The Custom::DeepSecurityLookup resource provider looks up the ID of existing resources from the Deep Security API.
To lookup a DeepSecurity resource id using your your AWS CloudFormation template, use the following syntax:
Client:
Type: Custom::DeepSecurityLookup
Properties:
Type: String
Name: String
Search: Object
Connection:
URL: 'https://app.deepsecurity.trendmicro.com/api'
ApiKeyParameterName: '/cfn-deep-security-provider/api_key'
ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:cfn-deep-security-provider'The name of the type to lookup in singular form. eg Policy, Rule, ComputerGroup etc.
The search criteria to lookup the object as defined by deep security /search api for specified type. It depends on the type, but normally it looks something like this:
maxItems: 0
searchCriteria:
- fieldName: string
booleanTest: true
numericTest: less-than
numericValue: 0
stringTest: equal
stringValue: string
stringWildcards: true
choiceTest: equal
choiceValue: string
firstDateValue: 0
firstDateInclusive: true
lastDateValue: 0
lastDateInclusive: true
nullTest: true
idValue: 0
idTest: less-than
sortByObjectID: trueof the resource to lookup. This is a shorthand notation for:
Search:
maxItems: 0
searchCriteria:
fieldName: name
stringValue: Nameto lookup the ID of the base policy, use:
LinuxServerPolicy:
Type: Custom::DeepSecurityLookup
Properties:
Type: Policy
Name: Linux ServerIn order to be able to manage the DeepSecurity resources, you need to obtain create an API key and
store it in the parameter store under the name specified ApiKeyParameterName.
aws ssm put-parameter --name /cfn-deep-security-provider/api-key --type SecureString --value="$API_KEY"
If you store these credentials in a different location, please specify the correct parameter names.
The search will return the ID of the search result, if precisely 1 result was found.