post-finding security hub has issues with isoformat on ec2, asg and failing the lambda
See original GitHub issueDescribe the bug The lambda generated to post finding on Securityhub is failing on isoFormat
2020-09-30T10:13:04.829-04:00Copy[ERROR] 2020-09-30T14:13:04.828Z 6f0773e7-732f-4784-b4a1-182702d42ba6 error during policy executionTraceback (most recent call last): File "/var/task/c7n/handler.py", line 166, in dispatch_event p.push(event, context) File "/var/task/c7n/policy.py", line 1134, in push return mode.run(event, lambda_ctx) File "/var/task/c7n/policy.py", line 850, in run resources = super(ConfigRuleMode, self).run(event, lambda_context) File "/var/task/c7n/policy.py", line 450, in run return self.run_resource_set(event, resources) File "/var/task/c7n/policy.py", line 480, in run_resource_set results = action.process(resources) File "/var/task/c7n/resources/securityhub.py", line 409, in process finding = self.get_finding( File "/var/task/c7n/resources/securityhub.py", line 531, in get_finding finding_resources.append(self.format_resource(r)) File "/var/task/c7n/resources/asg.py", line 739, in format_resource details['CreatedTime'] = details['CreatedTime'].isoformat()AttributeError: 'int' object has no attribute 'isoformat' | [ERROR] 2020-09-30T14:13:04.828Z 6f0773e7-732f-4784-b4a1-182702d42ba6 error during policy execution Traceback (most recent call last): File "/var/task/c7n/handler.py", line 166, in dispatch_event p.push(event, context) File "/var/task/c7n/policy.py", line 1134, in push return mode.run(event, lambda_ctx) File "/var/task/c7n/policy.py", line 850, in run resources = super(ConfigRuleMode, self).run(event, lambda_context) File "/var/task/c7n/policy.py", line 450, in run return self.run_resource_set(event, resources) File "/var/task/c7n/policy.py", line 480, in run_resource_set results = action.process(resources) File "/var/task/c7n/resources/securityhub.py", line 409, in process finding = self.get_finding( File "/var/task/c7n/resources/securityhub.py", line 531, in get_finding finding_resources.append(self.format_resource(r)) File "/var/task/c7n/resources/asg.py", line 739, in format_resource details['CreatedTime'] = details['CreatedTime'].isoformat() AttributeError: 'int' object has no attribute 'isoformat'
– | –
To Reproduce used anchor for post finding
post-finding-failed: &post-finding-failed
type: post-finding
description: |
mandatory tags are required on S3.
title: "custodian-s3-mandatory-tags-missing"
severity_normalized: 70
types:
- "Software and Configuration Checks/AWS Security Best Practices"
recommendation: "Add data confidentiality tag to S3 buckets"
recommendation_url: "https://wikiurk"
compliance_status: FAILED
severity_label: HIGH
Policy
- name: ec2-mandatory-tag-check
resource: ec2
description: |
The policy checks the ec2 required tags
mode: *config-mode
filters:
- and: *filters-absent
- "tag:aws:autoscaling:groupName": absent
actions:
- <<: *post-finding-failed
title: "custodian-ec2-mandatory-tags-missing"
description: "Mandatory tags are required on ec2"
# - type: mark-for-op
# op: stop
# days: 7
- <<: *notify
violation_desc: "Mandatory Tags are missing on EC2"
ASG
- name: asg-ec2-mandatory-tag-check
resource: asg
description: |
The policy checks the asg required tags
mode: *config-mode
filters:
- and: *filters-absent
actions:
- <<: *post-finding-failed
title: "custodian-asg-ec2-mandatory-tags-missing"
description: "Mandatory tags are required on asg"
# - type: mark-for-op
# op: suspend
# days: 7
- <<: *notify
violation_desc: "Mandatory Tags are missing on ASG"
Expected behavior Lambda should publish to security hub
Background (please complete the following information):
- Python Version: [e.g. python 3.8.1]
- Custodian Version: [e.g. 0.9.4]
- Tool Version: [if applicable]
- Cloud Provider: [e.g. gcp, aws, azure]
- Policy: [please exclude any account/sensitive information]
policies:
- name: check-buckets
resource: aws.s3
- Traceback: [if applicable, please exclude sensitive/account information]
custodian version --debug
output
Additional context Add any other context about the problem here.
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (5 by maintainers)
Top GitHub Comments
this issue is specific to config rule mode afaics, and we’ll need to normalize the behavior when converting from config’s idiosyncratic formating.
Ec2 and EBS returns str and. ASG returns epoch time and all three breaking with isoFormat … obviously removing that works … I also tried date util parser … works for ebs and ec2 … fails for asg