Is there any template when I want to use boto3 in my Panther detection?
When using boto3 in your detections, first you'll need a session to assume the role. For accessing it within a detection, you could create a helper function in a global helper file that gets the credentials, and then you need to implement the resource pull in your detection.
You can find relevant details in this AWS documentation: Switching to an IAM role (AWS API).
See an example below:
boto3_helper.py
import boto3
def get_aws_credentials():
sts_client = boto3.client('sts')
assumed_role_object=sts_client.assume_role(
RoleArn="to be populated",
RoleSessionName="AssumeRoleSession1")
return assumed_role_object['Credentials']
Please note that you can find more details about RoleArn, mentioned in the above statement, in step 1 of this article:📄 How can I access my own AWS resources from my Python Detections? Can I store secrets in Panther?
For any resource that you can pull/have access to with your role, you can use the following template to access your AWS account resources.
detection.py
from boto3_helper import get_aws_credentials
def rule(event):
credentials = get_aws_credentials()
AWS_REGION = "Populate with your AWS Region"
s3_resource=boto3.resource(
's3', region_name=AWS_REGION,
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'],
)