Merge pull request #49 from nshalabh/main

nshalabh · web-flow · commit 6be9fedd11e2 · 2025-11-26T21:22:30.000-06:00
fix: updated documentation for ServiceNow integration setup; missing dependencies for lambdas; updated deploy script to upload the private key from local filepath to s3 before being used in the cdk for deployment; updated cdk to use the new s3 bucket (instead of assets as it requires resolution of filepath at runtime)
diff --git a/assets/jira_client/requirements.txt b/assets/jira_client/requirements.txt
@@ -1,2 +1,3 @@
 boto3>=1.37.7
-jira
+jira
+requests>=2.31.0
diff --git a/assets/security_ir_client/requirements.txt b/assets/security_ir_client/requirements.txt
@@ -1,4 +1,6 @@
 boto3>=1.37.7
 aws-lambda-powertools>=2.30.2
 requests>=2.31.0
-pysnc
+pysnc==1.0.2
+PyJWT==2.8.0
+cryptography==41.0.7
diff --git a/assets/service_now_client/requirements.txt b/assets/service_now_client/requirements.txt
@@ -1,2 +1,4 @@
 boto3>=1.37.7
-pysnc
+pysnc==1.0.2
+PyJWT==2.8.0
+cryptography==41.0.7
diff --git a/assets/service_now_notifications_handler/index.py b/assets/service_now_notifications_handler/index.py
@@ -30,7 +30,7 @@
 logger.setLevel(logging.INFO)  # Set to INFO first
 
 # Get log level from environment variable
-log_level = os.environ.get("LOG_LEVEL", "error").lower()
+log_level = os.environ.get("LOG_LEVEL", "info").lower()
 print(f"LOG_LEVEL environment variable: {log_level}")  # Debug print
 if log_level == "debug":
     logger.setLevel(logging.DEBUG)
diff --git a/assets/service_now_notifications_handler/requirements.txt b/assets/service_now_notifications_handler/requirements.txt
@@ -1,3 +1,5 @@
 boto3>=1.37.7
-pysnc
-aws-lambda-powertools>=2.30.0
+pysnc==1.0.2
+aws-lambda-powertools>=2.30.0
+PyJWT==2.8.0
+cryptography==41.0.7
diff --git a/assets/service_now_resource_setup_handler/index.py b/assets/service_now_resource_setup_handler/index.py
@@ -12,12 +12,7 @@
 import uuid
 import jwt
 
-try:
-    # This import works for lambda function and imports the lambda layer at runtime
-    from service_now_wrapper import ServiceNowJWTAuth
-except ImportError:
-    # This import works for local development and imports locally from the file system
-    from ..wrappers.python.service_now_wrapper import ServiceNowJWTAuth
+# ServiceNowJWTAuth is not used in this file, removing the import
 
 # Configure logging
 logger = logging.getLogger()
diff --git a/assets/service_now_resource_setup_handler/requirements.txt b/assets/service_now_resource_setup_handler/requirements.txt
@@ -1,2 +1,4 @@
 requests==2.32.4
-boto3==1.34.0
+boto3==1.34.0
+PyJWT==2.8.0
+cryptography==41.0.7
diff --git a/assets/service_now_secret_rotation_handler/requirements.txt b/assets/service_now_secret_rotation_handler/requirements.txt
@@ -0,0 +1,2 @@
+boto3>=1.37.7
+requests>=2.31.0
diff --git a/assets/wrappers/python/service_now_wrapper.py b/assets/wrappers/python/service_now_wrapper.py
@@ -252,7 +252,7 @@ def __create_client(self) -> Optional[SnowClient]:
             encoded_jwt = self.__get_encoded_jwt(client_id, user_id)
             
             # Preparing ServiceNowJWTAuth for ServiceNowClient
-            auth = ServiceNowJWTAuth(client_id, client_secret, encoded_jwt)
+            auth = ServiceNowJWTAuth(self.instance_id, client_id, client_secret, encoded_jwt)
             
             return SnowClient(instance_url, auth)
 
diff --git a/aws_security_incident_response_sample_integrations/aws_security_incident_response_service_now_integration_stack.py b/aws_security_incident_response_sample_integrations/aws_security_incident_response_service_now_integration_stack.py
@@ -96,12 +96,12 @@ def __init__(
             description="The ServiceNow user ID for JWT authentication.",
         )
 
