forked from aws-samples/aws-securityhub-to-email
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SecurityHubFindingsToEmail.json
66 lines (62 loc) · 2.28 KB
/
SecurityHubFindingsToEmail.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This CloudFormation Template will enable you to create custom action in AWS SecurityHub console to allow findings to be sent to an email address ",
"Parameters": {
"EmailAddress": {
"Type": "String",
"Description": "An email address to recieve Security Hub Findings"
}
},
"Resources": {
"SendFindingsTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"DisplayName": "SendFindingsTopic",
"Subscription": [ {
"Endpoint" : {"Ref" : "EmailAddress"},
"Protocol" : "email"
} ],
"TopicName": "SendFindingsTopic"
}
},
"CWESnsPolicy": {
"Type": "AWS::SNS::TopicPolicy",
"Properties": {
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TrustCWEToPublsihEvents",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sns:Publish",
"Resource": "*"
}
]
},
"Topics": [
{
"Ref": "SendFindingsTopic"
}
]
}
},
"SecurityHubFindingsToEmail": {
"Type": "AWS::Events::Rule",
"Properties": {
"Name" : "SecurityHubFindingsToEmail",
"Description": "CloudWatchEvents Rule to enable SecurityHub Findings in email ",
"EventPattern": {
"source": ["aws.securityhub"],
"resources": [{ "Fn::Join" : [ ":", [ "arn", "aws", "securityhub", { "Ref" : "AWS::Region" }, { "Ref" : "AWS::AccountId" }, { "Fn::Join" : [ "/", [ "action", "custom", "SendToEmail"] ] }]]}]
},
"State": "ENABLED",
"Targets": [{"Id": "SendFindingsTopic","Arn": {"Ref": "SendFindingsTopic"}}]
}
}
},
"Outputs": {
}
}