aws-security-hub-response-and-remediation icon indicating copy to clipboard operation
aws-security-hub-response-and-remediation copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

Fixing KeyError details Lambdas CIS_2-9_RR & CIS_1-3_1-4_RR

Open pozeus opened this issue 5 years ago • 0 comments

Issue: When executing Lambdas for CIS 2.9, CIS 1.3 and CIS 1.4 you get "[ERROR] KeyError: 'Details'" due to params "nonRotatedKeyUser" and "noncompliantVPC" not being formatted in same way as the CloudWatch event.

For example, Event in Security Hub for CIS 1.4 looks like this:

"Resources": [
    {
      "Type": "AwsIamUser",
      "Id": "arn:aws:iam::333333333333:user/user1",
      "Partition": "aws",
      "Region": "eu-west-1"
    }
  ],

Lambda CIS_1-3_1-4_RR that is responsing to this event is catching nonRotatedKeyUser = str(event['detail']['findings'][0]['Resources'][0]['Details']['Other']['userName']) and error [ERROR] KeyError: 'Details' persist. Suggested changes with included rsplit makes this format correct.

pozeus avatar Aug 04 '20 08:08 pozeus