in traffic_mirroring/cloudwatch_event_handler.py [0:0]
def parse_guardduty_event(event):
if "resource" in event["detail"] and event["detail"]["resource"]["resourceType"] == "Instance":
instance_details = event["detail"]["resource"]["instanceDetails"]
# Extracting only primary interface
network_interface_id = instance_details["networkInterfaces"][0]["networkInterfaceId"]
subnet_id = instance_details["networkInterfaces"][0]["subnetId"]
vpc_id = instance_details["networkInterfaces"][0]["vpcId"]
tags = parse_instance_tags(instance_details)
return Instance(network_interface_id, subnet_id, vpc_id, tags)
return None