in AssumeRoleWatchDog/src/main/java/tenant/watchdog/WatchdogHandler.java [35:59]
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context) throws IOException {
LambdaLogger logger = context.getLogger();
try (BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.US_ASCII))) {
Event event = gson.fromJson(reader, Event.class);
String eventName = event.getDetail().getEventName();
if(eventName.equals("AssumeRole")) {
String policy = event.getDetail().getRequestParameters().getPolicy();
String roleArn = event.getDetail().getRequestParameters().getRoleArn();
logger.log("RoleArn: " + roleArn);
logger.log("Policy: " + policy);
if(policy == null || (!policy.contains(searchString))) {
// Publish a message to an Amazon SNS topic.
final String msg = "A call to AssumeRoll was made without an inline policy.";
PublishRequest publishRequest = PublishRequest.builder()
.message(msg)
.topicArn(topicArn)
.build();
snsClient.publish(publishRequest);
}
}
} catch (IllegalStateException | JsonSyntaxException exception) {
logger.log(exception.toString());
}
}