Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cyhy-cvesync Lambda #25

Open
wants to merge 47 commits into
base: develop
Choose a base branch
from
Open

Add cyhy-cvesync Lambda #25

wants to merge 47 commits into from
+739 −358

Conversation

dav3r
Copy link
Member

@dav3r dav3r commented Nov 5, 2024
edited
Loading

🗣 Description

This PR adds the cyhy-cvesync-lambda. It is invoked when this code is initially applied, in order to populate the CVE collection in the database. It is also scheduled to run regularly, in order to keep up-to-date with CVE data.

Note that this PR is built on top of #12. For clarity, these are the commits that are specific and relevant to this PR:

💭 Motivation and context

The CyHy database should always include up-to-date CVE information in order to function correctly.

🧪 Testing

I applied these changes in a development environment and verified that the initial Lambda ran successfully against a database with no previously-loaded CVEs. I also confirmed that the Lambda ran successfully on the schedule that I selected.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • All new and existing tests pass.

@dav3r dav3r added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Nov 5, 2024
@dav3r dav3r requested a review from a team November 5, 2024 16:18
@dav3r dav3r self-assigned this Nov 5, 2024
jsf9k
jsf9k approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, but please see my one question.

outputs.tf Show resolved Hide resolved
jsf9k
jsf9k approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@jsf9k jsf9k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I snuck in another question!

variables.tf Outdated Show resolved Hide resolved
@dav3r
Specify backend
9a71ed2
@dav3r
Update variables from skeleton
00f90b7
@dav3r
Define default provider
5f6a052
@dav3r
Update versions
6371941
@dav3r
Use correct default backend bucket
5d76754
@dav3r
Remove an unused Terraform file
881e374
@dav3r
Set up providers
3eab4a1
@dav3r
Replace default variables with more useful ones
f4a17b1
@dav3r
Create VPC and subnets
ccf1b74
@dav3r
Remove example outputs inherited from skeleton
0e72e77
@dav3r
Define a DocumentDB cluster
405c161
@dav3r
Add a required variable for ssh_public_key_path
fcc12d8
@dav3r
Add an EC2 instance
6290d27 
This instance will be used to test access to the DocumentDB database.  It may be deleted later.
@dav3r
Add SG rules to allow the EC2 instance to communicate with the Docume…
765d00a 
…ntDB cluster
@dav3r
Add a locals file and grab the CyHy AWS account ID
04104cb
@dav3r
Add variables related to the cyhy-kevsync Lambda
e2c3ac3
@dav3r
Create a Lambda that runs the cyhy-kevsync-lambda code on a schedule
22f10c1
@dav3r
Initial README updates from skeleton template
90594df
@dav3r
Mention cisagov/cool-accounts-cyhy in the pre-requisites section
02c6fcb
@dav3r
Schedule the kevsync Lambda via an EventBridge expression, as opposed…
4f8086b 
… to scheduling it to run every X minutes.

This allows for more flexibility in scheduling.
@dav3r
Add the .ssh directory to the .gitignore file
327d5ab 
This is to prevent unintentional committing of the SSH credentials created in this repo.
@dav3r
Use an EventBridge TF module instead of doing it myself
7c537c0
dav3r and others added 25 commits November 15, 2024 11:25
@dav3r
Remove examples directory inherited from skeleton
e8e7ea6
@dav3r
Improve comments
3397a6d
@dav3r
Remove the input data to the kevsync Lambda
8fd3f75 
The Lambda no longer requires any event input; it just runs and does it's thang.
@dav3r
Add a new optional variable for the retention duration of CloudWatch …
98a0f3d 
…logs for the kevsync Lambda
@dav3r
Update README with latest output from terraform-docs
b27bb2d 
Also includes an updated variable description to satisfy the markdownlint pre-commit hook.
@dav3r
Correct a note in the README
bc5db67
@dav3r
Add variable to control DocumentDB cluster size
3df9199
@dav3r @jsf9k
Put variable names in backticks
190c7a9 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r @jsf9k
Put variable name in backticks
e8a54bf 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r
Invoke kevsync lamdba to initially load KEV data into the database
1141bf1
@dav3r @jsf9k
Reword a variable description and add a period
e5aebf2 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r
Include the version of the lambda deployment package S3 object in the…
833a4b0 
… kevsync lambda module

This allows Terraform to determine if a new version of the lambda deployment package is present in the bucket and if so, update the lambda function to use it.
@dav3r
Remove a couple of TODO comments
12c29bf
@dav3r
Disable volume tags on the EC2 instance
0feaa66 
We don't need them here and Terraform constantly wanted to add them on every apply, even when they were already present.
@dav3r
Update README to include all Terraform resources
c3e0424
@dav3r
Add some potentially-useful outputs
9cfefc6
@dav3r
Add a blank line per our usual style
7539f4f
@dav3r
Document Terraform outputs in README
81605e1
@dav3r
Remove unused "Examples" section from README
2ef53d9
@dav3r
Replace default variables with more useful ones
d788698
@dav3r
Add variables related to cyhy-cvesync-lambda
4bcb6be
@dav3r
Add the cyhy-cvesync-lambda
e927ed3 
Invoke it once upon deployment to initially load CVE data into the database.  Then, schedule it to run on a regular basis thereafter.
@dav3r
Update README to reflect the addition of the CVE sync Lambda
524985f
@dav3r @jsf9k
Mark all input variables as non-nullable
ba73936 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r @jsf9k
Add an explanatory comment
61b7c0f 
Co-authored-by: Shane Frasier <[email protected]>
@dav3r dav3r force-pushed the improvement/add-cyhy-cvesync-lambda branch from e2ec4db to 61b7c0f Compare November 15, 2024 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsf9k jsf9k jsf9k approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@dav3r dav3r

Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
CyHy Cloud
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dav3r @jsf9k