c7n.cwe module

class c7n.cwe.CloudWatchEvents

Bases: object

A mapping of events to resource types.

classmethod get(event_name)

classmethod get_ids(event, mode)

classmethod get_trail_ids(event, mode)

extract resources ids from a cloud trail event.

classmethod match(event)

Match a given cwe event as cloudtrail with an api call

That has its information filled out.

trail_events = {'ConsoleLogin': {'ids': 'userIdentity.arn', 'source': 'signin.amazonaws.com'}, 'CreateAutoScalingGroup': {'ids': 'requestParameters.autoScalingGroupName', 'source': 'autoscaling.amazonaws.com'}, 'CreateBucket': {'ids': 'requestParameters.bucketName', 'source': 's3.amazonaws.com'}, 'CreateCluster': {'ids': 'requestParameters.clusterIdentifier', 'source': 'redshift.amazonaws.com'}, 'CreateDBInstance': {'ids': 'requestParameters.dBInstanceIdentifier', 'source': 'rds.amazonaws.com'}, 'CreateElasticsearchDomain': {'ids': 'requestParameters.domainName', 'source': 'es.amazonaws.com'}, 'CreateFunction': {'event': 'CreateFunction20150331', 'ids': 'requestParameters.functionName', 'source': 'lambda.amazonaws.com'}, 'CreateLoadBalancer': {'ids': 'requestParameters.loadBalancerName', 'source': 'elasticloadbalancing.amazonaws.com'}, 'CreateLoadBalancerPolicy': {'ids': 'requestParameters.loadBalancerName', 'source': 'elasticloadbalancing.amazonaws.com'}, 'CreateTable': {'ids': 'requestParameters.tableName', 'source': 'dynamodb.amazonaws.com'}, 'CreateVolume': {'ids': 'responseElements.volumeId', 'source': 'ec2.amazonaws.com'}, 'RunInstances': {'ids': 'responseElements.instancesSet.items[].instanceId', 'source': 'ec2.amazonaws.com'}, 'SetLoadBalancerPoliciesOfListener': {'ids': 'requestParameters.loadBalancerName', 'source': 'elasticloadbalancing.amazonaws.com'}, 'UpdateAutoScalingGroup': {'ids': 'requestParameters.autoScalingGroupName', 'source': 'autoscaling.amazonaws.com'}}