{"id":101429,"date":"2025-03-14T01:28:41","date_gmt":"2025-03-13T21:58:41","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/%d9%86%d8%b8%d8%a7%d8%b1%d8%aa-%d8%a8%d8%b1-%d8%a7%d9%86%d8%b7%d8%a8%d8%a7%d9%82-%d8%b3%db%8c%d8%a7%d8%b3%d8%aa-cloudformation-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-cloudtrail\/"},"modified":"2025-03-14T01:28:41","modified_gmt":"2025-03-13T21:58:41","slug":"%d9%86%d8%b8%d8%a7%d8%b1%d8%aa-%d8%a8%d8%b1-%d8%a7%d9%86%d8%b7%d8%a8%d8%a7%d9%82-%d8%b3%db%8c%d8%a7%d8%b3%d8%aa-cloudformation-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-cloudtrail","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/%d9%86%d8%b8%d8%a7%d8%b1%d8%aa-%d8%a8%d8%b1-%d8%a7%d9%86%d8%b7%d8%a8%d8%a7%d9%82-%d8%b3%db%8c%d8%a7%d8%b3%d8%aa-cloudformation-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-cloudtrail\/","title":{"rendered":"\u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0627\u0646\u0637\u0628\u0627\u0642 \u0633\u06cc\u0627\u0633\u062a CloudFormation: \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 CloudTrail \u0648 \u0622\u062a\u0646\u0627"},"content":{"rendered":"
\n

\u0645\u0642\u062f\u0645\u0647:<\/strong><\/p>\n

\u0627\u06cc\u0646 \u067e\u0633\u062a \u062c\u0632\u0626\u06cc\u0627\u062a \u0627\u062c\u0631\u0627\u06cc \u0631\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u0646\u0638\u0627\u0631\u062a \u062f\u0627\u0631\u062f \u0686\u0647 \u06a9\u0633\u06cc \u06cc\u0627 \u0686\u0647 \u0686\u06cc\u0632\u06cc \u0645\u0646\u0627\u0628\u0639 AWS \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 CloudFormation \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 AWS Config \u060c CloudTrail \u060c Athena \u0648 Lambda \u0645\u06cc \u062a\u0648\u0627\u0646 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0631\u0627 \u0631\u062f\u06cc\u0627\u0628\u06cc \u06a9\u0631\u062f \u060c \u0645\u06cc \u062a\u0648\u0627\u0646 \u06af\u0632\u0627\u0631\u0634 \u0647\u0627 \u0631\u0627 \u0645\u0648\u0631\u062f \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f \u0648 \u06af\u0632\u0627\u0631\u0634 \u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u0646\u0637\u0628\u0627\u0642 \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646 \u062e\u0648\u062f\u06a9\u0627\u0631 \u06a9\u0631\u062f. \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u062c\u0645\u0639 \u0622\u0648\u0631\u06cc \u0634\u062f\u0647 \u062f\u0631 \u0622\u0645\u0627\u0632\u0648\u0646 S3 \u0630\u062e\u06cc\u0631\u0647 \u0645\u06cc \u0634\u0648\u0646\u062f \u0648 \u0622\u0646 \u0631\u0627 \u0628\u0631\u0627\u06cc \u062d\u0633\u0627\u0628\u0631\u0633\u06cc \u0647\u0627 \u0648 \u062a\u0623\u06cc\u06cc\u062f \u0627\u0646\u0637\u0628\u0627\u0642 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u0646\u062f.<\/p>\n

\u062f\u0631\u0628\u0627\u0631\u0647 \u067e\u0631\u0648\u0698\u0647:<\/strong><\/p>\n

\u0627\u06cc\u0646 \u067e\u0633\u062a \u0628\u0631 \u0627\u0633\u0627\u0633 \u0645\u0642\u0627\u0644\u0647 \u0642\u0628\u0644\u06cc \u0645\u0646 \u062f\u0631 \u0645\u0648\u0631\u062f \u0646\u0638\u0627\u0631\u062a \u0628\u0631 Drift CloudFormation Stack \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0642\u0648\u0627\u0646\u06cc\u0646 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc AWS \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \u062f\u0631 \u0627\u06cc\u0646 \u0646\u0633\u062e\u0647 \u067e\u06cc\u0634\u0631\u0641\u062a\u0647 \u060c \u0642\u0627\u0628\u0644\u06cc\u062a \u0647\u0627\u06cc \u0646\u0638\u0627\u0631\u062a \u062a\u0648\u0633\u0637:<\/p>\n

\u067e\u06cc\u06af\u06cc\u0631\u06cc \u0641\u0639\u0627\u0644\u06cc\u062a \u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631<\/strong> \u0628\u0631 \u0631\u0648\u06cc \u0645\u0646\u0627\u0628\u0639 \u0627\u0628\u0631\u06cc \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f.
