Table 1-1: Port requirements for LCP communication.
AWS S3 Permissions
Configuring AWS S3 Permissions
Log in to the AWS console using the AWS role with the appropriate permissions mentioned above.
Select the Lambda from Services.
Click the Create function button
Enter a name for the Lambda function using your organizations standards
Select Python 2.7 as the runtime.
If you do not have a role to run Lambda functions already created, then select Create Custom Role under Role. A new tab/window will open for you to create a new role. If you have an existing role, select it using the Choose an existing role option under Role and proceed to step 9.
To configure your AWS Lambda role, in the tab spawned from above step 6, Create Custom Role, Lambda basic execution should already be selected as well as Create a new role policy under Policy Name.
Click done to confirm new role.
In the Lambda function tab, the Role should have the Choose an existing role selected and the Existing role should have either the new or existing lambda role to be selected.
Click Create Function.
Click the Function name under the Designer view and enter the function code in the function window. Please get the function code from the file -lambda function GuardDuty which is attached with this guide.
Kindly ensure that theHandler name and Python function names match.
Click the Save button at the top.
Navigate to the CloudWatch service
Select Rules from the navigation pane on the left
Click the Create rule button
Ensure Event Pattern radio button is selected
Under Service Name, select Simple Storage Service (S3)
Under Event Type, select Bucket Level Operations
Under Specific Operations, select CreateBucket and PutBucketACL
Click the Add Target Button within the Targets Pane.
Under the Function, select the lamda function you created in the steps above
Click the Configure Details button.
Enter the rule name using your organizations naming convention.
Note: This name will appear in the CloudWatch log trails as /aws/lamda/<rule name>. This is where all findings will go to be collected by the collector.
LCP Configuration parameters
Table 1-2: The AWS S3 Permissions event collector properties to be configured by MSS are shown in the table.
AWS Region mentioned in the Pre-Installation Questionnaire (PIQ).
Note: Regions such as us-east-1, us-west-1, us-west-2, eu-west-1, ap-northeast-1, ap-southeast-2, ap-southeast-1, sa-east-1.
US East (Northern Virginia), US West (Oregon and Northern California), EU (Ireland), EU (Frankfurt), AP Northeast (Tokyo),
AP Southeast (Singapore),AP Southeast (Sydney), and SA East (Sao Paulo) regions.