def check_macie_sensitive_data()

in security_hub_correlation_cdk/lambdas/create_sh_finding/create_sh_finding.py [0:0]

• 19 lines of code
• 4 McCabe index (conditional complexity)

def check_macie_sensitive_data(sh_resource, ddbtable):
    macie_sensitive_data_findings = [
        'Sensitive Data Identifications/PII/SensitiveData:S3Object-Credentials',
        'Sensitive Data Identifications/PII/SensitiveData:S3Object-CustomIdentifier',
        'Sensitive Data Identifications/PII/SensitiveData:S3Object-Financial',
        'Sensitive Data Identifications/PII/SensitiveData:S3Object-Multiple',
        'Sensitive Data Identifications/PII/SensitiveData:S3Object-Personal'
        ]
    try:
        for item in macie_sensitive_data_findings:
            macie_sensitive_payload = ddbtable.query(
            IndexName= DYNAMODB_GSI_TYPE,
            KeyConditionExpression=Key('ResourceId').eq(sh_resource) & Key('Types').eq(item)
            )
            if macie_sensitive_payload['Count'] >= 1:
                logger.info('Found Macie finding for S3 bucket with sensitive data {}.'.format(sh_resource))
                return macie_sensitive_payload
    except ClientError as error_handle:
        logger.error(error_handle.dynamodb_match['Error']['Code'])