RubyGems - terrafying-components - Versions diffs - 2.4.0 → 2.4.1 - Mend

terrafying-components 2.4.0 → 2.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/terrafying/components/security/trail.rb +34 -19
data/lib/terrafying/components/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 958f5cf0e55c8fb3ee50530de70424c144000a3ec34c263c66216fb89b234bca
-  data.tar.gz: 2b53beccd6f67c5069f3f1971c9d33e11830c1e047fae99a26197dc59e7696a2
+  metadata.gz: 54e9a54d483122c73e531eb71de1e836da614748c970cbb5c64c75e778466016
+  data.tar.gz: e140143b7d45fd6e6252f4a6f0f54471441c9ab55dff377cbc5d0038677ce1c8
 SHA512:
-  metadata.gz: 0c0e3a2933af5c003222be6e5d957cd9d1763b0c6c241b794beb15e45b0e116f1bd3b7f2ac0b7a81c184f76d2a156be36fc6b079f4ce491cb19704695c7730cb
-  data.tar.gz: c9732ff0ecdc0be2ed2351f6a7b3405b2225d13e57d4a7b5c9b782cfae09064f2e1796a4ee314456b90104f8e2784b01a4877e85bc367c4753e72c0cbee37e40
+  metadata.gz: 637f8520bb3044ad8997adeabb4479e83bb2bd5135447d7a897f776d87c736c5173183875cb6bbb222febfac316a9c8408b6dd1e4e2555202b3b84e6c181e603
+  data.tar.gz: b87a4aabca22ecf942c60bd264b21513615d4b4c478f882b7bae661531c4dd7831fc2b9e5c397130a767b96d6846e917cd0223c925418f0dbc1a6783b0d8a957

data/lib/terrafying/components/security/trail.rb CHANGED Viewed

@@ -143,7 +143,7 @@ module Terrafying
                      policy_arn: log_role_policy["arn"],
                    }
-          s3_data_selectors = bucket_selector(ignore_buckets)
+          data_event_selectors = event_selector(ignore_buckets)
           resource :aws_cloudtrail, "#{name}", {
                      name: "#{name}",
@@ -158,36 +158,25 @@ module Terrafying
                      cloud_watch_logs_group_arn: "#{@log_group["arn"]}:*",
                      cloud_watch_logs_role_arn: log_role["arn"],
-                     event_selector: [
-                       {
-                         read_write_type: "All",
-                         include_management_events: true,
-                         data_resource: {
-                           type: "AWS::Lambda::Function",
-                           values: ["arn:aws:lambda"],
-                         },
-                       },
-                     ],
-                   }.deep_merge(s3_data_selectors)
+                   }.deep_merge(data_event_selectors)
           self
         end
-        def bucket_selector(buckets)
+        def event_selector(buckets)
           buckets = Array(buckets)
-          return all_buckets if buckets.empty?
+          return basic_selector if buckets.empty?
           {
             advanced_event_selector: [
               ignore_buckets_selectors(buckets),
               management_events_selector,
+              lambda_events
             ]
           }
         end
-        def all_buckets
+        def basic_selector
           {
             event_selector: [
               {
@@ -198,6 +187,15 @@ module Terrafying
                   type: "AWS::S3::Object",
                   values: ["arn:aws:s3:::"],
                 }
+              },
+              {
+                read_write_type: "All",
+                include_management_events: true,
+                data_resource: {
+                  type: "AWS::Lambda::Function",
+                  values: ["arn:aws:lambda"],
+                },
               }
             ]
           }
@@ -211,7 +209,7 @@ module Terrafying
           }
           {
-            name: "Log all S3 buckets objects events except these",
+            name: 'Log all S3 buckets objects events except these',
             field_selector: [
               {
@@ -232,7 +230,7 @@ module Terrafying
         def management_events_selector
           {
-            name: "Log readOnly and writeOnly management events",
+            name: 'Log readOnly and writeOnly management events',
             field_selector: [
               {
@@ -243,6 +241,23 @@ module Terrafying
           }
         end
+        def lambda_events
+          {
+            name: 'Log Lambda data events',
+            field_selector: [
+              {
+                field: 'eventCategory',
+                equals: ['Data']
+              },
+              {
+                field: 'resources.type',
+                equals: ['AWS::Lambda::Function']
+              }
+            ]
+          }
+        end
         def alert!(name:, pattern:, threshold: 1, topic: @topic)
           ident = "cloudwatch-#{@name}-#{name}"

data/lib/terrafying/components/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Terrafying
   module Components
-    VERSION = '2.4.0'
+    VERSION = '2.4.1'
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: terrafying-components
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.4.1
 platform: ruby
 authors:
 - uSwitch Limited