Have you ever want to be notified of new security advisories? Not sure how to do so? In this blog post we will go over how you can notify your team of new RSS security advisory feeds through lambda, sns, cloudwatch events, and dynamodb to ensure you get the latest notifications. This goes over the creation of RSS Notification Terraform Module and how to setup alerts for your given advisory feed.
Advisory Feeds
Often times security advisories are sent to RSS feeds but they do not provide you an excellent way of getting your team notified when a new advisory comes out. It’s not uncommon for individuals to have RSS readers to keep up to date with these it is currently the best centralized way of reviewing new advisories.
Let’s say you want to get notified when a Jenkins Plugin receives a new security advisory, you deploy the following leveraging terragrunt.
Variables
The alert_name is just the name for the resources that terraform will create, hours_since determines how far back to check when iterating through advisories, rss_feed_url is the url of the rss feed, and rss_filter is a string you can use to filter on the rss feed. In order for you to get notified of multiple plugins, all you need to do is add a comma delimeter and it will check for multiple plugins.
DynamoDB
In order to determine if an item has already been alerted on, we need to store the state in the dynamodb table. In which we use the url as the primary key, hash key, to do so. This also stores additional information about what the event will look like.
Execution
Here is what the Lambda function will execute with when there is currently no notification stored in state.
When the notification has already been alerted on.