Clojure lambda which knows how to scan blob files and find sensitive information.
- Create a role for this lambda allowing it to read all files in all buckets.
- Create a cloudtrail log on your account so every file uploaded to s3 will be logged.
- Create a bucket which will be used to store the lambda artifact. Then configure this bucket on
scripts/manager - Edit the
scripts/managescript and add you account information and the correctiam-role - Deploy the lambda with this command:
bash scripts/manage deploy - Create a cloudtrail trigger to your lambda.
bash scripts/manage deploy
- Credit card numbers
- JWT Tokens
- PII (CPF and emails)
- Shannon's entropy
- Create your detector in the following path
src/shaggy_rogers/detectors/. - Add your detector handler on the def
invoke-all-detectorsinside thesrc/shaggy_rogers/engine.cljfile.
Simple example of a detector which finds the word banana in the files.
(ns shaggy.rogers.detector.bananas)
(defn handler [{:keys [text-document] :as finding}]
(println {:fn ::handler :finding finding :text-document text-document})
(let [bananas (->> text-document
(re-seq #"banana"))]
(if (empty? bananas)
finding
(assoc finding :banana-detector {:bananas bananas}))))