Defend Amazon Join from viruses and malware by scanning attachments

const { CfnParameter, CfnCondition, CfnOutput, Fn, Aws } = require('aws-cdk-lib');
const dynamodb = require('aws-cdk-lib/aws-dynamodb');
const cloudwatch = require('aws-cdk-lib/aws-cloudwatch');
const sns = require('aws-cdk-lib/aws-sns');
const lambda = require('aws-cdk-lib/aws-lambda');
const iam = require('aws-cdk-lib/aws-iam');
const logs = require('aws-cdk-lib/aws-logs');
const esbuild = require('esbuild');


operate zipFile(lambdaFile, goal) {
  return esbuild.buildSync({
    entryPoints: [lambdaFile],
    exterior: ['@aws-sdk/*'],
    goal: [target],
    platform: 'node',
    bundle: true,
    write: false
  }).outputFiles[0].textual content;
}

const bucketAVStackName = new CfnParameter(this, 'BucketAVStackName', {
  description: 'CloudFormation stack identify of bucketAV (should you adopted our docs, the identify is bucketav)',
  sort: 'String'
});

const desk = new dynamodb.CfnTable(this, 'Desk', {
  attributeDefinitions: [{
    attributeName: 'id',
    attributeType: 'S'
  }],
  billingMode: 'PAY_PER_REQUEST',
  keySchema: [{
    attributeName: 'id',
    keyType: 'HASH'
  }],
  sseSpecification: {
    sseEnabled: true
  },
  timeToLiveSpecification: {
    attributeName: 'ttl',
    enabled: true
  }
});

const subscriptionLambdaRole = new iam.CfnRole(this, 'SubscriptionLambdaRole', {
  assumeRolePolicyDocument: {
    Model: '2012-10-17',
    Assertion: [{
      Effect: 'Allow',
      Principal: {
        Service: 'lambda.amazonaws.com'
      },
      Action: 'sts:AssumeRole'
    }]
  },
  insurance policies: [{
    policyName: 'lambda',
    policyDocument: {
      Statement: [{
        Effect: 'Allow',
        Action: 'dynamodb:PutItem',
        Resource: table.attrArn
      }]
    }
  }]
});

const subscriptionLambdaFunction = new lambda.CfnFunction(this, 'SubscriptionLambdaFunction', {
  code: {
    zipFile: zipFile('connect-subscription.js', 'node18')
  },
  surroundings: {
    variables: {
      TABLE_NAME: desk.ref
    }
  },
  handler: 'index.handler',
  memorySize: 1769,
  function: subscriptionLambdaRole.attrArn,
  runtime: 'nodejs18.x',
  timeout: 60
});

const subscriptionLambdaPermission = new lambda.CfnPermission(this, 'SubscriptionLambdaPermission', {
  motion: 'lambda:InvokeFunction',
  functionName: subscriptionLambdaFunction.ref,
  principal: 'sns.amazonaws.com',
  sourceArn: Fn.importValue(`${bucketAVStackName.valueAsString}-FindingsTopicArn`)
});

const subscriptionLambdaLogGroup = new logs.CfnLogGroup(this, 'SubscriptionLambdaLogGroup', {
  logGroupName: `/aws/lambda/${subscriptionLambdaFunction.ref}`,
  retentionInDays: 14
});

const subscriptionLambdaPolicy = new iam.CfnPolicy(this, 'SubscriptionLambdaPolicy', {
  roles: [
    subscriptionLambdaRole.ref
  ],
  policyName: 'logs',
  policyDocument: {
    Assertion: [{
      Effect: 'Allow',
      Action: [
        'logs:CreateLogStream',
        'logs:PutLogEvents'
      ],
      Useful resource: subscriptionLambdaLogGroup.attrArn
    }]
  }
});

const subscription = new sns.CfnSubscription(this, 'Subscription', {
  endpoint: subscriptionLambdaFunction.attrArn,
  filterPolicy: {
    trace_id: [{prefix: `bucketav:connect:${Aws.STACK_NAME}:`}]
  },
  protocol: 'lambda',
  topicArn: Fn.importValue(`${bucketAVStackName.valueAsString}-FindingsTopicArn`)
});
subscription.addDependency(subscriptionLambdaPermission);
subscription.addDependency(subscriptionLambdaPolicy);

const connectLambdaRole = new iam.CfnRole(this, 'ConnectLambdaRole', {
  assumeRolePolicyDocument: {
    Model: '2012-10-17',
    Assertion: [{
      Effect: 'Allow',
      Principal: {
        Service: 'lambda.amazonaws.com'
      },
      Action: 'sts:AssumeRole'
    }]
  },
  insurance policies: [{
    policyName: 'lambda',
    policyDocument: {
      Statement: [{
        Effect: 'Allow',
        Action: 'sqs:SendMessage',
        Resource: Fn.importValue(`${bucketAVStackName.valueAsString}-ScanQueueArn`)
      }, {
        Effect: 'Allow',
        Action: 'dynamodb:GetItem',
        Resource: table.attrArn
      }]
    }
  }]
});

const connectLambdaFunction = new lambda.CfnFunction(this, 'ConnectLambdaFunction', {
  code: {
    zipFile: zipFile('join.js', 'node18')
  },
  surroundings: {
    variables: {
      TABLE_NAME: desk.ref,
      STACK_NAME: Aws.STACK_NAME,
      SCAN_QUEUE_URL: Fn.importValue(`${bucketAVStackName.valueAsString}-ScanQueueUrl`)
    }
  },
  handler: 'index.handler',
  memorySize: 1769,
  function: connectLambdaRole.attrArn,
  runtime: 'nodejs18.x',
  timeout: 60 
});

const connectLambdaLogGroup = new logs.CfnLogGroup(this, 'ConnectLambdaLogGroup', {
  logGroupName: `/aws/lambda/${connectLambdaFunction.ref}`,
  retentionInDays: 14
});

new iam.CfnPolicy(this, 'ConnectLambdaPolicy', {
  roles: [
    connectLambdaRole.ref
  ],
  policyName: 'logs',
  policyDocument: {
    Assertion: [{
      Effect: 'Allow',
      Action: [
        'logs:CreateLogStream',
        'logs:PutLogEvents'
      ],
      Useful resource: connectLambdaLogGroup.attrArn
    }]
  }
});

Defend Amazon Join from viruses and malware by scanning attachments

Commerce tensions immediate European companies to rethink cloud methods

How Legit Is Utilizing Traditional Financial Instruments to Forestall Utility Vulnerabilities

How Legit Is Utilizing Traditional Financial Instruments to Forestall Utility Vulnerabilities

Leave a Reply Cancel reply

Trending

UKOUG Convention 2024 | The ORACLE-BASE Weblog

Attacker exploits misconfigured AI device to run AI-generated payload

Search indexes with column granularity in BigQuery

AWS Leads ‘Large 3’ in Cloud Market/Co-Promote Survey Report — AWSInsider

Execution plans in Oracle SQL Developer for VS Code

7 Greatest Cloud Primarily based Collaboration Software program

MultiCloud365

Category

Recent News

PowerAutomate to GITLab Pipelines | Tech Wizard

Runtime is the actual protection, not simply posture