new: added policy ecc-aws-095-aws_config_configuration_changes_alarm_…

…exists

policies/ecc-aws-095-aws_config_configuration_changes_alarm_exists.yml

@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+policies:
+  - name: ecc-aws-095-aws_config_configuration_changes_alarm_exists
+    comment: '010016012500'
+    description: |
+      Log metric filter and alarm do not exist for AWS Config configuration changes
+    resource: aws.account
+    filters:
+      - type: check-cloudtrail
+        multi-region: true
+        running: true
+        include-management-events: true
+        log-metric-filter-pattern:
+            type: value
+            op: regex
+            value: '{ ?\(? ?\$\.eventSource ?= ?\"?config\.amazonaws\.com\"? ?\)? ?&& ?\( ?\(? ?\$\.eventName ?= ?\"?StopConfigurationRecorder\"? ?\)? ?\|\| ?\(? ?\$\.eventName ?= ?\"?DeleteDeliveryChannel\"? ?\)? ?\|\| ?\(? ?\$\.eventName ?= ?\"?PutDeliveryChannel\"? ?\)? ?\|\| ?\(? ?\$\.eventName ?= ?\"?PutConfigurationRecorder\"? ?\)? ?\) ?}'
+

terraform/ecc-aws-095-aws_config_configuration_changes_alarm_exists/green/sns.tf

@@ -2,16 +2,12 @@ resource "aws_sns_topic" "this" {
   name = "095_sns_green"
 }
 
-resource "null_resource" "this" {
-  provisioner "local-exec" {
-    command = join(" ", [
-      "aws sns subscribe",
-      "--topic-arn ${aws_sns_topic.this.arn}",
-      "--protocol email",
-      "--notification-endpoint ${var.test-email}",
-      "--profile ${var.profile}",
-      "--region ${var.default-region}"
-      ]
-    )
-  }
+resource "aws_sqs_queue" "this" {
+  name = "095-sqs-green"
+}
+
+resource "aws_sns_topic_subscription" "this" {
+  topic_arn = aws_sns_topic.this.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.this.arn
 }

terraform/ecc-aws-095-aws_config_configuration_changes_alarm_exists/iam/095-policy.json

@@ -4,17 +4,16 @@
         {
             "Effect": "Allow",
             "Action": [ 
+                "iam:ListAccountAliases",
                 "cloudtrail:DescribeTrails",
                 "cloudtrail:GetTrailStatus",
                 "cloudtrail:GetEventSelectors",
-                "sns:GetTopicAttributes",
-                "sns:ListTopics",
                 "cloudwatch:DescribeAlarms",
                 "logs:DescribeMetricFilters",
-                "logs:DescribeLogGroups",
-                "iam:ListAccountAliases"
+                "cloudwatch:DescribeAlarmsForMetric",
+                "sns:GetTopicAttributes"
             ],
             "Resource": "*"
         }
     ]
-}
+}

terraform/ecc-aws-095-aws_config_configuration_changes_alarm_exists/red1/cw.tf

@@ -9,7 +9,7 @@ resource "aws_cloudwatch_log_stream" "this" {
 
 resource "aws_cloudwatch_log_metric_filter" "this" {
   name           = "095_AWS_Config_Configuration_Changes_red"
-  pattern        = "{ ($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder)) }"
+  pattern        = "{ ($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)) }"
   log_group_name = aws_cloudwatch_log_group.this.name
 
   metric_transformation {

terraform/ecc-aws-095-aws_config_configuration_changes_alarm_exists/red1/sns.tf

@@ -2,16 +2,12 @@ resource "aws_sns_topic" "this" {
   name = "095_sns_red"
 }
 
-resource "null_resource" "this" {
-  provisioner "local-exec" {
-    command = join(" ", [
-      "aws sns subscribe",
-      "--topic-arn ${aws_sns_topic.this.arn}",
-      "--protocol email",
-      "--notification-endpoint ${var.test-email}",
-      "--profile ${var.profile}",
-      "--region ${var.default-region}"
-      ]
-    )
-  }
+resource "aws_sqs_queue" "this" {
+  name = "095-sqs-red"
+}
+
+resource "aws_sns_topic_subscription" "this" {
+  topic_arn = aws_sns_topic.this.arn
+  protocol  = "sqs"
+  endpoint  = aws_sqs_queue.this.arn
 }

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-green/cloudtrail.DescribeTrails_1.json

@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "cloudtrail-095-green",
+                "S3BucketName": "095-bucket-425615-green",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": true,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:644160558196:trail/cloudtrail-095-green",
+                "LogFileValidationEnabled": false,
+                "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:644160558196:log-group:095_log_group_green:*",
+                "CloudWatchLogsRoleArn": "arn:aws:iam::644160558196:role/095_role_green",
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-green/cloudtrail.GetEventSelectors_1.json

