Question

I've created some CloudFormation templates to deploy Inspector Templates/Targets and associated Lambda functions that parse the outputs and deliver findings to Slack. Is it possible to include in the CF template for Inspector an SNS Topic association as is done when creating a template in the Inspector portal?

It is not an available parameter of AWS::Inspector::AssessmentTemplate. Is this something I will just have to add manually via the portal?

Answer 1

I see the SNS option is available only in the UI and CLI/API, I guess the UI/CLI creates Cloudwatch Events rule for you in the background, you create your own rule using AWS::Events::Rule

Reference: Event Patterns

EventRule: Type:

"AWS::Events::Rule"

Properties: Description:

"EventRule"

EventPattern:

source: - "aws.inspector"

detail-type: - "AWS API Call via CloudTrail"

resources: - arn:aws:inspector:us-west-2:123456789012:target/0-nvgVhaxX/template/0-7sbz2Kz0 detail:

eventSource: - "inspector.amazonaws.com"

eventName: - "ASSESSMENT_RUN_COMPLETED"

State: "ENABLED"

Targets: - arn:aws:sns:us-west-2:123456789012:exampletopic

Comments

Hi. Unfortunately the events tracked via CloudTrail API calls (from looking at the CloudTrail logs) relate to assessment runs starts events themselves (StartAssessmentRun) rather than the messages that the assessment runs send out (ASSESSMENT_RUN_STARTED, ASSESSMENT_RUN_COMPLETED, FINDING_REPORTED etc.).