This Lambda function will listen, using CloudWatch Events, to a Config rule that is triggered to be non-compliant if a public-read or public-write policy is found.
Once a Non-Compliant Bucket is found, it will add a private bucket acl to the bucket and then message the bucket policy, if found, to an SNS topic that administrators can subscribe to.
AWS Serverless Application Model (AWS SAM) prescribes rules for expressing Serverless applications on AWS.
- Pre Requisites:
-
Install Python
brew install python
-
Install awscli
pip install awscli
-
Configure Credentials
aws configure
-
Create an S3 Bucket for deployments
bucket=$(aws s3 mb s3:https://your-awesome-deployment-bucket --output text | sed 's/make_bucket: //')
- Package the application
aws cloudformation package --template template.yml --s3-bucket $bucket --output-template-file packaged-template.yml
- Deploy the application
aws cloudformation deploy --template-file /path/to/packaged-template.yml --stack-name stop-the-data-leaks --capabilities CAPABILITY_IAM
- Create a Feature Branch
- Make Improvements
- Create Pull Request and notify current owner.