@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "TrailARN": "arn:aws:cloudtrail:us-east-1:644160558196:trail/cloudtrail-095-green",
+        "EventSelectors": [
+            {
+                "ReadWriteType": "All",
+                "IncludeManagementEvents": true,
+                "DataResources": [],
+                "ExcludeManagementEventSources": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-green/cloudtrail.GetTrailStatus_1.json

@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "IsLogging": true,
+        "LatestDeliveryTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 12,
+            "day": 16,
+            "hour": 19,
+            "minute": 29,
+            "second": 47,
+            "microsecond": 548000
+        },
+        "StartLoggingTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 12,
+            "day": 16,
+            "hour": 19,
+            "minute": 28,
+            "second": 29,
+            "microsecond": 21000
+        },
+        "LatestDeliveryAttemptTime": "2023-12-16T17:29:47Z",
+        "LatestNotificationAttemptTime": "",
+        "LatestNotificationAttemptSucceeded": "",
+        "LatestDeliveryAttemptSucceeded": "2023-12-16T17:29:47Z",
+        "TimeLoggingStarted": "2023-12-16T17:28:29Z",
+        "TimeLoggingStopped": "",
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-green/iam.ListAccountAliases_1.json

@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-green/logs.DescribeMetricFilters_1.json

@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "metricFilters": [
+            {
+                "filterName": "095_AWS_Config_Configuration_Changes_green",
+                "filterPattern": "{ ($.eventSource = config.amazonaws.com) && (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.eventName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder)) }",
+                "metricTransformations": [
+                    {
+                        "metricName": "095_AWS_Config_Configuration_Changes_green",
+                        "metricNamespace": "AWS_Config_Configuration_Changes",
+                        "metricValue": "1",
+                        "unit": "None"
+                    }
+                ],
+                "creationTime": 1702747701410,
+                "logGroupName": "095_log_group_green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-green/monitoring.DescribeAlarmsForMetric_1.json

@@ -0,0 +1,59 @@
+{
+    "status_code": 200,
+    "data": {
+        "MetricAlarms": [
+            {
+                "AlarmName": "095_AWS_Config_Configuration_Changes_green",
+                "AlarmArn": "arn:aws:cloudwatch:us-east-1:644160558196:alarm:095_AWS_Config_Configuration_Changes_green",
+                "AlarmConfigurationUpdatedTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 12,
+                    "day": 16,
+                    "hour": 17,
+                    "minute": 28,
+                    "second": 22,
+                    "microsecond": 772000
+                },
+                "ActionsEnabled": true,
+                "OKActions": [],
+                "AlarmActions": [
+                    "arn:aws:sns:us-east-1:644160558196:095_sns_green"
+                ],
+                "InsufficientDataActions": [],
+                "StateValue": "INSUFFICIENT_DATA",
+                "StateReason": "Unchecked: Initial alarm creation",
+                "StateUpdatedTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 12,
+                    "day": 16,
+                    "hour": 17,
+                    "minute": 28,
+                    "second": 22,
+                    "microsecond": 772000
+                },
+                "MetricName": "095_AWS_Config_Configuration_Changes_green",
+                "Namespace": "AWS_Config_Configuration_Changes",
+                "Statistic": "Sum",
+                "Dimensions": [],
+                "Period": 300,
+                "EvaluationPeriods": 1,
+                "Threshold": 1.0,
+                "ComparisonOperator": "GreaterThanOrEqualToThreshold",
+                "TreatMissingData": "missing",
+                "StateTransitionedTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 12,
+                    "day": 16,
+                    "hour": 17,
+                    "minute": 28,
+                    "second": 22,
+                    "microsecond": 772000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-green/sns.GetTopicAttributes_1.json

@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:644160558196:095_sns_green\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"644160558196\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "644160558196",
+            "SubscriptionsPending": "0",
+            "TopicArn": "arn:aws:sns:us-east-1:644160558196:095_sns_green",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false,\"defaultRequestPolicy\":{\"headerContentType\":\"text/plain; charset=UTF-8\"}}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "1",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-red/cloudtrail.DescribeTrails_1.json

@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "cloudtrail-095-red",
+                "S3BucketName": "095-bucket-9590202-red",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:644160558196:trail/cloudtrail-095-red",
+                "LogFileValidationEnabled": false,
+                "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:644160558196:log-group:095_log_group_red:*",
+                "CloudWatchLogsRoleArn": "arn:aws:iam::644160558196:role/095_role_red",
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}

tests/ecc-aws-095-aws_config_configuration_changes_alarm_exists/placebo-red/cloudtrail.GetEventSelectors_1.json

@@ -0,0 +1,4 @@
+{
+    "status_code": 200,
+    "data": {}
+}