Automated Security Response on AWS is an add-on solution that works with AWS Security Hub to provide a ready-to-deploy architecture and a library of automated playbooks. The solution makes it easier for AWS Security Hub customers to resolve common security findings and to improve their security posture in AWS.
BUG: The control RDS.4 for the AFSBP standards contains an SSM document uses a line of Regex to find matched ARN's for RDS backups to encrypt, however the existing regex does not properly match arn's that follow the format arn:aws:rds:::snapshot:awsbackup:job- (See screenshot below).
ORIGINAL REGEX:
However, the following regex does match. I would imagine that these snapshot arn's, despite their format, would be supported by this remediation, however even after making these regex changes it seems that the remediation still fails to execute correctly. This is the only control that I have been having trouble getting to work. When the snapshots follow the ARN naming convention above they fail 100% of the time.
MODIFIED REGEX: (With added ':')
ERROR:
message:Step fails when it is Poll action status for completion. Traceback (most recent call last):
File "/tmp/98790b39-8f69-43d0-8897-18816cb22546-2023-03-27-18-38-59/customer_script.py", line 178, in parse_event
finding_event = FindingEvent(event['Finding'], event['parse_id_pattern'], event['expected_control_id'], event.get('resource_index', 1))
File "/tmp/98790b39-8f69-43d0-8897-18816cb22546-2023-03-27-18-38-59/customer_script.py", line 126, in __init__
self._get_resource_id(parse_id_pattern, resource_index) # self.resource_id, self.resource_id_matches
File "/tmp/98790b39-8f69-43d0-8897-18816cb22546-2023-03-27-18-38-59/customer_script.py", line 85, in _get_resource_id
exit(f'ERROR: Invalid resource Id {identifier_raw}')
File "/var/lang/lib/python3.8/_sitebuiltins.py", line 26, in __call__
raise SystemExit(code)
SystemExit: ERROR: Invalid resource Id arn:aws:rds:us-west-2:11111111111111:snapshot:awsbackup:job-656bc5ad-b20e-9b9e-43c8-bcd5643f7d0a
SystemExit - ERROR: Invalid resource Id ...
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Issue #, if available:
BUG: The control RDS.4 for the AFSBP standards contains an SSM document uses a line of Regex to find matched ARN's for RDS backups to encrypt, however the existing regex does not properly match arn's that follow the format arn:aws:rds:::snapshot:awsbackup:job- (See screenshot below).
ORIGINAL REGEX:
However, the following regex does match. I would imagine that these snapshot arn's, despite their format, would be supported by this remediation, however even after making these regex changes it seems that the remediation still fails to execute correctly. This is the only control that I have been having trouble getting to work. When the snapshots follow the ARN naming convention above they fail 100% of the time.
MODIFIED REGEX: (With added ':')
ERROR:
SystemExit - ERROR: Invalid resource Id ...
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.