By using AWS re:Post, you agree to the Terms of Use
/AWS Security Hub analytic pipeline Cloud formation/

AWS Security Hub analytic pipeline Cloud formation

0

Hi,

Whilst I am able to run and complete a sample app in AWS CDK, When trying to follow the blog post on Security Hub pipeline I am consistently getting module errors for aws_cdk.

Is there any ability to be provided cloudformation for what the cdk script is trying to establish?

Thanks,

  • Hi User! I'm the author of this blog post and I'm happy to help.

    Can you provide more information as to the issues/error you are experiencing? You can provide more details either here or in an issue via Github. While we've had multiple customer deploy this successfully across multiple regions, I love to learn how I can improve your experience.

    Unfortunately, in this case, because CDK code deploys both containers and lambda functions as part of the cdk deploy, I cannot simply turn over generated cloudformation.

  • Hi David,

    Thanks for the prompt reply. Appreciate you taking the time to reach out regarding this issue. Thank you for the informaiton regarding containers and lambda's, I understand how a cloudformation would not suffice in this case.

    I thought that the problem is on my side. I first followed an example, checking my installation of CDK with sample-app as this was my first time using it. I confirmed that I was able to bootstrap the CDK and deploy it to ap-southeast-2 my default region and I had required permissions.

    I then moved onto the blog post after I had finished with sample-app but after setting up the .venv, activating it, and installing the requirements I am only able to get a traceback error.

    "Traceback (most recent call last): File "app.py", line 3, in <module> from aws_cdk import core as cdk ModuleNotFoundError: No module named 'aws_cdk'"

    I'm on Windows so, I have removed python and reinstalled, downgraded python to 3.8, tried to run the venv from both command promp and powershell, have tried to include system site packages in my pyvenv.cfg but nothing so far has worked the way it worked for me in the sample app.

2 Answers
0
Accepted Answer

Hi there, AWS Support Engineer here. Another way to quickly test out the blog solution is to spin up a Cloud9 environment, this way you can have a clean CDK IDE with all requirements installed in just a few minutes.

SUPPORT ENGINEER
answered 4 months ago
  • Thanks Zhiyuan, this suggested fixed my initial problem!

0

Based upon your traceback, it appears as though your pip install -r requirements.txt command is not installing the dependencies correct. You can troubleshooting this using the pip freeze command. The result of a pip freeze should look something like the following.

attrs==21.4.0
aws-cdk.assets==1.149.0
aws-cdk.aws-acmpca==1.149.0
aws-cdk.aws-apigateway==1.149.0
aws-cdk.aws-applicationautoscaling==1.149.0
aws-cdk.aws-autoscaling==1.149.0
aws-cdk.aws-autoscaling-common==1.149.0
aws-cdk.aws-autoscaling-hooktargets==1.149.0
aws-cdk.aws-certificatemanager==1.149.0
aws-cdk.aws-cloudformation==1.149.0
aws-cdk.aws-cloudfront==1.149.0
aws-cdk.aws-cloudwatch==1.149.0
aws-cdk.aws-codebuild==1.149.0
aws-cdk.aws-codecommit==1.149.0
aws-cdk.aws-codeguruprofiler==1.149.0
aws-cdk.aws-codepipeline==1.149.0
aws-cdk.aws-codestarnotifications==1.149.0
aws-cdk.aws-cognito==1.149.0
aws-cdk.aws-ec2==1.149.0
aws-cdk.aws-ecr==1.149.0
aws-cdk.aws-ecr-assets==1.149.0
aws-cdk.aws-ecs==1.149.0
aws-cdk.aws-efs==1.149.0
aws-cdk.aws-elasticloadbalancing==1.149.0
aws-cdk.aws-elasticloadbalancingv2==1.149.0
aws-cdk.aws-events==1.149.0
aws-cdk.aws-events-targets==1.149.0
aws-cdk.aws-globalaccelerator==1.149.0
aws-cdk.aws-glue==1.149.0
aws-cdk.aws-iam==1.149.0
aws-cdk.aws-kinesis==1.149.0
aws-cdk.aws-kinesisfirehose==1.149.0
aws-cdk.aws-kms==1.149.0
aws-cdk.aws-lambda==1.149.0
aws-cdk.aws-lambda-python==1.149.0
aws-cdk.aws-logs==1.149.0
aws-cdk.aws-route53==1.149.0
aws-cdk.aws-route53-targets==1.149.0
aws-cdk.aws-s3==1.149.0
aws-cdk.aws-s3-assets==1.149.0
aws-cdk.aws-s3-notifications==1.149.0
aws-cdk.aws-sam==1.149.0
aws-cdk.aws-secretsmanager==1.149.0
aws-cdk.aws-securityhub==1.149.0
aws-cdk.aws-servicediscovery==1.149.0
aws-cdk.aws-signer==1.149.0
aws-cdk.aws-sns==1.149.0
aws-cdk.aws-sns-subscriptions==1.149.0
aws-cdk.aws-sqs==1.149.0
aws-cdk.aws-ssm==1.149.0
aws-cdk.aws-stepfunctions==1.149.0
aws-cdk.cloud-assembly-schema==1.149.0
aws-cdk.core==1.149.0
aws-cdk.custom-resources==1.149.0
aws-cdk.cx-api==1.149.0
aws-cdk.region-info==1.149.0
boto3==1.21.21
botocore==1.24.21
cattrs==1.10.0
constructs==3.3.245
jmespath==1.0.0
jsii==1.55.1
publication==0.0.3
python-dateutil==2.8.2
s3transfer==0.5.2
six==1.16.0
typing_extensions==4.1.1
urllib3==1.26.9

You mentioned you are on windows. Are you running via Powershell Command Line or cmd? The virtual env command (% .venv/Scripts/activate.bat) is a bat file which runs via the cmd prompt. It looks like Powershell users can use .venv/bin/Activate.ps1 to activate the virtual environment.

answered 4 months ago
  • Hi David,

    Although I was getting the correct pip freeze and was utilising the correct activate script I was still unable to get my local environment working.

    I did take Zhiyuan_L's suggestion though and was able to get much further using Cloud9.

    I changed the app.py to only include ap-southeast-2 as that is the primary region and where we already monitor the organizations SecurityHub findings from. I have been able to get 2/3 stacks deployed, however the aggregator stack failed as we were already using ap-southeast-2 as our aggregation point for all other regions. The following image is what i ran into - https://i.postimg.cc/tTSXtP9z/stackfail.png

    Is there a way to remove this step and use our existing set up aggregation? I presume this stack contains other important components that required and not just configuring the SecurityHub aggregator.

    Any insight would be much appreciated.

    Thanks

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions