Overview

This Action uses the GCP Data Loss Prevention (DLP) API to scan decrypted SendSafely package contents for sensitive material. Packages containing information in violation of your organization's DLP rules can then be blocked or otherwise handled accordingly, and the appropriate stakeholders notified.

To request the template for this Action example, please reach out to your SendSafely account rep. 

Please note that this Action requires access to the contents of SendSafely packages, and thus must be configured with a Trusted Browser Key (for packages owned by a specific user) or Portal Master Key (for all packages in your portal).

Setup Instructions

Package / Deploy with AWS CLI

Package

Package the code to S3 and generate a packaged-template.yaml used for deployment:

aws cloudformation package \
--template-file template.yaml \
--s3-bucket <bucket-name> \
--output-template-file packaged-template.yaml

Deploy

Deployment Options:

1. Manually upload the packaged-template.yaml that was generated with package command to CloudFormation.
2. Deploy using the aws cli with the following command:

aws cloudformation deploy \
--template-file packaged-template.yaml \
--stack-name <stack-name> \
--s3-bucket <bucket-name> \ 
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM

Package / Deploy with SAM CLI

Package

Package the code to S3 and generate a packaged-template.yaml used for deployment:

sam package \
--template-file template.yaml \
--output-template-file packaged-template.yaml \
--s3-bucket <bucket-name>

Deploy

Deployment Options:

1. Manually upload the packaged-template.yaml that was generated with package command to Cloud Formation.
2. Deploy using the aws cli with the following command:

sam deploy \
--template-file "packaged-template.yaml" \
--stack-name <stack-name> \
--s3-bucket <bucket-name> \
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM