← All projects
02 BEGINNER

Compliance evidence crawler

AWS Lambda collecting compliance evidence from CloudTrail, Config, and Security Hub on a schedule.

Overview

Serverless function that queries AWS services for compliance evidence on a configurable schedule. Event-driven and cost-effective — runs only when needed and outputs structured evidence packages formatted for auditor consumption.

Implementation

Extracts CloudTrail logs filtered by compliance-relevant API calls, Config rule evaluation history, and Security Hub findings. Bundles everything into timestamped, resource-tagged JSON packages and uploads to an S3 audit bucket. Supports multi-account via assumed roles.

Terminal output
compliance-evidence-crawler.py
[Lambda] ccm-evidence-crawler triggered [time] 2025-04-16T09:00:00Z → Querying CloudTrail... 1,204 events collected → Querying AWS Config... 48 rules evaluated 3 NON_COMPLIANT resources → Querying Security Hub... 12 FAILED findings → Packaging evidence bundle... ✓ s3://audit-bucket/2025-04-16/evidence.zip
Stack
AWS LambdaPythonCloudWatch EventsS3
Source code

Source repository in the works — check back soon.