\u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u062c\u0632\u0626\u06cc\u0627\u062a \u062a\u063a\u06cc\u06cc\u0631<\/strong> \u0622\u0645\u0627\u0632\u0648\u0646 S3 \u0627\u0632 \u0637\u0631\u06cc\u0642 CloudTrail.
\u06af\u0632\u0627\u0631\u0634 \u0647\u0627\u06cc \u067e\u0631\u062f\u0627\u0632\u0634 \u0648 \u067e\u0631\u0633 \u0648 \u062c\u0648<\/strong> \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 AWS \u0622\u062a\u0646\u0627.
\u062a\u0631\u0645\u06cc\u0645 \u062e\u0648\u062f\u06a9\u0627\u0631<\/strong> \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0645\u062f\u06cc\u0631 \u0633\u06cc\u0633\u062a\u0645 AWS \u0648 \u0644\u0627\u0645\u0628\u062f\u0627.<\/p>\n

\u0627\u062c\u0632\u0627\u06cc \u0627\u0635\u0644\u06cc:
\u0642\u0627\u0646\u0648\u0646 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc AWS<\/strong>: \u0645\u0627\u0646\u06cc\u062a\u0648\u0631 \u0628\u0631\u0627\u06cc \u0631\u0627\u0646\u0634 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 CloudFormation_stack_Drift_Detection_Check.
\u0645\u062f\u06cc\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0645\u062f\u06cc\u0631 \u0633\u06cc\u0633\u062a\u0645<\/strong>: \u06cc\u06a9 \u0639\u0645\u0644\u06a9\u0631\u062f \u0644\u0627\u0645\u0628\u062f\u0627 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0628\u0631\u0631\u0633\u06cc \u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u0646\u0637\u0628\u0627\u0642 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc \u06a9\u0646\u062f.
\u0627\u0642\u062f\u0627\u0645 \u0627\u0635\u0644\u0627\u062d<\/strong>: \u0633\u0646\u062f \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 InvokeLambdafromConfig \u0631\u0627 \u0627\u062c\u0631\u0627 \u0645\u06cc \u06a9\u0646\u062f.
\u0633\u0637\u0644 \u0622\u0645\u0627\u0632\u0648\u0646 S3<\/strong>: \u0641\u0631\u0648\u0634\u06af\u0627\u0647 \u0647\u0627 \u0627\u0632 \u0646\u062a\u0627\u06cc\u062c CloudTrail \u0648 Athena Query.
\u0645\u06cc\u0632 \u0622\u062a\u0646\u0627<\/strong>: \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u062e\u0627\u0645 \u0631\u0627 \u0633\u0627\u0632\u0645\u0627\u0646\u062f\u0647\u06cc \u0648 \u0646\u0645\u0627\u06cc\u0634 \u062f\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f.
\u0645\u0633\u06cc\u0631 CloudTrail<\/strong>: \u067e\u0631\u0648\u0646\u062f\u0647 \u0647\u0627\u06cc \u0641\u0639\u0627\u0644\u06cc\u062a AWS API \u0631\u0627 \u0636\u0628\u0637 \u0645\u06cc \u06a9\u0646\u062f.
\u0639\u0645\u0644\u06a9\u0631\u062f \u0644\u0627\u0645\u0628\u062f\u0627<\/strong>: \u0646\u0627\u0645\u0647\u0627\u06cc \u0645\u0646\u0627\u0628\u0639 CloudFormation \u0631\u0627 \u0628\u0631\u0627\u06cc \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0627\u062e\u06cc\u0631 \u0622\u062a\u0646\u0627 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0645\u06cc \u06a9\u0646\u062f.
