = {}
    sh_iam_controlset['name'] = 'Custom Security Hub IAM Control Set'
    sh_iam_controlset['controls'] = []
    iam_controldict ={}
    iam_controldict['id'] =  iam_controlid
    sh_iam_controlset['controls'].append(iam_controldict)
    controlSets_List.append(sh_iam_controlset)
 
    #Create a Custom Security Hub Montoring Audit Manager Control
    monitoring_controls = ['APIGateway.1', '2.9', '3.10', '3.11', '3.12', '3.13', '3.14', 'PCI.EC2.6']
    monitoring_controlid = create_custom_auditmanager_control(monitoring_controls, 'Monitoring')
    
    #Create a Custom Security Hub Monitoring Control Set   
    sh_mon_controlset = {}
    sh_mon_controlset['name'] = 'Custom Security Hub Monitoring Control Set'
    sh_mon_controlset['controls'] = []
    mon_controldict ={}
    mon_controldict['id'] =  monitoring_controlid
    sh_mon_controlset['controls'].append(mon_controldict)
    controlSets_List.append(sh_mon_controlset)

    #Create a Custom Security Hub Framework that contains 1) IAM Control Set and 2) Network Monitoring Control Set
    
    response_framework = auditmanager.create_assessment_framework(name='Security Hub Custom Framework',
                            controlSets=controlSets_List)
   
    #Write the framework id to the parameter
    frameworkid = response_framework['framework']['id']
    # write to ssm parameter store
    ssm.put_parameter(Name='CustomSecurityHubFrameworkID', Type='String', Value=frameworkid, Overwrite=True)
    print('frameworkId is ' + frameworkid)
    
    cfnsend(event, context, 'SUCCESS', responseData)
    return 'SUCCESS'