From 1660d5cb27cc565ec5606fdce2a7d7eec23797b4 Mon Sep 17 00:00:00 2001 From: Victor Yan Date: Thu, 25 Jan 2024 09:27:03 -0500 Subject: [PATCH] Fix cannot find module 'aws-sdk' on custom config rule lambdas (#1207) Co-authored-by: Victor Yan --- .../ec2-instance-profile-permissions.zip | Bin 1335 -> 1345 bytes .../config-rules/ec2-instance-profile.zip | Bin 987 -> 1007 bytes .../ec2-instance-profile-permissions/index.js | 38 +++++++++--------- .../src/ec2-instance-profile/index.js | 14 +++---- .../src/ssm-patching-role-tags/index.js | 34 ++++++++-------- .../config-rules/ssm-patching-role-tags.zip | Bin 1261 -> 1299 bytes 6 files changed, 41 insertions(+), 45 deletions(-) diff --git a/reference-artifacts/config-rules/ec2-instance-profile-permissions.zip b/reference-artifacts/config-rules/ec2-instance-profile-permissions.zip index 237170a4fe751215a1bf43e94a8c938c9a73bb41..ed1502774f60fdcf5a172b7959b051460bd5a2e8 100644 GIT binary patch literal 1345 zcmV-H1-|-FO9KQH000080Gw_!SedsbOq&D%0QC?600;ma0BLSyWq2-Xb5&Fc00Ric zs$~eps%3R}3jhHG_yGU_1QY-O0Nq#JZz4Akf6rerMb+)1l1PUV(`bQm+r zbq}Vg9&JgS63tL-C^j3yBRIenNcv~WB=tL=$WEQB=x0w zYI3@3bLOLDCOVi-Z*PW!UvEeEv(bF=`)oLxqvB_8@W;I0zZu;1`!f+!?+a?sr$k7t zf;9q*sYEfN_B@1T%0mMhe7d!vplMB?bQhk_!2D2XA&AAwe;B4piw(@un8H#>2-h@x zWPAlv5wnm{1w?Ctrx9oY=pH2MLaOi}&!)&zqMRf?>r zxhr)fhCL;cY*d@4;+ASE6@2>!-t)n;F4+?NA4=^2i*rXf+K-C7efR)X372RpkHlO_ z0Q6dlou$V}N+Er3#Pk}o+i64zwnvbuo4+ztG$v9R(wnH?jMv!BZhNojnrgnLZSLFjon9F|7Or|#s!Sxlb4=EP z;Um&ylk_c7ud!%;({1BqND`zGHQL?M=zw#ftxOFADUNf|gZt-;t#+j>t=-vm*w)VN zXN9z-b<}fhIZ)Kxw&|cOx;#7Tsx6F7q)1fRUd>Et(zn`f%owpsMK@_{{MhWmIE|=k z$#b>5-TI3ys1_a-+Z#_7_oX8*&oQYK<6*I;7AZu6D(-0@NfPf(`_Ek}5KGXeiTwEd zILtL=z_$hiZ^Y^k;we~M0j47KPnYqNFfI|%rC0!XAlS5AF zi4>k?ui-@GcDSC9!MEcUlWZ@!WlFzy8q7Xqwy`{Tw-FJ(Z)`(O!)Y)IlKaP<+AASn#mfza-6Ao;tx zLwhxE`JOh|sbX)uf>-y-Kw;Um@AbUQlG)n*x;Y2lH0c%x-GTyciLL2$D_e^BXka|0 zm-!&Bs9K$$|aVR^a zi1Y9lP)h*<9s?8r000O8oNhB%nYSiPn*;y=^$-962mlxW000000RR91q=5hc003!j zWMz0RYI9Xo1posG#j0g>cnbgl1o!~}00a~O002-+1qJ{B000310RT<_007+t00000 D;~{XC literal 1335 zcmWIWW@Zs#-~hs>-makxP|z#D02EPR$jnPgt~OlD9Q}84pZuN&k9zVB zd33SHw{^zo1x}Rtd(G%z_vXzS*UP?_C>CVF`npd2t_2NTWHp$^ZDqy67LkxOU?02(t9VHA2{k3 z#qJi?qIAkMc$taS+6}4!jFv|`ZfHg$>}@X9;jcBgeoxcfb}iQ9s;*Rs z)V^Bg_nGgXPN-r0$G^4Ak!@7>$mysX9BWEHbvxDdnUprYB6lb1{h*=PPJ z&Gn|O{k9sukmaA#-^^tWj@V@Kjmc=A{vTVP3r|%mjH4rqjO4rzi{FW@UK-5hyX=T- z;$qJyK2Ilwvt4(eX*Ve&MBH5GHUTNH(%xihx)yJUwc;e z^j3-eX-8fKvR+=cXt$kGvS!T*kLL?MD<9{(eCEow(uW!cL`tX4*jeLnvAxOWYvB3` zSsC9R78i1S2(e|n;;As%C|EG==-if9|Gq3GjxXEn&EH7c# z+J;G%&%aEP+~&7ipx>`eN40EWXqJ>ThoZ0E6{qy8g}Qt6<@fJsuMH6KJZXBpGWc$= zEPquJ`+X0^tEI&zAFep=OWS-yxVm`hD)Ex7xmlrsla8+VdzqEv*86DJju#6g?o}A= zU){LJsOFl-&A&CRJC_T1UpZua;F8JBo6lmMvL|te4llq*o zfAKEkB8|)IPEJYr)52ML=|=V80$b@kZkZi#J)@T?mKCVTPxhF0#G&egXd}mg`Wa68VsvDltXRFiw{P};r$al=ZC=dfk@eDK(u;tHmrmV~;W{E7R1vm^SKnn` z|1t5D7k3M@T{nit6zATv;w_uKad(L1p4;g&ZpgkhS+CsH`&l%xjk9ZM)F;aheta8Jxmh5T2G-K*oOnkJPf7ZM|Cav*tSwYJB z*08+D=C$j#?en(SDcUycR9emY=c3czoO`?dtmX6E$?q6Aw77PNZdod9QpUOaQ}M)y zu7#WOSCw8_Di@YJTk)-DwmrwJZTu&G@F*THKYWtcu*hIu^;ypUO6uV`$@?9=>>D=e z-=41|x5wTiJXt%#eb0N1h@IBu;csW2{Z+cuy5*PptMtl$|Ml*B-+h1MvanGek8C_Mbka@^y>Gg9(<0wY0sB)ZADYajU7det|)-@W_&zTL(#+OHpQ3au4OvUJ`oCL^pFu+uI^G;d4VrUbtU zk&8C>tQ6T+z{plFawy^ZTlQ}m{<*&jj(MNa)c-r@)`J(h?