\u0632\u06cc\u0631\u0633\u0627\u062e\u062a Scema:
\"\u0637\u0631\u062d\"<\/p>\n

\u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u062f\u0631 infrastructure\/monitoring_stack_cloudtrail.yaml<\/code> \u0627\u0644\u06af\u0648\u06cc \u0627\u0628\u0631\u06cc:<\/p>\n

\n
    AWSTemplateFormatVersion: '2010-09-09'\n    Description: CloudTrail setup for monitoring CFN stack modifications\n\n    Parameters:\n      AthenaDatabaseName:\n        Type: String\n        Description: Athena database name for running queries\n        Default: 'cloudtrail_logs'\n      StackNameToMonitor:\n        Type: String\n        Description: CloudFormation stack name to monitor\n        Default: 'base-infrastructure'\n      MaximumExecutionFrequency:\n        Type: String\n        Description: The maximum frequency with which drift in CloudFormation stacks need to be evaluated\n        Default: 'One_Hour'\n\n    Resources:\n    #################################\n    # CloudTrail and Athena\n    #################################\n      CloudTrailLogsBucket:\n        Type: AWS::S3::Bucket\n        Properties:\n          BucketName: !Sub \"aws-cloudtrail-logs-${AWS::AccountId}\"\n          VersioningConfiguration:\n            Status: Enabled\n          LifecycleConfiguration:\n            Rules:\n              - Id: ExpireLogs\n                Status: Enabled\n                ExpirationInDays: 365\n\n      CloudTrailLogsBucketPolicy:\n        Type: AWS::S3::BucketPolicy\n        Properties:\n          Bucket: !Ref CloudTrailLogsBucket\n          PolicyDocument:\n            Version: \"2012-10-17\"\n            Statement:\n              - Sid: \"AWSCloudTrailAclCheck\"\n                Effect: Allow\n                Principal:\n                  Service: cloudtrail.amazonaws.com\n                Action: s3:GetBucketAcl\n                Resource: !Sub \"arn:${AWS::Partition}:s3:::aws-cloudtrail-logs-${AWS::AccountId}\"\n                Condition:\n                  StringEquals:\n                    AWS:SourceArn: !Sub \"arn:${AWS::Partition}:cloudtrail:${AWS::Region}:${AWS::AccountId}:trail\/monitoring-cfn-policy-compliance\"\n              - Sid: \"AWSCloudTrailWrite\"\n                Effect: Allow\n                Principal:\n                  Service: cloudtrail.amazonaws.com\n                Action: s3:PutObject\n                Resource: !Sub \"arn:${AWS::Partition}:s3:::aws-cloudtrail-logs-${AWS::AccountId}\/AWSLogs\/${AWS::AccountId}\/*\"\n                Condition:\n                  StringEquals:\n                    AWS:SourceArn: !Sub \"arn:${AWS::Partition}:cloudtrail:${AWS::Region}:${AWS::AccountId}:trail\/monitoring-cfn-policy-compliance\"\n                    s3:x-amz-acl: \"bucket-owner-full-control\"\n              - Sid: \"AthenaQueryResultPutObject\"\n                Effect: Allow\n                Principal:\n                  Service: athena.amazonaws.com\n                Action: s3:PutObject\n                Resource: !Sub \"arn:${AWS::Partition}:s3:::aws-cloudtrail-logs-${AWS::AccountId}\/athena-results\/*\"\n                Condition:\n                  StringEquals:\n                    aws:SourceArn: !Sub \"arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:workgroup\/primary\"\n\n      CloudTrail:\n        Type: AWS::CloudTrail::Trail\n        Properties:\n          TrailName: monitoring-cfn-policy-compliance\n          S3BucketName: !Ref CloudTrailLogsBucket\n          IncludeGlobalServiceEvents: true\n          IsMultiRegionTrail: true\n          EnableLogFileValidation: false\n          IsOrganizationTrail: false\n          IsLogging: true\n\n      AthenaDatabase:\n        Type: AWS::Glue::Database\n        Properties:\n          CatalogId: !Ref AWS::AccountId\n          DatabaseInput:\n            Name: !Ref AthenaDatabaseName\n\n      AthenaTable:\n        Type: AWS::Glue::Table\n        Properties:\n          CatalogId: !Ref AWS::AccountId\n          DatabaseName: !Ref AthenaDatabase\n          TableInput:\n            Name: !Sub \"aws_cloudtrail_logs_${AWS::AccountId}\"\n            TableType: EXTERNAL_TABLE\n            Parameters:\n              classification: cloudtrail\n            StorageDescriptor:\n              Columns:\n                - Name: eventVersion\n                  Type: string\n                - Name: userIdentity\n                  Type: struct,sessionIssuer:struct,ec2RoleDelivery:string,webIdFederationData:struct>>>\n                - Name: eventTime\n                  Type: string\n                - Name: eventSource\n                  