in source/cdk-deployment-samples/deployment_samples/deployment_samples_stack.py [0:0]
def __init__(self, scope: cdk.Construct, construct_id: str,
**kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
log_bucket_name = cdk.Fn.import_value('sime-log-bucket-name')
service_role_kdf_to_s3 = cdk.Fn.import_value(
'siem-kdf-to-s3-role-name')
cwe_frequency = cdk.CfnParameter(
self, 'cweRulesFrequency', type='Number',
description=(
'How often do you get WorkSpaces Inventory? (every minutes)'),
default=720)
kdf_workspaces_name = cdk.CfnParameter(
self, 'KdfWorkSpacesName',
description=(
'Kinesis Data Firehose Name to deliver workspaces event'),
default='siem-workspaces-event-to-s3',)
kdf_buffer_size = cdk.CfnParameter(
self, 'KdfBufferSize', type='Number',
description='Enter a buffer size between 1 - 128 (MiB)',
default=1, min_value=1, max_value=128)
kdf_buffer_interval = cdk.CfnParameter(
self, 'KdfBufferInterval', type='Number',
description='Enter a buffer interval between 60 - 900 (seconds.)',
default=60, min_value=60, max_value=900)
role_get_workspaces_inventory = aws_iam.Role(
self, 'getWorkspacesInventoryRole',
role_name='siem-get-workspaces-inventory-role',
inline_policies={
'describe-workspaces': aws_iam.PolicyDocument(
statements=[
aws_iam.PolicyStatement(
actions=['workspaces:Describe*'], resources=['*'],
sid='DescribeWorkSpacesPolicyGeneratedBySeimCfn')
]
),
'firehose-to-s3': aws_iam.PolicyDocument(
statements=[
aws_iam.PolicyStatement(
actions=['s3:PutObject'],
resources=[f'arn:aws:s3:::{log_bucket_name}/*'],
sid='FirehoseToS3PolicyGeneratedBySeimCfn'
)
]
)
},
managed_policies=[
aws_iam.ManagedPolicy.from_aws_managed_policy_name(
'service-role/AWSLambdaBasicExecutionRole'),
],
assumed_by=aws_iam.ServicePrincipal('lambda.amazonaws.com')
)
# Lambda Functions to get workspaces inventory
lambda_func = aws_lambda.Function(
self, 'lambdaGetWorkspacesInventory',
runtime=aws_lambda.Runtime.PYTHON_3_8,
code=aws_lambda.InlineCode(LAMBDA_GET_WORKSPACES_INVENTORY),
function_name='siem-get-workspaces-inventory',
description='SIEM: get workspaces inventory',
handler='index.lambda_handler',
timeout=cdk.Duration.seconds(300),
role=role_get_workspaces_inventory,
environment={'log_bucket_name': log_bucket_name}
)
rule = aws_events.Rule(
self, 'eventBridgeRuleWorkSpaceInventory',
rule_name='siem-workspaces-inventory-to-lambda',
schedule=aws_events.Schedule.rate(
cdk.Duration.minutes(cwe_frequency.value_as_number)))
rule.add_target(aws_events_targets.LambdaFunction(lambda_func))
kdf_to_s3 = aws_kinesisfirehose.CfnDeliveryStream(
self, "KDFForWorkSpacesEvent",
delivery_stream_name=kdf_workspaces_name.value_as_string,
s3_destination_configuration=CDS.S3DestinationConfigurationProperty(
bucket_arn=f'arn:aws:s3:::{log_bucket_name}',
prefix=f'AWSLogs/{cdk.Aws.ACCOUNT_ID}/WorkSpaces/Event/',
compression_format='GZIP',
buffering_hints=CDS.BufferingHintsProperty(
interval_in_seconds=kdf_buffer_interval.value_as_number,
size_in_m_bs=kdf_buffer_size.value_as_number),
role_arn=(f'arn:aws:iam::{cdk.Aws.ACCOUNT_ID}:role/'
f'service-role/{service_role_kdf_to_s3}')
)
)
pattern = aws_events.EventPattern(
detail_type=["WorkSpaces Access"], source=['aws.workspaces'])
aws_events.Rule(
self, 'eventBridgeRuleWorkSpacesEvent', event_pattern=pattern,
rule_name='siem-workspaces-event-to-kdf',
targets=[aws_events_targets.KinesisFirehoseStream(kdf_to_s3)])