Once Bug 1216784 is done, update the tool and remove the "HACK" https://github.com/jeffbryner/MozDef/blob/204577667029385d96b0e2357b245b80fd7870eb/cron/cloudtrail2mozdef.py#L35
Could you take a look at the code and tell if it is safe to remove that hack?
:michal writes > I'd like to understand what this hack did and if we should disable it? Sure thing. The hack was to workaround the fact that the initial security audit roles which nubis created did not grant permissions broadly enough to enable us to query their account to determine which S3 bucket their CloudTrail trails were depositing logs into. As it was taking a long time to get the new security audit roles deployed in nubis which would solve this problem I added the "HACK" you see in the code which hard codes the name of the S3 bucket instead of dynamically querying for it. Now that the new security audit roles are in place if we remove the hack the code should now dynamically query the nubis accounts to find the name of the S3 bucket and work the same as it does now (but be less brittle without a hard coded value in the code)
I've create this PR which removes the hack https://github.com/mozilla/MozDef/pull/381