search

aws-solutions / automated-security-response-on-aws

Automated Security Response on AWS is an add-on solution that works with AWS Security Hub to provide a ready-to-deploy architecture and a library of automated playbooks. The solution makes it easier for AWS Security Hub customers to resolve common security findings and to improve their security posture in AWS.
https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/
Apache License 2.0
359 stars 102 forks source link

I think the FindInMapping here is wrong #189

Closed jasoncao99 closed 6 months ago

jasoncao99 commented 6 months ago

https://github.com/aws-solutions/automated-security-response-on-aws/blob/5244c64437f7eeaf77790b6bd95e60a8087eda82/source/lib/common-orchestrator-construct.ts#L532C6-L532C20

This line was causing errors when I was deploying ASR into my organization. Not sure why "-reference" is appended to the bucket name. Worked when I removed it.

AaronSchuetter commented 6 months ago

In the Build and Deploy section of the README, it is noted that the template bucket should have the "-reference" suffix.

Build and Deploy

AWS Solutions use two buckets: a bucket for global access to templates, which is accessed via HTTPS, and regional buckets for access to assets within the region, such as Lambda code. You will need:

One global bucket that is access via the http end point. AWS CloudFormation templates are stored here. It must end with "-reference. Ex. "mybucket-reference"
One regional bucket for each region where you plan to deploy using the name of the global bucket as the root, and suffixed with the region name. Ex. "mybucket-us-east-1"
Your buckets should be encrypted and disallow public access

Note: When creating your buckets, ensure they are not publicly accessible. Use random bucket names. Disable public access. Use KMS encryption. And verify bucket ownership before uploading.