This Lambda function generates reports by mapping SIP (Security Information Program) question IDs to AWS Security Hub control IDs and their corresponding findings.
The application follows a clean, modular architecture:
src/
├── sip_security_hub_mapping/ # Main package
│ ├── __init__.py # Package exports
│ ├── config.py # Configuration management
│ ├── models.py # Data models
│ ├── security_hub_client.py # Security Hub operations
│ ├── s3_client.py # S3 operations
│ ├── mapping_service.py # SIP mapping logic
│ └── report_generator.py # Report generation orchestration
├── lambda_function.py # Lambda entry point
├── requirements.txt # Runtime dependencies
└── template.yaml # CloudFormation template
Centralized configuration management using environment variables.
Type-safe data models for findings, statistics, and reports.
Handles all Security Hub API interactions with proper error handling.
Manages S3 operations for reading mapping files and uploading reports.
Business logic for mapping SIP questions to Security Hub findings.
Orchestrates the entire report generation process.
S3_BUCKET_NAME: S3 bucket for storing generated reportsS3_FOLDER_NAME: Folder within the bucket (default: "security-hub-reports")MAPPING_BUCKET: S3 bucket containing the SIP mapping fileMAPPING_FILE: Name of the SIP mapping JSON file
- Security Hub Report: Complete findings grouped by SecurityControlId with statistics
- SIP Mapping Report: SIP question IDs mapped to their corresponding Security Hub findings
Run tests with:
python -m pytest test/Deploy using the CloudFormation template:
aws cloudformation deploy --template-file template.yaml --stack-name sip-security-hub-mapping