-        # Private key file path parameter
-        private_key_path_param = CfnParameter(
+        # Private key bucket parameter (from deploy script)
+        private_key_bucket_param = CfnParameter(
             self,
-            "privateKeyPath",
+            "privateKeyBucket",
             type="String",
-            description="Local file path to private key file.",
+            description="S3 bucket name containing the private key file.",
         )
 
         # Integration module parameter
@@ -142,13 +142,12 @@ def __init__(
         )
         service_now_user_id_ssm.apply_removal_policy(RemovalPolicy.DESTROY)
 
-        # Create S3 bucket for private key storage
+        # Use existing S3 bucket from deploy script
         from aws_cdk import aws_s3 as s3
-        private_key_bucket = s3.Bucket(
+        private_key_bucket = s3.Bucket.from_bucket_name(
             self,
             "ServiceNowPrivateKeyBucket",
-            removal_policy=RemovalPolicy.DESTROY,
-            auto_delete_objects=True,
+            private_key_bucket_param.value_as_string
         )
 
         # Create SSM parameters for S3 bucket location
@@ -834,10 +833,4 @@ def __init__(
             description="ServiceNow Webhook API Gateway URL",
         )
 
-        # Output S3 bucket for private key
-        CfnOutput(
-            self,
-            "PrivateKeyBucket",
-            value=private_key_bucket.bucket_name,
-            description="S3 bucket where private key should be uploaded as 'private.key'",
-        )
+
diff --git a/deploy-integrations-solution.py b/deploy-integrations-solution.py
@@ -14,6 +14,8 @@
 import subprocess  # nosec B404
 import sys
 import textwrap
+import boto3
+import os
 
 
 def deploy_jira(args):
@@ -69,7 +71,32 @@ def deploy_servicenow(args):
         int: Exit code (0 for success, non-zero for failure)
     """
     try:
-        # print("Service Now integration is under development/maintenance...Please wait for its release")
+        # Upload private key to S3 before deployment
+        if not os.path.exists(args.private_key_path):
+            print(f"\n❌ Error: Private key file not found: {args.private_key_path}")
+            return 1
+            
+        # Create S3 client and upload private key
+        s3_client = boto3.client('s3')
+        account = boto3.client('sts').get_caller_identity()['Account']
+        bucket_name = f"snow-key-{account}"
+        
+        try:
+            s3_client.create_bucket(Bucket=bucket_name)
+            print(f"\n📦 Created S3 bucket: {bucket_name}")
+        except s3_client.exceptions.BucketAlreadyOwnedByYou:
+            print(f"\n📦 Using existing S3 bucket: {bucket_name}")
+        except Exception as e:
+            print(f"\n❌ Error creating S3 bucket: {e}")
+            return 1
+            
+        # Upload private key file
+        try:
+            s3_client.upload_file(args.private_key_path, bucket_name, 'private.key')
+            print(f"\n🔑 Uploaded private key to s3://{bucket_name}/private.key")
+        except Exception as e:
+            print(f"\n❌ Error uploading private key: {e}")
+            return 1
         cmd = [
             "npx",
             "cdk",
@@ -91,7 +118,7 @@ def deploy_servicenow(args):
             "--parameters",
             f"AwsSecurityIncidentResponseServiceNowIntegrationStack:serviceNowUserId={args.user_id}",
             "--parameters",
-            f"AwsSecurityIncidentResponseServiceNowIntegrationStack:privateKeyAssetPath={args.private_key_path}",
+            f"AwsSecurityIncidentResponseServiceNowIntegrationStack:privateKeyBucket={bucket_name}",
             "--parameters",
             f"AwsSecurityIncidentResponseServiceNowIntegrationStack:integrationModule={args.integration_module}",
         ]
diff --git a/documentation/SERVICE_NOW/SERVICE_NOW.md b/documentation/SERVICE_NOW/SERVICE_NOW.md
diff --git a/requirements-dev.txt b/requirements-dev.txt

-Original file line number
+Diff line change
@@ @@ -1,2 +1,3 @@ @@
 boto3>=1.37.7
 -jira
 +jira
 +requests>=2.31.0