Type: string\n                - Name: eventName\n                  Type: string\n                - Name: awsRegion\n                  Type: string\n                - Name: sourceIpAddress\n                  Type: string\n                - Name: userAgent\n                  Type: string\n                - Name: errorCode\n                  Type: string\n                - Name: errorMessage\n                  Type: string\n                - Name: requestParameters\n                  Type: string\n                - Name: responseElements\n                  Type: string\n                - Name: additionalEventData\n                  Type: string\n                - Name: requestId\n                  Type: string\n                - Name: eventId\n                  Type: string\n                - Name: resources\n                  Type: array>\n                - Name: eventType\n                  Type: string\n                - Name: apiVersion\n                  Type: string\n                - Name: readOnly\n                  Type: string\n                - Name: recipientAccountId\n                  Type: string\n                - Name: serviceEventDetails\n                  Type: string\n                - Name: sharedEventID\n                  Type: string\n                - Name: vpcEndpointId\n                  Type: string\n                - Name: tlsDetails\n                  Type: struct\n              Location: !Sub \"s3:\/\/aws-cloudtrail-logs-${AWS::AccountId}\/AWSLogs\/${AWS::AccountId}\/CloudTrail\/\"\n              InputFormat: com.amazon.emr.cloudtrail.CloudTrailInputFormat\n              OutputFormat: org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat\n              SerdeInfo:\n                SerializationLibrary: org.apache.hive.hcatalog.data.JsonSerDe\n\n    #################################\n    # Lambda function\n    #################################\n      LambdaExecutionRole:\n        Type: AWS::IAM::Role\n        Properties:\n          RoleName: LambdaAthenaQueryExecutionRole\n          AssumeRolePolicyDocument:\n            Version: '2012-10-17'\n            Statement:\n              - Effect: Allow\n                Principal:\n                  Service: \n                    - lambda.amazonaws.com\n                    - athena.amazonaws.com\n                Action:\n                  - sts:AssumeRole\n          Policies:\n            - PolicyName: CloudFormationDescribe\n              PolicyDocument:\n                Version: \"2012-10-17\"\n                Statement:\n                  - Effect: Allow\n                    Action:\n                      - cloudformation:DescribeStackResources\n                    Resource: \"arn:aws:cloudformation:*\"\n            - PolicyName: AthenaQueryPolicy\n              PolicyDocument:\n                Version: \"2012-10-17\"\n                Statement:\n                  - Effect: Allow\n                    Action:\n                    - athena:StartQueryExecution\n                    - athena:GetQueryExecution\n                    - athena:GetQueryResults\n                    - athena:GetWorkGroup\n                    - athena:GetDataCatalog\n                    - athena:GetTableMetadata\n                    - glue:GetDatabase\n                    - glue:GetTable\n                    - glue:GetPartitions\n                    Resource: \"*\"\n                  - Effect: Allow\n                    Action:\n                    - s3:PutObject\n                    - s3:GetObject\n                    - s3:ListBucket\n                    - s3:GetBucketLocation\n                    - s3:PutObjectAcl\n                    Resource: \n                      - !Sub \"arn:${AWS::Partition}:s3:::${CloudTrailLogsBucket}\"\n                      - !Sub \"arn:${AWS::Partition}:s3:::${CloudTrailLogsBucket}\/*\"\n                  - Effect: Allow\n                    Action:\n                      - lambda:AddPermission\n                    Resource: \"*\"\n                  - Effect: Allow\n                    Action:\n                      - logs:CreateLogGroup\n                      - logs:CreateLogStream\n                      - logs:PutLogEvents\n                    Resource: \"*\"\n\n      CheckCloudTrailLogsLambda:\n        Type: AWS::Lambda::Function\n        Properties:\n          FunctionName: CheckCloudTrailLogsLambda\n          Runtime: nodejs22.x\n          Handler: index.handler\n          Role: !GetAtt LambdaExecutionRole.Arn\n          Timeout: 120\n          MemorySize: 256\n          