diff --git a/README.md b/README.md index 9df0d34..704337f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,58 @@ # Serverless Heimdall Pusher (AWS) +This lambda function is meant to allow you listen to and S3 bucket for HDF results and push them to a Heimdall Server. +## Table of Contents +- [How Does This Lambda Work?](#how-does-this-lambda-work) +- [How Can I Deploy This Lambda with Terraform?](#how-can-i-deploy-this-lambda-with-terraform) +- [What Format Do JSON Files Need to Be in for the Function to Process Results?](#what-format-do-json-files-need-to-be-in-for-the-function-to-process-results) + +## How Does This Lambda Work? + +The lambda function is triggered when new files hit an S3 bucket that you specify under the `unprocessed/*` folder. The lambda will then take several steps to process the results: +1. Fetch the new file from S3 +2. Form a valid API request for a [Heimdall server](https://github.com/mitre/heimdall2) and tag the result with `HeimdallPusher` +3. Send the API request to the configured Heimdall server +4. Save the HDF to the same S3 bucket under `hdf/*` +5. Save the original file to the same S3 bucket under `processed/*` +6. Delete the unprocessed version of the file from the S3 bucket + +## How Can I Deploy This Lambda with Terraform? + +Before deploying with terraform you will need to pull the docker image to your deployment machine +```bash +docker pull ghcr.io/mitre/serverless-heimdall-pusher-lambda: +``` + +```hdf +## +# Heimdall Pusher Lambda function +# +# https://github.com/mitre/serverless-heimdall-pusher-lambda +# +module "serverless-heimdall-pusher-lambda" { + source = "github.com/mitre/serverless-heimdall-pusher-lambda" + heimdall_url = "https://target-heimdall.com" + heimdall_user = "" + heimdall_password = "" + results_bucket_id = "bucket_name" + subnet_ids = ["subnet-00000000000000000"] + security_groups = ["sg-00000000000000000"] + lambda_role_arn = aws_iam_role.InSpecRole.arn + lambda_name = "serverless-inspec-lambda" +} +``` + +## What Format Do JSON Files Need to Be in for the Function to Process Results? + +New files that are added to the S3 bucket under `unprocessed/*` and are in the below format can trigger the lambda and have it process the results properly. + +```javascript +{ + "data": {}, // This is where the HDF results go + "eval_tags": "ServerlessInspec,RHEL7" // These are any tags that should be assigned in Heimdall +} +``` ### NOTICE diff --git a/main.tf b/main.tf index 9670f84..b1ddbec 100644 --- a/main.tf +++ b/main.tf @@ -160,7 +160,7 @@ resource "null_resource" "push_image" { REPOSITORY_URL = aws_ecr_repository.mitre_heimdall_pusher.repository_url AWS_REGION = data.aws_region.current.name AWS_ACCOUNT_ID = data.aws_caller_identity.current.account_id - REPO_NAME = "mitre/serverless-heimdall-pusher-lambda" + REPO_NAME = "ghcr.io/mitre/serverless-heimdall-pusher-lambda" IMAGE_TAG = local.image_version } } diff --git a/variables.tf b/variables.tf index 0976fcf..ef906fc 100644 --- a/variables.tf +++ b/variables.tf @@ -38,12 +38,6 @@ variable "image_version" { default = null } -variable "lambda_role_arn" { - description = "The ARN for the IAM role that will be assigned to the lambda" - type = string - default = "" -} - variable "lambda_name" { description = "The name of the lambda function" type = string