-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
64 lines (59 loc) · 2.11 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
Sending AWS Events to Panther
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 3
Parameters:
APIToken:
Description: The API token used to access the Panther API at the URL you have already provided
Type: String
AllowedPattern: '[A-Za-z0-9]{32}'
APIUrl:
Description: The Panther console API endpoint that you wish to send events to (e.g. https://example.app.panther.support/api/event/create)
Type: String
Outputs:
Events2PantherFunction:
Description: 'AWS Events to Panther Lambda Function ARN'
Value: !GetAtt Events2PantherFunction.Arn
Events2PantherFunctionIamRole:
Description: 'Implicit IAM Role created for the AWS Events to Panther function'
Value: !GetAtt Events2PantherFunctionRole.Arn
Resources:
Events2PantherFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
FunctionName: !Sub '${AWS::StackName}'
CodeUri: e2p
Handler: e2p.lambdaHandler
Runtime: nodejs12.x
Environment:
Variables:
API_URL: !Ref APIUrl
API_TOKEN: !Ref APIToken
Policies:
- AWSLambdaExecute
Events:
# Trigger the Lambda function on ALL events
AllEvents:
Type: CloudWatchEvent
Properties:
Pattern:
account:
- !Ref AWS::AccountId
# You can create your own event filters that trigger
# this Lambda this way (if you uncomment the next few lines):
# GuardDuty:
# Type: CloudWatchEvent
# Properties:
# Pattern:
# Source:
# - aws.guardduty
# Only keep the Lambda function logs for 14 days:
Events2PantherLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub '/aws/lambda/${AWS::StackName}'
RetentionInDays: 14