in security_hub_correlation_cdk/lambdas/create_sh_finding/create_sh_finding.py [0:0]
def check_sh_ec2_public(sh_resource, ddbtable):
sh_finding_type = 'Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices'
sh_public_ip_string = 'aws-foundational-security-best-practices/v/1.0.0/EC2.9'
sh_unrestrict_sg_string = 'aws-foundational-security-best-practices/v/1.0.0/EC2.18'
try:
sh_public_payload = ddbtable.query(
IndexName= DYNAMODB_GSI_TYPE,
KeyConditionExpression=Key('ResourceId').eq(sh_resource) & Key('Types').eq(sh_finding_type)
)
if sh_public_payload['Count'] >= 1:
if sh_public_ip_string in sh_public_payload['Items'][0]['GeneratorId']:
logger.info('Found Security Hub finding for public IPv4 address for {}.'.format(sh_resource))
return sh_public_payload
elif sh_unrestrict_sg_string in sh_public_payload['Items'][0]['GeneratorId']:
logger.info('Found Security Hub finding for Security Group allowing unrestricted incoming ports for {}.'.format(sh_resource))
return sh_public_payload
except ClientError as error_handle:
logger.error(error_handle.dynamodb_match['Error']['Code'])