Environment:\n            Variables:\n              STACKS_TO_MONITOR: !Ref StackNameToMonitor\n              ATHENA_DATABASE: !Ref AthenaDatabase\n              ATHENA_TABLE: !Ref AthenaTable\n              S3_OUTPUT_BUCKET: !Ref CloudTrailLogsBucket\n          Code:\n            ZipFile: |\n              const { AthenaClient, StartQueryExecutionCommand } = require(\"@aws-sdk\/client-athena\");\n              const { CloudFormationClient, DescribeStackResourcesCommand } = require(\"@aws-sdk\/client-cloudformation\");\n\n              const athena = new AthenaClient({});\n              const cloudformation = new CloudFormationClient({});\n\n              exports.handler = async (event) => {\n                  console.log(\"Event received:\", JSON.stringify(event, null, 2));\n\n                  const stacks = process.env.STACKS_TO_MONITOR.split(\",\");\n                  const tableName = process.env.ATHENA_TABLE;\n                  const databaseName = process.env.ATHENA_DATABASE;\n                  const s3Bucket = process.env.S3_OUTPUT_BUCKET;\n\n                  let resourceNames = [];\n\n                  \/\/ Extract resource names from the CloudFormation stacks\n                  for (const stack of stacks) {\n                      const stackResources = await cloudformation.send(\n                          new DescribeStackResourcesCommand({ StackName: stack })\n                      );\n\n                      stackResources.StackResources.forEach(resource => {\n                          if (resource.PhysicalResourceId) {\n                              resourceNames.push(resource.PhysicalResourceId);\n                          }\n                      });\n                  }\n\n                  \/\/ Construct Athena query\n                  let whereClause = resourceNames.map(name => `resource.arn LIKE '%${name}%'`).join(\" OR \");\n                  let queryString = `\n                      SELECT \n                          userIdentity.userName AS username,\n                          eventName AS action,\n                          eventTime AS timestamp,\n                          resource.arn AS resource_arn,\n                          sourceIPAddress AS request_source,\n                          userAgent AS user_agent\n                      FROM ${tableName}\n                      CROSS JOIN UNNEST(resources) AS t(resource)\n                      WHERE (${whereClause})\n                      AND eventName IS NOT NULL\n                      AND userIdentity.userName IS NOT NULL\n                      AND from_iso8601_timestamp(eventTime) >= current_timestamp - INTERVAL '1' HOUR\n                      ORDER BY from_iso8601_timestamp(eventTime) DESC;\n                  `;\n\n                  \/\/ Run the Athena query\n                  const params = {\n                      QueryString: queryString,\n                      QueryExecutionContext: { Database: databaseName },\n                      ResultConfiguration: { OutputLocation: `s3:\/\/${s3Bucket}\/athena-results\/` }\n                  };\n\n                  try {\n                      const command = new StartQueryExecutionCommand(params);\n                      const queryExecution = await athena.send(command);\n                      console.log(\"Query started:\", queryExecution.QueryExecutionId);\n                      return { status: \"Query started successfully\", queryExecutionId: queryExecution.QueryExecutionId };\n                  } catch (error) {\n                      console.error(\"Error running query:\", error);\n                      throw error;\n                  }\n              };\n\n      LambdaPermissionForConfig:\n        Type: AWS::Lambda::Permission\n        Properties:\n          FunctionName: !Ref CheckCloudTrailLogsLambda\n          Action: lambda:InvokeFunction\n          Principal: config.amazonaws.com\n\n    #################################\n    # Config Rule\n    #################################\n      IamRoleForConfig2:\n        Type: AWS::IAM::Role\n        Properties:\n          RoleName: CfnDriftDetectionForCloudTrail\n          Description: IAM role for AWS Config to access CloudFormation drift detection\n          AssumeRolePolicyDocument:\n            Version: '2012-10-17'\n            Statement:\n              - Effect: Allow\n                Principal:\n                  Service: config.amazonaws.com\n                Action:\n                  - sts:AssumeRole\n          ManagedPolicyArns:\n            - arn:aws:iam::aws:policy\/ReadOnlyAccess\n          Policies:\n            - PolicyName: CloudFormationDriftDetectionpolicy\n              PolicyDocument:\n                Version: \"2012-10-17\"\n                Statement:\n                  - Effect: Allow\n                    Action:\n                      - cloudformation:DetectStackResourceDrift\n                      - cloudformation:DetectStackDrift\n                      - cloudformation:DescribeStacks\n                      - cloudformation:DescribeStackResources\n                      - cloudformation:BatchDescribeTypeConfigurations\n                      - cloudformation:DescribeStackResourceDrifts\n                      - cloudformation:DescribeStackDriftDetectionStatus\n                    Resource: !Sub \"arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:*\"\n\n      ConfigRuleCheckCloudTralLogs:\n        DependsOn:\n        - LambdaPermissionForConfig\n        Type: AWS::Config::ConfigRule\n        Properties:\n          ConfigRuleName: ConfigRuleCheckCloudTrailLogs\n          Description: AWS Config rule to detect drift in CFN stacks and check CloudTrail logs\n          Scope:\n            TagKey: stack-name\n            TagValue: !Ref StackNameToMonitor\n          Source:\n            Owner: AWS\n            SourceIdentifier: CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK\n          MaximumExecutionFrequency: !Ref MaximumExecutionFrequency\n          InputParameters:\n            cloudformationRoleArn: !GetAtt IamRoleForConfig2.Arn\n\n      IamRoleForRemediation:\n        Type: AWS::IAM::Role\n        Properties:\n          RoleName: AwsConfigRemediationActionInvokeLambda\n          Description: IAM role for AWS Config remediation action to invoke Lambda function\n          AssumeRolePolicyDocument:\n            Version: '2012-10-17'\n            Statement:\n              - Effect: Allow\n                Principal:\n                  Service:\n                    - config.amazonaws.com\n                    - ssm.amazonaws.com\n                Action:\n                  - sts:AssumeRole\n          Policies:\n            - PolicyName: InvokeLambdaPolicy\n              PolicyDocument:\n                Version: '2012-10-17'\n                Statement:\n                  - Effect: Allow\n                    Action:\n                      - lambda:InvokeFunction\n                    Resource: !GetAtt CheckCloudTrailLogsLambda.Arn\n\n      SsmDocumentInvokeLambda:\n        Type: AWS::SSM::Document\n        Properties:\n          DocumentType: Automation\n          Name: InvokeLambdaFromConfig\n          Content:\n            schemaVersion: \"0.3\"\n            description: \"SSM Automation document to invoke a Lambda function\"\n            parameters:\n              AutomationAssumeRole:\n                type: String\n                description: (Optional) The ARN of the role that allows Automation to perform the actions\n                default: !GetAtt IamRoleForRemediation.Arn\n            mainSteps:\n              - name: InvokeLambda\n                action: aws:invokeLambdaFunction\n                inputs:\n                  FunctionName: !Ref CheckCloudTrailLogsLambda\n                  Payload: '{}'\n                  InvocationType: Event\n                  LogType: None\n                maxAttempts: 2\n                timeoutSeconds: 30\n                onFailure: Abort\n                isCritical: true\n            assumeRole: !GetAtt IamRoleForRemediation.Arn\n\n      RemediationActionInvokeLambda:\n        Type: AWS::Config::RemediationConfiguration\n        Properties:\n          ConfigRuleName: !Ref ConfigRuleCheckCloudTralLogs\n          TargetType: SSM_DOCUMENT\n          TargetId: !Ref SsmDocumentInvokeLambda\n          Automatic: true\n          MaximumAutomaticAttempts: 2\n          RetryAttemptSeconds: 30\n          Parameters:\n            AutomationAssumeRole:\n              StaticValue:\n                Values:\n                  - !GetAtt IamRoleForRemediation.Arn\n<\/string><\/struct><\/string><\/string><\/string><\/code><\/pre>\n
\n
\n    \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n
    \u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n
\u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627:<\/strong><\/p>\n
\u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u062d\u0627\u0635\u0644 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u067e\u06cc\u0634 \u0646\u06cc\u0627\u0632\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f:<\/p>\n
    \n
