Skip to content

Latest commit

 

History

History
68 lines (49 loc) · 2.33 KB

File metadata and controls

68 lines (49 loc) · 2.33 KB

SIP-SecurityHub-Mapping Lambda Function

This Lambda function generates reports by mapping SIP (Security Information Program) question IDs to AWS Security Hub control IDs and their corresponding findings.

Architecture

The application follows a clean, modular architecture:

src/
├── sip_security_hub_mapping/          # Main package
│   ├── __init__.py                    # Package exports
│   ├── config.py                      # Configuration management
│   ├── models.py                      # Data models
│   ├── security_hub_client.py         # Security Hub operations
│   ├── s3_client.py                   # S3 operations
│   ├── mapping_service.py             # SIP mapping logic
│   └── report_generator.py            # Report generation orchestration
├── lambda_function.py                 # Lambda entry point
├── requirements.txt                   # Runtime dependencies
└── template.yaml                      # CloudFormation template

Key Components

Config (config.py)

Centralized configuration management using environment variables.

Models (models.py)

Type-safe data models for findings, statistics, and reports.

SecurityHubClient (security_hub_client.py)

Handles all Security Hub API interactions with proper error handling.

S3Client (s3_client.py)

Manages S3 operations for reading mapping files and uploading reports.

MappingService (mapping_service.py)

Business logic for mapping SIP questions to Security Hub findings.

ReportGenerator (report_generator.py)

Orchestrates the entire report generation process.

Environment Variables

  • S3_BUCKET_NAME: S3 bucket for storing generated reports
  • S3_FOLDER_NAME: Folder within the bucket (default: "security-hub-reports")
  • MAPPING_BUCKET: S3 bucket containing the SIP mapping file
  • MAPPING_FILE: Name of the SIP mapping JSON file

Generated Reports

  1. Security Hub Report: Complete findings grouped by SecurityControlId with statistics
  2. SIP Mapping Report: SIP question IDs mapped to their corresponding Security Hub findings

Testing

Run tests with:

python -m pytest test/

Deployment

Deploy using the CloudFormation template:

aws cloudformation deploy --template-file template.yaml --stack-name sip-security-hub-mapping