forked from uvasoftware/scanii-lambda
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yml
109 lines (100 loc) · 3.03 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Scanii.com automatic S3 integration
Parameters:
bucketName:
Description: The bucket you would like to monitor for events
Type: String
scaniiApiKey:
Description: Your scanii.com API key
Type: String
scaniiApiSecret:
Description: Your scanii.com API secret
Type: String
scaniiApiEndpoint:
Description: Which endpoint should be used?
Type: String
Default: api.scanii.com
AllowedValues:
- api.scanii.com
- api-eu1.scanii.com
- api-eu2.scanii.com
- api-ap1.scanii.com
- api-ap2.scanii.com
- api-us1.scanii.com
actionTagObject:
Description: Should custom tags be added to S3 objects after processing?
Type: String
Default: yes
AllowedValues:
- true
- false
actionDeleteObjectOnFinding:
Description: Should S3 objects be DELETED once a finding is identified?
Type: String
Default: no
AllowedValues:
- true
- false
Resources:
ScaniiSubmitFn:
Type: AWS::Serverless::Function
DependsOn: ScaniiCallbackFn
Properties:
CodeUri: .
FunctionName: !Sub "${AWS::StackName}-Submit"
Handler: lib/s3-handler.handler
Runtime: nodejs12.x
MemorySize: 256
Timeout: 60
Description: Submits objects to be analyzed by scanii.com
AutoPublishAlias: live # enables automatic version tracking
Environment:
Variables:
API_KEY: !Sub ${scaniiApiKey}
API_SECRET: !Sub ${scaniiApiSecret}
API_ENDPOINT: !Sub ${scaniiApiEndpoint}
CALLBACK_URL: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/callback"
Policies:
- S3ReadPolicy:
BucketName:
Ref: bucketName
ScaniiCallbackFn:
Type: AWS::Serverless::Function
Properties:
CodeUri: .
FunctionName: !Sub "${AWS::StackName}-Callback"
Handler: lib/ag-handler.handler
Runtime: nodejs12.x
MemorySize: 256
Timeout: 60
Description: Handles scanii.com's result callbacks
AutoPublishAlias: live # enables automatic version tracking
Environment:
Variables:
API_KEY: !Sub ${scaniiApiKey}
API_SECRET: !Sub ${scaniiApiSecret}
ACTION_TAG_OBJECT: !Sub ${actionTagObject}
ACTION_DELETE_OBJECT: !Sub ${actionDeleteObjectOnFinding}
Events:
ScaniiCallback:
Type: Api
Properties:
Path: /{proxy+}
Method: any
Policies:
- Statement:
Effect: "Allow"
Action:
- "s3:DeleteObject"
- "s3:DeleteObjectTagging"
- "s3:GetObject"
- "s3:GetObjectTagging"
- "s3:GetObjectVersionTagging"
- "s3:PutObjectTagging"
- "s3:PutObjectVersionTagging"
Resource: !Sub "arn:aws:s3:::${bucketName}/*"
Outputs:
ApiURL:
Description: "Status!"
Value: "Scanii-lambda reporting for duty!"