  • \u06cc\u06a9 \u062d\u0633\u0627\u0628 AWS \u0628\u0627 \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u06a9\u0627\u0641\u06cc \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u0648 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0645\u0646\u0627\u0628\u0639.<\/li>\n
  • AWS CLI \u0631\u0648\u06cc \u062f\u0633\u062a\u06af\u0627\u0647 \u0645\u062d\u0644\u06cc \u0646\u0635\u0628 \u0634\u062f\u0647 \u0627\u0633\u062a.<\/li>\n
  • \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0647\u0627\u06cc CloudFormation \u0627\u0632 \u067e\u0633\u062a \u0642\u0628\u0644\u06cc \u0645\u0646 (\u062f\u0631 \u0635\u0648\u0631\u062a \u0648\u062c\u0648\u062f) \u0645\u0633\u062a\u0642\u0631 \u0634\u062f\u0647 \u0627\u0633\u062a.<\/li>\n<\/ul>\n
    \u0627\u0633\u062a\u0642\u0631\u0627\u0631:<\/strong><\/p>\n
      \n
    1. \u067e\u0634\u062a\u0647 CloudFormation \u0631\u0627 \u0645\u0633\u062a\u0642\u0631 \u06a9\u0646\u06cc\u062f.\n<\/li>\n<\/ol>\n
      \n
          aws cloudformation create-stack \\\n        --stack-name monitoring-policy-compliance \\\n        --template-body file:\/\/infrastructure\/monitoring_stack_cloudtrail.yaml \\\n        --capabilities CAPABILITY_NAMED_IAM \\\n        --disable-rollback\n<\/code><\/pre>\n
      \n
      \n    \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n
          \u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n
      2. \u0645\u0646\u0627\u0628\u0639 \u0645\u0633\u062a\u0642\u0631 \u0634\u062f\u0647 \u0628\u0627 \u067e\u0634\u062a\u0647. \u0645\u0642\u062f\u0627\u0631 \u0645\u0646\u0628\u0639 \u0631\u0627 \u0627\u0632 \u067e\u0634\u062a\u0647 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u067e\u0627\u06cc\u0647 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647 \u0648 \u0642\u0627\u0646\u0648\u0646 \u062a\u0634\u062e\u06cc\u0635 \u0631\u0627\u0646\u0634 \u0631\u0627 \u0628\u0631\u0627\u06cc \u062a\u0623\u06cc\u06cc\u062f \u0639\u0645\u0644\u06a9\u0631\u062f \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u06a9\u0646\u06cc\u062f.<\/p>\n
      \n
          aws ssm put-parameter --name \"ConnectionToken\" --value \"secret_token_value_2\" --type \"String\" --overwrite\n\n    aws configservice start-config-rules-evaluation --config-rule-names ConfigRuleCheckCloudTrailLogs\n<\/code><\/pre>\n
      \n
      \n    \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n
          \u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n
      3. \u0628\u0639\u062f \u0627\u0632 \u0627\u062c\u0631\u0627\u06cc \u062a\u0634\u062e\u06cc\u0635 \u0631\u0627\u0646\u0634 \u060c \u0646\u062a\u0627\u06cc\u062c \u067e\u0631\u0633 \u0648 \u062c\u0648 \u0622\u062a\u0646\u0627 \u0631\u0627 \u06a9\u0647 \u062f\u0631 S3 \u062a\u062d\u062a \/\u0648 \u0646\u062a\u0627\u06cc\u062c \u0622\u062a\u0646\u0627 \u062f\u0631 \u067e\u0631\u0648\u0646\u062f\u0647 .csv \u0630\u062e\u06cc\u0631\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u060c \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f.<\/p>\n
      \n
          aws s3 ls s3:\/\/\/athena-results\/ --recursive\n\n    aws s3 cp s3:\/\/\/.csv .\/\n<\/report_name><\/your-bucket-name><\/your-bucket-name><\/code><\/pre>\n
      \n
      \n    \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n
          \u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n
      \u062f\u0631 \u0627\u06cc\u0646\u062c\u0627 \u0646\u0645\u0648\u0646\u0647 \u0627\u06cc \u0627\u0632 \u0633\u06cc\u0627\u0647\u0647\u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u06cc\u0646 \u067e\u0631\u0648\u0646\u062f\u0647 \u0622\u0648\u0631\u062f\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a:<\/p>\n
      \"\u0633\u06cc\u0627\u0647\u0647\u0647\u0627\u06cc<\/p>\n
      )<\/p>\n
      \u0645\u0646\u0627\u0628\u0639 4.Cleanup. \u067e\u0633 \u0627\u0632 \u0622\u0632\u0645\u0627\u06cc\u0634 \u060c \u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 CloudTrail Trail \u0631\u0627 \u0645\u062a\u0648\u0642\u0641 \u06a9\u0646\u06cc\u062f \u060c \u062a\u0645\u0627\u0645 \u062f\u0627\u062f\u0647 \u0647\u0627 \u0631\u0627 \u0627\u0632 \u0633\u0637\u0644 S3 \u062d\u0630\u0641 \u06a9\u0646\u06cc\u062f \u0648 \u067e\u0634\u062a\u0647 CloudFormation \u0631\u0627 \u062d\u0630\u0641 \u06a9\u0646\u06cc\u062f.<\/p>\n
      \n
          aws cloudtrail stop-logging --name monitor-cfn-policy-compliance\n\n    aws s3 rm s3:\/\/ --recursive\n\n    aws cloudformation delete-stack --stack-name monitoring-policy-compliance\n<\/your-bucket-name><\/code><\/pre>\n
      \n
