Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Asset Inventory POC] Fetch S3 buckets #2045

Merged
merged 3 commits into from
Mar 21, 2024
Merged

[Asset Inventory POC] Fetch S3 buckets #2045

merged 3 commits into from
Mar 21, 2024

Conversation

romulets
Copy link
Member

@romulets romulets commented Mar 18, 2024
edited
Loading

Summary of your changes

Fetch S3 data for the Asset Inventory POC.

Decided to stick to what cloudbeat already fetches. It might change in the future, depending on what product requests.

Known Issues

The Bucket Policy Statement Principal can be a string "*" (allows anyone to assume the role) or an object with an specific principal. This is how aws defines it. Because we can't index fields string or object an error is thrown without any mapping. Either saying that can't convert object to string or can't convert string to object.

To prevent this, add this index with elastic console:

PUT /asset_inventory_infrastructure_storage_object-storage_s3
{
  "mappings": {
    "properties": {
      "asset.raw.bucket_policy": {
        "enabled": false
      }
    }
  }
}

That will disable indexing of asset.raw.bucket_policy. The whole policy will be indexed via resource_policies field

Screenshot/Data

image

Related Issues

@romulets romulets requested a review from a team as a code owner March 18, 2024 15:24
@mergify Mergify
Copy link

mergify bot commented Mar 18, 2024

This pull request does not have a backport label. Could you fix it @romulets? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
    NOTE: backport-skip has been added to this pull request.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 18, 2024
edited
Loading

📊 Allure Report - 💚 No failures were reported.

Result Count
🟥 Failed 0
🟩 Passed 162
⬜ Skipped 0

@romulets romulets force-pushed the poc_s3_bucket branch 4 times, most recently from cf1fe25 to 657d473 Compare March 20, 2024 14:13
@romulets romulets enabled auto-merge (squash) March 21, 2024 08:51
@romulets romulets merged commit b1fd4ae into elastic:main Mar 21, 2024
27 checks passed
@romulets romulets mentioned this pull request Mar 22, 2024
Merged
@romulets romulets deleted the poc_s3_bucket branch August 14, 2024 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moukoublen moukoublen moukoublen approved these changes

Assignees

@romulets romulets

Labels
backport-skip
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@romulets @moukoublen