Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Scanii.com automatic S3 integration
Parameters:
bucketName:
Description: The bucket you would like to monitor for events
Type: String
scaniiApiKey:
Description: Your scanii.com API key
Type: String
scaniiApiSecret:
Description: Your scanii.com API secret
Type: String
scaniiApiEndpoint:
Description: Which endpoint should be used?
Type: String
Default: api.scanii.com
AllowedValues:
- api.scanii.com
- api-eu1.scanii.com
- api-eu2.scanii.com
- api-ap1.scanii.com
- api-ap2.scanii.com
- api-us1.scanii.com
actionTagObject:
Description: Should custom tags be added to S3 objects after processing?
Type: String
Default: yes
AllowedValues:
- true
- false
actionDeleteObjectOnFinding:
Description: Should S3 objects be DELETED once a finding is identified?
Type: String
Default: no
AllowedValues:
- true
- false
Resources:
ScaniiSubmitFn:
Type: AWS::Serverless::Function
DependsOn: ScaniiCallbackFn
Properties:
CodeUri: .
FunctionName: !Sub "${AWS::StackName}-Submit"
Handler: lib/s3-handler.handler
Runtime: nodejs12.x
MemorySize: 256
Timeout: 60
Description: Submits objects to be analyzed by scanii.com
AutoPublishAlias: live # enables automatic version tracking
Environment:
Variables:
API_KEY: !Sub ${scaniiApiKey}
API_SECRET: !Sub ${scaniiApiSecret}
API_ENDPOINT: !Sub ${scaniiApiEndpoint}
CALLBACK_URL: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/callback"
Policies:
- S3ReadPolicy:
BucketName:
Ref: bucketName
ScaniiCallbackFn:
Type: AWS::Serverless::Function
Properties:
CodeUri: .
FunctionName: !Sub "${AWS::StackName}-Callback"
Handler: lib/ag-handler.handler
Runtime: nodejs12.x
MemorySize: 256
Timeout: 60
Description: Handles scanii.com's result callbacks
AutoPublishAlias: live # enables automatic version tracking
Environment:
Variables:
API_KEY: !Sub ${scaniiApiKey}
API_SECRET: !Sub ${scaniiApiSecret}
ACTION_TAG_OBJECT: !Sub ${actionTagObject}
ACTION_DELETE_OBJECT: !Sub ${actionDeleteObjectOnFinding}
Events:
ScaniiCallback:
Type: Api
Properties:
Path: /{proxy+}
Method: any
Policies:
- Statement:
Effect: "Allow"
Action:
- "s3:DeleteObject"
- "s3:DeleteObjectTagging"
- "s3:GetObject"
- "s3:GetObjectTagging"
- "s3:GetObjectVersionTagging"
- "s3:PutObjectTagging"
- "s3:PutObjectVersionTagging"
Resource: !Sub "arn:aws:s3:::${bucketName}/*"
Outputs:
ApiURL:
Description: "Status!"
Value: "Scanii-lambda reporting for duty!"