aws-ia · aarthkan · May 19, 2023 · Apr 13, 2023 · Apr 13, 2023 · Apr 13, 2023
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "submodules/cfn-abi-aws-cloudtrail"]
+	path = submodules/cfn-abi-aws-cloudtrail
+	url = git@github.com:aws-ia/cfn-abi-aws-cloudtrail.git
diff --git a/.project_automation/functional_tests/entrypoint.sh b/.project_automation/functional_tests/entrypoint.sh
@@ -21,8 +21,21 @@ unset AWS_DEFAULT_REGION
 
 echo $AWS_DEFAULT_REGION
 # Run taskcat e2e test
-taskcat test run
+taskcat test run -t  horizon-test
 
+for region in ${regions[@]}
+do
+    echo "Cleanup running in region: $region"
+    export AWS_DEFAULT_REGION=$region
+    python3 scripts/cleanup_config.py -C scripts/cleanup_config.json
+done
+
+echo $AWS_DEFAULT_REGION
+unset AWS_DEFAULT_REGION
+
+echo $AWS_DEFAULT_REGION
+# Run taskcat e2e test
+taskcat test run -t  horizon-test-ct
 ## Executing ash tool
 
 #find ${PROJECT_PATH} -name lambda.zip -exec rm -rf {} \;

diff --git a/.taskcat.yml b/.taskcat.yml
@@ -2,7 +2,7 @@ project:
   name: cfn-abi-crowdstrike-fcs
   owner: support@crowdstrike.com # to be updated
   shorten_stack_name: true
-  s3_regional_buckets: true
+  s3_regional_buckets: false
   regions:
   - us-east-1
 
@@ -17,3 +17,14 @@ tests:
     regions:
     - us-east-1
     template: templates/horizon_init_stack.yaml
+  horizon-test-ct:
+    parameters:
+      FalconClientID: $[taskcat_ssm_/crowdstrike/falcon_client_id]
+      FalconSecret: $[taskcat_ssm_/crowdstrike/falcon_secret]
+      SourceS3BucketName: $[taskcat_autobucket]
+      S3BucketRegion: $[taskcat_current_region]
+      pOrganizationId: $[taskcat_ssm_/crowdstrike/organization-id]
+      CreateOrgTrail: "true"
+    regions:
+    - us-east-1
+    template: templates/horizon_init_stack.yaml
diff --git a/lambda_functions/packages/register-organization/lambda.zip b/lambda_functions/packages/register-organization/lambda.zip
diff --git a/submodules/cfn-abi-aws-cloudtrail b/submodules/cfn-abi-aws-cloudtrail
diff --git a/templates/horizon_init_stack.yaml b/templates/horizon_init_stack.yaml
@@ -18,7 +18,6 @@ Metadata:
           - StackSetAdminRole
           - StackSetExecRole
           - CreateOrgTrail
-          - TrailName
       - Label:
           default: AWS S3 Bucket 
         Parameters:
@@ -51,8 +50,6 @@ Metadata:
         default: StackSet Administration Role
       CreateOrgTrail:
         default: Create Optional Organization CloudTrail
-      TrailName:
-        default: Name of Optional Organization CloudTrail
       pOrganizationId:
         default: (Optional) AWS Organization ID
 
@@ -115,9 +112,6 @@ Parameters:
       - 'true'
       - 'false'
     Default: 'false'
-  TrailName:
-    Type: String
-    Default: "crowdstrike-horizon-trail"
   pOrganizationId:
     AllowedPattern: '^$|^o-[a-z0-9]{10,32}$'
     ConstraintDescription: Must start with 'o-' followed by from 10 to 32 lowercase letters or digits. (e.g. o-abc1234567)
@@ -141,54 +135,14 @@ Mappings:
       CSRoleName: "CrowdStrikeCSPMConnector"
 
 Resources:  
-  # Create trail, bucket, and bucket policy to enable EB event collection
-  TrailBucket:
-    Condition: CreateTrail
-    Type: AWS::S3::Bucket
-    DeletionPolicy: Delete
-    Properties:
-      AccessControl: Private
-  Trail:
+  CloudTrailStack:
+    Type: 'AWS::CloudFormation::Stack'
     Condition: CreateTrail
-    Type: AWS::CloudTrail::Trail
-    DependsOn: BucketPolicy
     Properties:
-      S3BucketName: !Ref TrailBucket
-      IsLogging: true
-      TrailName: !Sub ${TrailName}
-      IncludeGlobalServiceEvents: true
-      IsMultiRegionTrail: true
-      IsOrganizationTrail: true
-      S3KeyPrefix: cloudtrail-logs
-      EventSelectors:
-        - IncludeManagementEvents: true
-  BucketPolicy:  
-    Condition: CreateTrail
-    Type: AWS::S3::BucketPolicy
-    Properties: 
-      Bucket: !Ref TrailBucket
-      PolicyDocument:
-        Version: '2012-10-17'
-        Statement:
-        - Sid: AWSCloudTrailAclCheck20150319
-          Effect: Allow
-          Principal:
-            Service: cloudtrail.amazonaws.com
-          Action: s3:GetBucketAcl
-          Resource: !Sub arn:aws:s3:::${TrailBucket}
-          Condition:
-            StringEquals:
-              AWS:SourceArn: !Sub arn:aws:cloudtrail:${AWS::Region}:${AWS::AccountId}:trail/${TrailName}
-        - Sid: AWSCloudTrailWrite20150319
-          Effect: Allow
-          Principal:
-            Service: cloudtrail.amazonaws.com
-          Action: s3:PutObject
-          Resource: !Sub arn:aws:s3:::${TrailBucket}/*
-          Condition:
-            StringEquals:
-              s3:x-amz-acl: bucket-owner-full-control
-              AWS:SourceArn: !Sub arn:aws:cloudtrail:${AWS::Region}:${AWS::AccountId}:trail/${TrailName}
+      TemplateURL: !Sub https://${SourceS3BucketName}.s3.${S3BucketRegion}.${AWS::URLSuffix}/${StagingS3KeyPrefix}/submodules/cfn-abi-aws-cloudtrail/templates/sra-cloudtrail-enable-in-org-ssm.yaml
+      Parameters:
+        pSRAS3BucketRegion: !Ref S3BucketRegion
+        pEnableDataEventsOnly: false
 
 # Create CSPM Role and StackSet
   CrowdStrikeCSPMRole: