@renovosolutions/cdk-library-crowdstrike-ingestion
Advanced tools
A CDK library to ease repetetive construct creation for CrowdStrike data ingestion
A CDK library to ease repetitive construct creation for CrowdStrike data ingestion.
This library provides a construct that creates an S3 bucket with the necessary configuration for CrowdStrike data ingestion, along with an SQS queue for notifications, an IAM role for access, and optionally a KMS key for encryption.
It also provides another construct that handles creating log group subscriptions to a central bucket, along with the role needed for CloudWatch Logs to create the subscription.
See API
This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.
import { Stack, StackProps, Duration, aws_iam as iam, aws_logs as logs } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { CrowdStrikeBucket, CrowdStrikeLogSubscription } from '@renovosolutions/cdk-library-crowdstrike-ingestion';
export class CrowdStrikeIngestionStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
// Basic usage with default settings
new CrowdStrikeBucket(this, 'BasicBucket', {
bucketName: 'my-crowdstrike-bucket',
crowdStrikeRoleArn: 'arn:aws:ssm:us-east-1:123456789012:parameter/custom/crowdstrike/roleArn',
crowdStrikeExternalIdParameterArn: 'arn:aws:ssm:us-east-1:123456789012:parameter/custom/crowdstrike/externalId',
});
// Advanced usage with KMS key and organization access
new CrowdStrikeBucket(this, 'AdvancedBucket', {
bucketName: 'my-advanced-crowdstrike-bucket',
createKmsKey: true,
keyProps: {
alias: 'crowdstrike-key',
enableKeyRotation: true,
description: 'KMS Key for CrowdStrike data encryption',
},
queueProps: {
queueName: 'crowdstrike-notifications',
visibilityTimeout: Duration.seconds(300),
},
roleProps: {
roleName: 'crowdstrike-access-role',
assumedBy: new iam.PrincipalWithConditions(new iam.ArnPrincipal('arn:aws:iam::123456789012:role/CrowdStrikeRole'), {
StringEquals: {
'sts:ExternalId': 'externalId123',
},
}),
},
loggingBucketSourceName: 'my-logging-bucket', // Allow this bucket to send access logs
orgId: 'o-1234567', // Allow all accounts in the organization to write to the bucket });
// Example of creating a log group subscription
const logGroup = new aws_logs.LogGroup(this, 'MyLogGroup', {
logGroupName: 'my-log-group',
});
const subscription = new CrowdStrikeLogSubscription(stack, 'BasicTestSubscription', {
logGroup,
logDestinationArn: 'arn:aws:logs:us-east-1:123456789012:destination:test-destination',
});
new CrowdStrikeLogSubscription(stack, 'AdvancedTestSubscription', {
logGroup,
logDestinationArn: 'arn:aws:logs:us-east-1:123456789012:destination:another-test-destination',
role: subscription.role,
filterPattern: 'error',
});
}
}
from aws_cdk import (
Stack,
Duration,
aws_iam as iam,
aws_kms as kms,
aws_logs as logs,
)
from constructs import Construct
from crowdstrike_ingestion import ( CrowdStrikeBucket, CrowdStrikeLogSubscription )
class CrowdStrikeIngestionStack(Stack):
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Basic usage with default settings
CrowdStrikeBucket(self, 'BasicBucket',
bucket_name='my-crowdstrike-bucket',
crowd_strike_role_arn='arn:aws:ssm:us-east-1:123456789012:parameter/custom/crowdstrike/roleArn', crowd_strike_external_id_parameter_arn='arn:aws:ssm:us-east-1:123456789012:parameter/custom/crowdstrike/externalId')
# Advanced usage with KMS key and organization access
CrowdStrikeBucket(self, 'AdvancedBucket',
bucket_name='my-advanced-crowdstrike-bucket',
create_kms_key=True,
key_props={
alias='crowdstrike-key',
enable_key_rotation=True,
description='KMS Key for CrowdStrike data encryption'
},
queue_props={
'queue_name': 'crowdstrike-notifications',
'visibility_timeout': Duration.seconds(300)
},
role_props={
'role_name': 'crowdstrike-access-role',
'assumed_by': iam.PrincipalWithConditions(
iam.ArnPrincipal('arn:aws:iam::123456789012:role/CrowdStrikeRole'),
{'StringEquals': {'sts:ExternalId': 'externalId123'}})
},
logging_bucket_source_name='my-logging-bucket', # Allow this bucket to send access logs
org_id='o-1234567') # Allow all accounts in the organization to write to the bucket
# Example of creating a log group subscription
log_group = logs.LogGroup(self, 'MyLogGroup', log_group_name='my-log-group')
subscription = CrowdStrikeLogSubscription(self, 'BasicTestSubscription',
log_group=log_group,
log_destination_arn='arn:aws:logs:us-east-1:123456789012:destination:test-destination')
CrowdStrikeLogSubscription(self, 'AdvancedTestSubscription',
log_group=log_group,
log_destination_arn='arn:aws:logs:us-east-1:123456789012:destination:another-test-destination',
role=subscription.role,
filter_pattern='error')
using Amazon.CDK;
using IAM = Amazon.CDK.AWS.IAM;
using KMS = Amazon.CDK.AWS.KMS;
using Logs = Amazon.CDK.AWS.Logs;
using SQS = Amazon.CDK.AWS.SQS;
using Constructs;
using System.Collections.Generic;
using renovosolutions;
namespace CrowdStrikeIngestionExample
{
public class CrowdStrikeIngestionStack : Stack
{
internal CrowdStrikeIngestionStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
// Basic usage with default settings
new CrowdStrikeBucket(this, "BasicBucket", new CrowdStrikeBucketProps
{
BucketName = "my-crowdstrike-bucket",
CrowdStrikeRoleArn = "arn:aws:ssm:us-east-1:123456789012:parameter/custom/crowdstrike/roleArn", CrowdStrikeExternalIdParameterArn = "arn:aws:ssm:us-east-1:123456789012:parameter/custom/crowdstrike/externalId"
});
// Advanced usage with KMS key and organization access
new CrowdStrikeBucket(this, "AdvancedBucket", new CrowdStrikeBucketProps
{
BucketName = "my-advanced-crowdstrike-bucket",
CreateKmsKey = true,
KeyProps = new KMS.KeyProps
{
Alias = "crowdstrike-key",
EnableKeyRotation = true,
Description = "KMS Key for CrowdStrike data encryption"
},
QueueProps = new SQS.QueueProps
{
QueueName = "crowdstrike-notifications",
VisibilityTimeout = Duration.Seconds(300)
},
RoleProps = new IAM.RoleProps
{
RoleName = "crowdstrike-access-role"
AssumedBy = new IAM.PrincipalWithConditions(new IAM.ArnPrincipal("arn:aws:iam::123456789012:role/CrowdStrikeRole"), new Dictionary<string, object>
{
{ "StringEquals", new Dictionary<string, string> { { "sts:ExternalId", "externalId123" } } }
})
},
LoggingBucketSourceName = "my-logging-bucket", // Allow this bucket to send access logs
OrgId = "o-1234567" // Allow all accounts in the organization to write to the bucket });
// Example of creating a log group subscription
var logGroup = new Logs.LogGroup(this, "MyLogGroup", new Logs.LogGroupProps
{
LogGroupName = "my-log-group"
});
var subscription = new CrowdStrikeLogSubscription(this, "BasicTestSubscription", new CrowdStrikeLogSubscriptionProps
{
LogGroup = logGroup,
LogDestinationArn = "arn:aws:logs:us-east-1:123456789012:destination:test-destination"
});
new CrowdStrikeLogSubscription(this, "AdvancedTestSubscription", new CrowdStrikeLogSubscriptionProps
{
LogGroup = logGroup,
LogDestinationArn = "arn:aws:logs:us-east-1:123456789012:destination:another-test-destination",
Role = subscription.Role,
FilterPattern = "error"
});
}
}
}
FAQs
A CDK library to ease repetetive construct creation for CrowdStrike data ingestion
We found that @renovosolutions/cdk-library-crowdstrike-ingestion demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.