in source/lib/ssmplaybook.ts [228:300]
constructor(scope: cdk.Construct, id: string, props: IOneTriggerProps) {
super(scope, id);
const stack = cdk.Stack.of(this)
// Event to Step Function
// ----------------------
// Create CWE rule
// Create custom action
let description = `Remediate with SHARR`
if (props.description) {
description = props.description
}
let complianceStatusFilter = {
"Status": [ "FAILED", "WARNING" ]
}
const stateMachine = StateMachine.fromStateMachineArn(this, 'orchestrator', props.targetArn);
// Note: Id is max 20 characters
const customAction = new cdk.CustomResource(this, 'Custom Action', {
serviceToken: props.serviceToken,
resourceType: 'Custom::ActionTarget',
properties: {
Name: 'Remediate with SHARR',
Description: 'Submit the finding to AWS Security Hub Automated Response and Remediation',
Id: 'SHARRRemediation'
}
});
{
let child = customAction.node.defaultChild as cdk.CfnCustomResource
for (var prereq of props.prereq) {
child.addDependsOn(prereq)
}
}
// Create an IAM role for Events to start the State Machine
const eventsRole = new Role(this, 'EventsRuleRole', {
assumedBy: new ServicePrincipal('events.amazonaws.com')
});
// Grant the start execution permission to the Events service
stateMachine.grantStartExecution(eventsRole);
// Create an event rule to trigger the step function
const stateMachineTarget: IRuleTarget = {
bind: () => ({
id: '',
arn: props.targetArn,
role: eventsRole
})
};
let eventPattern: EventPattern = {
source: ["aws.securityhub"],
detailType: ["Security Hub Findings - Custom Action"],
resources: [ customAction.getAttString('Arn') ],
detail: {
findings: {
Compliance: complianceStatusFilter
}
}
}
new Rule(this, 'Remediate Custom Action', {
description: description,
enabled: true,
eventPattern: eventPattern,
ruleName: `Remediate_with_SHARR_CustomAction`,
targets: [stateMachineTarget]
})
}