      \n    \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0631\u0627 \u0648\u0627\u0631\u062f \u06a9\u0646\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n
          \u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    \n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n
      \u0646\u062a\u06cc\u062c\u0647 \u06af\u06cc\u0631\u06cc:<\/strong><\/p>\n
      \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 \u0631\u0627\u0647 \u062d\u0644 \u060c \u062f\u06cc\u062f \u062f\u0631 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u062a\u0623\u062b\u06cc\u0631\u06af\u0630\u0627\u0631 \u0628\u0631 \u0645\u0646\u0627\u0628\u0639 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0627\u0628\u0631 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc \u06a9\u0646\u062f. \u0627\u06cc\u0646 \u0627\u0645\u0631 \u0628\u0627\u0639\u062b \u0627\u0641\u0632\u0627\u06cc\u0634 \u0627\u0645\u0646\u06cc\u062a \u060c \u067e\u06cc\u06af\u06cc\u0631\u06cc \u0627\u0646\u0637\u0628\u0627\u0642 \u0648 \u0622\u0645\u0627\u062f\u06af\u06cc \u062d\u0633\u0627\u0628\u0631\u0633\u06cc \u0645\u06cc \u0634\u0648\u062f. \u0627\u0645\u06a9\u0627\u0646 \u0648\u0631\u0648\u062f \u0648 \u067e\u0631\u0633 \u0648 \u062c\u0648 \u0627\u0632 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u06a9\u0627\u0631\u0628\u0631 \u060c \u067e\u0627\u0633\u062e \u0628\u0647 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u067e\u06cc\u0631\u0648\u06cc \u0627\u0632 \u0645\u0634\u062a\u0631\u06cc\u0627\u0646 \u060c \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u0646\u062f\u0647 \u0647\u0627 \u06cc\u0627 \u062a\u06cc\u0645 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0631\u0627 \u0633\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n
      \u0627\u06af\u0631 \u0627\u06cc\u0646 \u067e\u0633\u062a \u0631\u0627 \u0645\u0641\u06cc\u062f \u0648 \u062c\u0627\u0644\u0628 \u062f\u06cc\u062f\u06cc\u062f \u060c \u0644\u0637\u0641\u0627\u064b \u0631\u0648\u06cc \u062f\u06a9\u0645\u0647 \u0648\u0627\u06a9\u0646\u0634 \u0632\u06cc\u0631 \u06a9\u0644\u06cc\u06a9 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u062e\u0648\u062f \u0631\u0627 \u0646\u0634\u0627\u0646 \u062f\u0647\u06cc\u062f. \u062f\u0631 \u0635\u0648\u0631\u062a \u062a\u0645\u0627\u06cc\u0644 \u0628\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0648 \u0628\u0647 \u0627\u0634\u062a\u0631\u0627\u06a9 \u06af\u0630\u0627\u0634\u062a\u0646 \u0627\u06cc\u0646 \u067e\u0633\u062a. \ud83d\ude42<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
      \u0645\u0642\u062f\u0645\u0647: \u0627\u06cc\u0646 \u067e\u0633\u062a \u062c\u0632\u0626\u06cc\u0627\u062a \u0627\u062c\u0631\u0627\u06cc \u0631\u0627 \u0646\u0634\u0627\u0646 \u0645\u06cc \u062f\u0647\u062f \u06a9\u0647 \u0646\u0638\u0627\u0631\u062a \u062f\u0627\u0631\u062f \u0686\u0647 \u06a9\u0633\u06cc \u06cc\u0627 \u0686\u0647 \u0686\u06cc\u0632\u06cc \u0645\u0646\u0627\u0628\u0639 AWS \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 CloudFormation \u0631\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a. \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 AWS Config \u060c CloudTrail \u060c Athena \u0648 Lambda \u0645\u06cc \u062a\u0648\u0627\u0646 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0631\u0627 \u0631\u062f\u06cc\u0627\u0628\u06cc \u06a9\u0631\u062f \u060c \u0645\u06cc \u062a\u0648\u0627\u0646 \u06af\u0632\u0627\u0631\u0634 \u0647\u0627 \u0631\u0627 \u0645\u0648\u0631\u062f \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0642\u0631\u0627\u0631 …<\/p>\n","protected":false},"author":2,"featured_media":101430,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/media2.dev.to\/dynamic\/image\/width=1000,height=500,fit=cover,gravity=auto,format=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F31k6y0bquuanfluzw185.png","fifu_image_alt":"","footnotes":""},"categories":[339],"tags":[],"class_list":["post-101429","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dev"],"_links":{"self":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/101429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/comments?post=101429"}],"version-history":[{"count":0,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/101429\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media\/101430"}],"wp:attachment":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media?parent=101429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/categories?post=101429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/tags?post=101429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}