automated-security-response-on-aws

automated-security-response-on-aws copied to clipboard

I see lots of examples here where the note text references things from {{ParseInput.xxxxxx}} but no examples of dynamic text referencing something from a child remediation document. My use case is a fix for S3.9 which is for server access logging, where if they try and remediate the logging bucket itself, i would return a "Unable to remediate due to circular reference" and "SUPPRESSED" from the child document or a "Successully Remediated" and "RESOLVED" then update the finding for whatever is returned.

I can see my output from the child document returning back to the top level document, but cant Reference it as {{RemediationStep.message}} for example.

Do you have any examples or tricks to reference the output from a called document? I did open a case with aws support, but the engineer i ended up with had no answers.

Ken

You should be able to access all of the outputs of an automation step by using the .Output field on that step. See this SSM documentation.

You cannot "select" within the Output field within variable templates (e.g. {{ RemediationStep.Output.message }}) so you would need to use a script step to transform that data if necessary. It's also not totally clear to me what the data type of Output is. The doc claims it's a StringList so I bet that it's an ordered list of the named outputs of the called automation document, but I haven't tested it with StringMap etc.

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

This issue was closed because it has been inactive for 7 days since being marked as stale.