feat: Add account ID to GuardDuty event notification #187
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In order to add this attribute, I validated that even on a single (newly created) AWS account, the GuardDuty event always contains an `AccountID` attribute. The AWS documentation https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html seems to indicate this too. I've modified the sample events and messages to add a bogus `accountId`. Running the `pipenv` commands as per the `README` made some formatting changes on `mylambda.py`, so I am leaving that as suggested by that run. The snapshots also needed updating to reflect the fact that we now have an AccountID in the GuardDuty event/message. Refs waysact/devops#9087
bruno
changed the title
|
I am confused by the failing tests, as I ran the ❯ TAG=latest
❯ docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a
Unable to find image 'ghcr.io/antonbabenko/pre-commit-terraform:latest' locally
[...]
Digest: sha256:64ce1e4b99d85497fe646db0724669039b079b45fa8cd503b4dc23dbdca490ae
Status: Downloaded newer image for ghcr.io/antonbabenko/pre-commit-terraform:latest
[INFO] Initializing environment for https://github.com/antonbabenko/pre-commit-terraform.
[INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks.
[INFO] Installing environment for https://github.com/pre-commit/pre-commit-hooks.
[INFO] Once installed this environment will be reused.
[INFO] This may take a few minutes...
Terraform fmt............................................................Passed
Terraform validate.......................................................Passed
Terraform docs...........................................................Passed
Terraform validate with tflint...........................................Passed
check for merge conflicts................................................Passed
fix end of files.........................................................PassedAm I missing something? |
|
it looks like this workflow didn't get updated yet. If you update the same file from here https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/.github/workflows/pre-commit.yml in this PR it should run the tests successfully |
The pre-commit.yml that I got from the other repo seems to have an extra line at the end, which appears to cause a failure in the TF pre-commit checks (oh, so meta).
bryantbiggs
approved these changes
Jan 26, 2023
|
Sorry @bryantbiggs just noticed that GitHub was complaining about |
antonbabenko
pushed a commit
that referenced
this pull request
Jan 26, 2023
## [5.6.0](v5.5.0...v5.6.0) (2023-01-26) ### Features * Add account ID to GuardDuty event notification ([#187](#187)) ([e3452b4](e3452b4))
|
This PR is included in version 5.6.0 🎉 |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Always show the AWS AccountID that the GuardDuty event is related to.
I've modified the sample events and messages to add a bogus
accountId. Running thepipenvcommands as per theREADMEmade some formatting changes onmylambda.py, so I am leaving that as suggested by that run.The snapshots also needed updating to reflect the fact that we now have an AccountID in the GuardDuty event/message.
It's my first contribution to this repo, so apologies in advance 😄
Motivation and Context
This PR was motivated by the same reasoning I saw in #164. We are using this module to send notifications from multiple AWS accounts to Slack and not having the AccountID visible in the notification was bugging us, as it makes the investigation slightly more tedious.
In order to add this attribute, I validated that even on a single (newly created) AWS account, the GuardDuty event always contains an
AccountIDattribute. The AWS documentation https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html seems to indicate this too. This was achieved by triggering the sample events from the AWS console.Breaking Changes
How Has This Been Tested?
examples/*to demonstrate and validate my change(s)examples/*projectspre-commit run -aon my pull request