sparse-intern-71089
04/26/2022, 7:11 PMvictorious-church-57397
04/26/2022, 7:18 PMconst sechubEventRule = new cloudwatch.EventRule('forward-sechub-events-to-jira', {
name: 'forward-sechub-events-to-jira',
description: 'Forwards securityhub events to Jira',
isEnabled: true,
roleArn: securityHubEventBridgeRole.arn,
eventPattern: `{
"source": ["aws.securityhub"],
"detail-type": ["Security Hub Findings - Imported"],
"detail": {
"findings": {
"Compliance": {
"Status": ["FAILED", "WARNING"]
}
}
}
}
`,
});
new cloudwatch.EventTarget('forward-sechub-events-target', {
arn: securityHubJiraFunction.arn,
rule: sechubEventRule.name,
});
new lambda.Permission(`securityhub-jira-permission`, {
action: 'lambda:InvokeFunction',
function: securityHubJiraFunction.arn,
principal: '<http://events.amazonaws.com|events.amazonaws.com>',
sourceArn: sechubEventRule.arn,
});
in the role which is referenced in the target, has the following permissions:
const eventbridgeRolePolicy: iam.PolicyDocument = {
Version: '2012-10-17',
Statement: [
{
Sid: 'EventTrustPolicy',
Effect: 'Allow',
Principal: {
Service: '<http://events.amazonaws.com|events.amazonaws.com>',
},
Action: ['sts:AssumeRole'],
},
],
};
export const securityHubEventBridgeRole = new iam.Role('sechub-eventbridge-role', {
name: 'sechub-eventbridge-role',
assumeRolePolicy: eventbridgeRolePolicy,
});
const eventBridgeDefaultBusPutEventsPolicyDocument: iam.PolicyDocument = {
Version: '2012-10-17',
Statement: [
{
Sid: 'PutEventsPolicy',
Effect: 'Allow',
Action: ['events:PutEvents'],
Resource: [interpolate`${defaultEventBus.arn}`],
},
],
};
const securityHubEventBridgeRolePolicy = new iam.Policy('sechub-eventbridge-role-policy', {
name: 'sechub-eventbridge-role-policy',
policy: eventBridgeDefaultBusPutEventsPolicyDocument,
description: 'Allows put events on the default bus',
});
new iam.RolePolicyAttachment('sechub-eventbridge-role-policy-attachment', {
role: securityHubEventBridgeRole.name,
policyArn: securityHubEventBridgeRolePolicy.arn,
});
average-school-38756
04/26/2022, 7:18 PMvictorious-church-57397
04/26/2022, 7:19 PM