Add feature : Security Hub bp check

2024-08-12 13:06:13 +09:00 · 2024-08-12 13:06:13 +09:00 · 14973510db
commit 14973510db
parent 858aab4eac
1 changed files with 19 additions and 2 deletions
--- a/services/security_hub.py
+++ b/services/security_hub.py
@ -2,10 +2,27 @@ from models import RuleCheckResult
 import boto3


-# client = boto3.client("")
+client = boto3.client("securityhub")
+
+sts_client = boto3.client("sts")


 def securityhub_enabled():
+    compliant_resources = []
+    non_compliant_resources = []
+    aws_account_id = sts_client.get_caller_identity()["Account"]
+
+    try:
+        hub = client.describe_hub()
+        compliant_resources.append(aws_account_id)
+    except Exception as e:
+        if e.__class__.__name__ == "InvalidAccessException":
+            non_compliant_resources.append(aws_account_id)
+        else:
+            raise e
+
    return RuleCheckResult(
-        passed=False, compliant_resources=[], non_compliant_resources=[]
+        passed=not non_compliant_resources,
+        compliant_resources=compliant_resources,
+        non_compliant_resources=non_compliant_resources,
    )