#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: MIT-0
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of this
* software and associated documentation files (the "Software"), to deal in the Software
* without restriction, including without limitation the rights to use, copy, modify,
* merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
* PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""
from typing import Optional
from aws_lambda_powertools import Logger
from quarantine.plugins.abstract_plugin import AbstractPlugin
from quarantine.utils import now
logger = Logger(child=True)
class TagInstance(AbstractPlugin):
"""
Tag the instance
"""
def execute(self) -> Optional[str]:
tags = [
{
"Key": "SOC-Status",
"Value": "quarantined",
},
{
"Key": "SOC-ContainedAt",
"Value": now(),
},
{
"Key": "SOC-FindingId",
"Value": self.finding_id,
},
{
"Key": "SOC-FindingSource",
"Value": "GuardDuty",
},
]
try:
self.ec2.create_tags(self.instance_id, tags)
message = f"Added incident tags to instance {self.instance_id}"
except Exception:
message = f"Unable to add tags to instance {self.instance_id}"
logger.exception(message)
return message