`zwq3m!666t&yN`g+pS zb0rm}Un}SE*w@M3jqOjny#D&h47UTbGk)ZnN%Tzmd@#YM%%`v?kF(XjICoBO_>?&= z&dbi^iL|>e+~L2c`}HK=%JLtVzdl&W{IC70Q1Z&@cYiP0;Fn$y>(SC`b|CzOd`lD) zYqOSEPb6Eon?6gV;d6=j)F7ZefjZnj#cMc<0sBKW}!^0CT!w=ZtHJ)!&)F~ zZS9JSR#TR{JUbJ?vtmc$27Zx-JtArQPEMS_d)UG``=-#}xyL(LOXe%<=_$+-ygDUg zx$xT~PA#uBrf_(qhD$vCc)RwFLP4U}>5YfqXndJ?lri?s_Q}&n-7=>?Ia+R=t`hX!;>|_RLq%EAUtYw$Em<+8Y^kp@`!@S^KHDFj&RzMf zQD^OLjW?68*#-jbXhbQQ^zA^dk9^L-T?fJHQDs|0r{B7}5mL{4u z=HCjF_O+Pq+O=)zw)RQiW(Due*Z=49Aj4?x{i}_OR;_#E(D3^w*TEm9)3df{6&?5# zlXoC~nUsM6nCTdnG=f-&tjP+=nrPWFz?+o~q>d2? N{eW~gFk3S)0071=!^i*t literal 987 zcmWIWW@Zs#-~hs}B^f~sQ1F+70VtxtkeQc~TA`O!92&yQz<&LuYr;(+2GOMz+zgB? zq7NO*Sk6>47j6wZm?vc@u=lg5@XAw7F6KdfA(jD$8nqfZR#bH?dQic>VN-T~u0D(F zpX%e;(^4A+LblF1V4R}~FRwR-!${OMK~i1d4x^c&R)1FH?mAy5u>2*L=IrOQWFLCFF_mpk zTpd;MxlyY1^FEb*3(hJmpQ(Fzmang~No3CPSE8xhdmMJzWIeO9ULj`l%zZ=Vir-Ug zG-sSLIUaY#O6B#VyftTqBh;U2ZrLn3%Yq{>7<#t{oL2L{{QrZl|Oi`P~s=;Bwwr0?Z0pQ5l}FFIxo7y-e_C) ztOIv8-sta67UzE}-@lo|_istR^wqgHU!DDKCHIB>@pGfVfPggXy)%2BbKHt`o9Lv> z%&p`5STusw)r&cc>)P6n)4yMCU8`<))G9vtz>S1+-*^PwLjuzNxCWlNt$QrPkn5k~ z-2)fbs<1y~i85lI=$gq(BwSQb`SYegdz0$Xv-@{` zIluId1^@*MvS$DQ diff --git a/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js b/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js index 2d4e26e12..fb9ce83ff 100644 --- a/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js +++ b/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js @@ -1,7 +1,5 @@ -const AWS = require('aws-sdk'); -AWS.config.logger = console; - -const config = new AWS.ConfigService(); +const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service"); +const client = new ConfigServiceClient(); const APPLICABLE_RESOURCES = ['AWS::IAM::Role']; @@ -28,20 +26,20 @@ exports.handler = async function (event, context) { console.debug(`Evaluation`); console.debug(JSON.stringify(evaluation, null, 2)); - await config - .putEvaluations({ - ResultToken: event.resultToken, - Evaluations: [ - { - ComplianceResourceId: configurationItem.resourceId, - ComplianceResourceType: configurationItem.resourceType, - ComplianceType: evaluation.complianceType, - OrderingTimestamp: configurationItem.configurationItemCaptureTime, - Annotation: evaluation.annotation, - }, - ], - }) - .promise(); + const payload = { + ResultToken: event.resultToken, + Evaluations: [ + { + ComplianceResourceId: configurationItem.resourceId, + ComplianceResourceType: configurationItem.resourceType, + ComplianceType: evaluation.complianceType, + OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime), + Annotation: