From 2a31feedb334f8cb9107109e6d5b105ae8f27476 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Wed, 22 May 2024 12:25:18 -0400 Subject: [PATCH 1/3] fix(aws): ensure cloud_provider is not empty --- fig/backends/aws/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fig/backends/aws/__init__.py b/fig/backends/aws/__init__.py index 823c90b..4971ae5 100644 --- a/fig/backends/aws/__init__.py +++ b/fig/backends/aws/__init__.py @@ -188,7 +188,8 @@ def __init__(self): log.info("AWS Backend is enabled.") def is_relevant(self, falcon_event): - return falcon_event.cloud_provider[:3].upper() == 'AWS' + if falcon_event.cloud_provider is not None: + return falcon_event.cloud_provider[:3].upper() == 'AWS' def process(self, falcon_event): Submitter(falcon_event).submit() From 066cb4409de0f262a614902e37f8439b669ec656 Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Wed, 22 May 2024 12:25:40 -0400 Subject: [PATCH 2/3] docs(aws): minor update for instance profile role --- docs/aws/manual/README.md | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/docs/aws/manual/README.md b/docs/aws/manual/README.md index a589b8f..c371fec 100644 --- a/docs/aws/manual/README.md +++ b/docs/aws/manual/README.md @@ -57,23 +57,8 @@ This will be used to grant the EC2 instance access to the Security Hub and EC2 A 1. Navigate to the [IAM Roles](https://console.aws.amazon.com/iam/home#/roles) page 1. Click the **Create role** button -1. Select **Custom trust policy** and paste the following policy into the editor: - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - ``` - +1. Select **AWS service** as the trusted entity +1. Select **EC2** as the service/use-case that will use this role 1. Click the **Next** button 1. Search for the policy you created in the previous step (e.g. `FIG-SecurityHub-Access-Policy`) and select it 1. Click the **Next** button From a30904cd96aadc49e2cee34575b879cd813d825a Mon Sep 17 00:00:00 2001 From: Carlos Matos Date: Wed, 22 May 2024 12:30:40 -0400 Subject: [PATCH 3/3] lint(aws): add return expression pylint --- fig/backends/aws/__init__.py | 1 + 1 file changed, 1 insertion(+) diff --git a/fig/backends/aws/__init__.py b/fig/backends/aws/__init__.py index 4971ae5..944a1c0 100644 --- a/fig/backends/aws/__init__.py +++ b/fig/backends/aws/__init__.py @@ -190,6 +190,7 @@ def __init__(self): def is_relevant(self, falcon_event): if falcon_event.cloud_provider is not None: return falcon_event.cloud_provider[:3].upper() == 'AWS' + return False def process(self, falcon_event): Submitter(falcon_event).submit()