AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Resource Policy Attachment In Custom EventBus
More Info:
This rule checks if Amazon EventBridge custom event buses have a resource-based policy attached. It ensures that proper access controls are in place for custom event buses to prevent unauthorized access and ensure compliance with security best practices.
Risk Level
Low
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of Resource Policy Attachment in a Custom EventBus for AWS CloudWatch using the AWS Management Console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login with your credentials.
-
Navigate to CloudWatch: Click on the “Services” dropdown in the top left corner, search for “CloudWatch” in the search bar, and click on “CloudWatch” to open the CloudWatch dashboard.
-
Select Event Buses: In the CloudWatch dashboard, locate the “Event Buses” option in the left-hand menu and click on it.
-
Select Custom EventBus: Find the Custom EventBus that has the misconfigured Resource Policy Attachment and click on it to select it.
-
Edit Resource Policy: Locate the “Event bus policy” section and click on the “Edit policy” button to modify the Resource Policy Attachment.
-
Update Resource Policy: In the policy editor, review the existing policy and make necessary changes to ensure that only authorized resources have permission to access the Custom EventBus. You can use the AWS Policy Generator to create a new policy if needed.
-
Save Changes: After updating the Resource Policy Attachment, click on the “Save changes” button to apply the new policy to the Custom EventBus.
-
Verify Configuration: Once the policy is updated, verify that the Resource Policy Attachment is correctly configured by checking the permissions and access controls for the Custom EventBus.
By following these steps, you can remediate the misconfiguration of Resource Policy Attachment in a Custom EventBus for AWS CloudWatch using the AWS Management Console.
To remediate the misconfiguration of resource policy attachment in a custom EventBus for AWS CloudWatch using AWS CLI, follow these steps:
- List the existing Event Buses in your AWS account to identify the custom EventBus that has the misconfigured resource policy. Run the following AWS CLI command:
aws events list-event-buses
-
Identify the custom EventBus that has the misconfigured resource policy attachment.
-
Remove the existing resource policy attachment from the custom EventBus using the following AWS CLI command. Replace
<event-bus-name>with the name of the custom EventBus identified in step 2:
aws events remove-permission --statement-id default --event-bus-name <event-bus-name>
- Verify that the resource policy attachment has been successfully removed by listing the permissions for the custom EventBus using the following AWS CLI command:
aws events describe-event-bus --name <event-bus-name>
- If the resource policy attachment is successfully removed, you can now add the correct resource policy to the custom EventBus. Create a new resource policy document in JSON format and save it to a file (e.g.,
resource-policy.json). Here is an example of a resource policy that allows CloudWatch events:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "events:PutEvents",
"Resource": "arn:aws:events:us-east-1:123456789012:event-bus/<event-bus-name>"
}
]
}
- Attach the new resource policy to the custom EventBus using the following AWS CLI command. Replace
<event-bus-name>with the name of the custom EventBus:
aws events put-permission --event-bus-name <event-bus-name> --action events:PutEvents --principal events.amazonaws.com --statement-id default --policy file://resource-policy.json
- Verify that the new resource policy has been successfully attached to the custom EventBus by listing the permissions for the custom EventBus using the following AWS CLI command:
aws events describe-event-bus --name <event-bus-name>
By following these steps, you can remediate the misconfiguration of resource policy attachment in a custom EventBus for AWS CloudWatch using AWS CLI.
To remediate the misconfiguration of a resource policy attachment in a custom EventBus in AWS CloudWatch using Python, you can follow these steps:
-
Identify the Misconfigured Resource Policy: First, identify the custom EventBus in CloudWatch that has the misconfigured resource policy attachment. You can use the AWS SDK for Python (Boto3) to list the EventBuses and their associated resource policies.
-
Remove the Misconfigured Resource Policy: Use the
remove_permissionmethod from Boto3 to remove the misconfigured resource policy attachment from the custom EventBus. You will need to specify the EventBus name and the statement ID of the resource policy to be removed. -
Example Python Code:
import boto3 # Initialize the CloudWatch Events client cloudwatch_events = boto3.client('events') # Specify the name of the custom EventBus with the misconfigured resource policy event_bus_name = 'your-custom-event-bus-name' # Specify the statement ID of the misconfigured resource policy to be removed statement_id = 'your-misconfigured-statement-id' # Remove the misconfigured resource policy from the custom EventBus response = cloudwatch_events.remove_permission( StatementId=statement_id, EventBusName=event_bus_name ) print('Resource policy removed successfully') -
Run the Python Script: Execute the Python script on your local machine or in an AWS Lambda function to remove the misconfigured resource policy attachment from the custom EventBus in CloudWatch.
-
Verify Remediation: After running the script, verify that the resource policy attachment has been successfully removed from the custom EventBus by listing the EventBuses and checking the resource policies.
By following these steps and using the provided Python script, you can effectively remediate the misconfiguration of a resource policy attachment in a custom EventBus in AWS CloudWatch.