evaluation.annotation, + }, + ], + }; + const putEvaluationsCommand = new PutEvaluationsCommand(payload); + await client.send(putEvaluationsCommand); }; async function evaluateCompliance(props) { @@ -84,7 +82,7 @@ async function evaluateCompliance(props) { if (!existingPolicyNames.includes(requiredPolicy.trim())) { return { complianceType: 'NON_COMPLIANT', - annotation: 'The IAM Role is not having required polocies attached ' + requiredPolicy, + annotation: 'The IAM Role is not having required policies attached ' + requiredPolicy, }; } } @@ -96,7 +94,7 @@ async function evaluateCompliance(props) { if (!existingPolicyArns.includes(requiredPolicy.trim())) { return { complianceType: 'NON_COMPLIANT', - annotation: 'The IAM Role is not having required polocies attached ' + requiredPolicy, + annotation: 'The IAM Role is not having required policies attached ' + requiredPolicy, }; } } diff --git a/reference-artifacts/config-rules/src/ec2-instance-profile/index.js b/reference-artifacts/config-rules/src/ec2-instance-profile/index.js index 19557740b..2075d4b42 100644 --- a/reference-artifacts/config-rules/src/ec2-instance-profile/index.js +++ b/reference-artifacts/config-rules/src/ec2-instance-profile/index.js @@ -1,7 +1,5 @@ -const AWS = require('aws-sdk'); -AWS.config.logger = console; - -const config = new AWS.ConfigService(); +const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service"); +const client = new ConfigServiceClient(); const APPLICABLE_RESOURCES = ['AWS::EC2::Instance']; @@ -23,18 +21,20 @@ exports.handler = async function(event, context) { console.debug(`Evaluation`); console.debug(JSON.stringify(evaluation, null, 2)); - await config.putEvaluations({ + const payload = { ResultToken: event.resultToken, Evaluations: [ { ComplianceResourceId: configurationItem.resourceId, ComplianceResourceType: configurationItem.resourceType, ComplianceType: evaluation.complianceType, - OrderingTimestamp: configurationItem.configurationItemCaptureTime, + OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime), Annotation: evaluation.annotation, }, ], - }).promise(); + }; + const putEvaluationsCommand = new PutEvaluationsCommand(payload); + await client.send(putEvaluationsCommand); }; async function evaluateCompliance(props) { diff --git a/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js b/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js index 8c21046f6..efb271787 100644 --- a/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js +++ b/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js @@ -1,7 +1,5 @@ -const AWS = require('aws-sdk'); -AWS.config.logger = console; - -const config = new AWS.ConfigService(); +const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service"); +const client = new ConfigServiceClient(); const APPLICABLE_RESOURCES = ['AWS::IAM::Role']; @@ -29,20 +27,20 @@ exports.handler = async function (event, context) { console.debug(`Evaluation`); console.debug(JSON.stringify(evaluation, null, 2)); - await config - .putEvaluations({ - ResultToken: event.resultToken, - Evaluations: [ - { - ComplianceResourceId: configurationItem.resourceId, - ComplianceResourceType: configurationItem.resourceType, - ComplianceType: evaluation.complianceType, - OrderingTimestamp: configurationItem.configurationItemCaptureTime, - Annotation: evaluation.annotation, - }, - ], - }) - .promise(); + const payload = { + ResultToken: event.resultToken, + Evaluations: [ + { + ComplianceResourceId: configurationItem.resourceId, + ComplianceResourceType: configurationItem.resourceType, + ComplianceType: evaluation.complianceType, + OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime), + Annotation: evaluation.annotation, + }, + ], + }; + const putEvaluationsCommand = new PutEvaluationsCommand(payload); + await client.send(putEvaluationsCommand); }; async function evaluateCompliance(props) { diff --git a/reference-artifacts/config-rules/ssm-patching-role-tags.zip b/reference-artifacts/config-rules/ssm-patching-role-tags.zip index 85b4c2dec7d157a95f7a7f30a81bb82447f9192c..c85fe76415d6b72d5f079143f24f4d0d480e40c4 100644 GIT binary patch delta 1265 zcmV@6aWAK2mnHDGgz_K*T-!H004Fm000O88~|x=6o!m4F^!m4F;cnbgl1o!~}00a~O007lj+iv4F5Pi>AOpV1#MjaLCqXQRp9Y3Vq zIEm$=4~s?2mBzMUSyD;LiQ(11cSzl+OR_0?L;VoM$N&1 zNWKkI=YT@6Evh}!i__8X8D|I4m#x}GiCn;!FJPTBt4JGc!2YK8cN9+xGSznG#)F%e z{pPwXg8IlEkDs(C=A6gew&sD{Q6UFaoB>ct2DSG97{^k8zBSaLvI}S!)Hs(Y(onAAJw{_F zWKu8HppE`9hL6><`kWiz)Td^I!pAB1@Wvm1cPUYsirvv0VkjNF7Des97AN7gk4m4ZWiHf3TfT2Lm!5f6;60B6@Ewa2U*BDZl_j{V--$sI^NN9k8 zKsDAUCcw|rgHoXvr=btz2cHp0DuK^`6taKd&@>j7=*4txeM^n4zs8*z?LVL~5SlYy zK%i+wLzWgfZk3HdDdDLR|JqJRnKB%5ildrMrNHV)>g(%1T!?Ya# z>han4sAzji#6z{HDOQCQ=OHL0~UN+9IG2Ydx@gVY_|XFu6EIjy9e{) zv9A&@v#*A_MzCW?)U=oCP;^_>`z!kcP)h*<9s?8r000O8LTxixvDVkeZ3F-Sc9Wt6 bA`5%Ms%3R}3jhHG_><2B7zVEd00000vKv-m delta 1246 zcmV<41R?vA3hfDhP)h>@6aWAK2mnPi%2r^x*`r4U001Ws000O88~|x=7qdxT`vdxT_lcnbgl1o;5~00a~O007lj$!_CD5WVXwI>ul~AsQZXl%W8MMh7Qj z*_IUKFc?@pWJzj>BAM={Z9&6-PgQekE?$Cc2oHwUwY`3S^;AXqailbx{V9@GXgt1}UXRC1OzeEY2zW|jsg<|qQ4pH4T%97H zZPUotB954U3l9+K5mndlq=)Q0VE7c^2(7!BrAo&~woF4{+gLJx5B@cy9W#|CRFkb%*X%A8{(-GPrwO~|+TUZ8=Xo2vOuNd@tDA+Vv_ucFJ(aMcGz>@V zhaug*jL=L(4>19llM~*_#3o!S$m6_*gH3l(BT3 zxzKxTgWr`C6p=*oS{jTRan{tOeV}(VMhZ*5-egZwjwt>HVla^l+k68 z%VH*fS8Xay$d!g;htiHmqm}T$!_=5an~z*nM=*3i4P}9+X9+3|^*TO4G-ic<>Z4J^*UB)sNW-)f?>xLM!VC7mWU+#+{> zv)+Tj&Vm?Jl|Bs|f!C?Vh;*)mNN>D~EdpxMSEy_iT0LIs9{H|S!8uu_#zzEavB zA;jSw^vt}!jRc2CXn-^ma6P zja5&h+hr?7xxMeEx`VCcjSp{7@YiQnDlV- z9o=fh*{OHGzzH*Ms`9~ycjqqFY-7cm!PG+a(oAZSBa4v6bb3}*e_mPtqPi@9h2<)% z{-t+nx1${zh_;m43>ac9hqk?F99mPjY@+DovC?=4>hYxP_WSoX2#;15y)^bHw6FfN zUFz-B?B*KVG+nHFn$+8<@^=Td$7JIIe-BVI_Bd4WJsGhl;L~Kq>oA9XUtFtau|G#q zW)Iu{^;8@5;_kt`xbN%4^X$_rQa1?p`~eK@r8k