May 22, 2017 The lono generate command generates the CloudFormation templates to the output folder using the config/lono.rb and templates/. files. May 24, 2017 AutoScaling CloudFormation Template with Lono. Keys ' InstanceType KeyName. Remember to generate the CloudFormation templates using `lono generate` again if you have made changes.
They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. Rocket league free crate keys generator reviews. Targeting cookies do not store directly personal information but are based on uniquely identifying your browser and device.
The Trusted Advisor Exposed Keys CloudWatch Event Monitor demonstrates how to use AWS Step Functions to orchestrate a serverless AWS Lambda workflow in response to an Amazon CloudWatch Event generated by AWS Trusted Advisor.
On detection of a Trusted Advisor Exposed Access Key CloudWatch Event this workflow deletes the exposed IAM Access Key, summarizes the recent API activity for the exposed key, and sends the summary message to an Amazon SNS Topic to notify the subscribers.
This repository contains sample code for all the AWS Lambda functions depicted in the diagram below as well as an AWS CloudFormation template for creating the functions and related resources.
ExposedKey
Step Functions state machine, which has the following sub-steps:SecurityNotificationTopic
SNS Topic.The backend infrastructure can be deployed in US East - N. Virginia (us-east-1) using the provided CloudFormation template.Click Launch Stack to launch the template in the US East - N. Virginia (us-east-1) region in your account:
(In the last page of the wizard, make sure to:
If you would like to deploy the template manually, you need a S3 bucket in the target region, and then package the Lambda functions into that S3 bucket by using the aws cloudformation package
utility.
** Note that this template may only be launched into US East - N. Virginia (us-east-1) as that is the only region where Trusted Advisor CloudWatch Event rules are configurable. **
Set environment variables for later commands to use:
Then go to the cloudformation
folder and use the aws cloudformation package
utility
Last, deploy the stack with the resulting yaml (exposed_access_keys.output.yaml
) through the CloudFormation Console or command line:
To test the example without exposing an IAM Access Key to a public repository you can simulate the workflow by executing the ExposedKey
state machine with a set of test json for the event. To do this follow the steps detailed below.
Ensure you have at least one E-mail address subscribed to the SecurityNotificationTopic
created by the template to receive the notification.
Users
Add User
and create a user with programmatic accessUser name
put test-user
Access type
select Programmatic access
Access key ID
from the Review page for later use in the test jsonExposedKey
state machineNew execution
to create the test execution of the state machineACCESS_KEY_ID_HERE
with the Access key ID
noted from the earlier creation of test-user
You can follow the state machine's progress in the Step Functions console. The summary message for test-user
will be sent to the e-mail address(es) subscribed to the SecurityNotificationTopic
SNS Topic.
Here is an example of what this message might look like for a user who has made recent API calls to IAM and Step Functions:
To remove all resources created by this example, do the following:
The following sections explain all of the resources created by the CloudFormation template provided with this example.
This reference architecture sample is licensed under Apache 2.0.