Resolve urllib3 conflicts within S3 bucket protection demo

s3-bucket-protection/demo.sh

@@ -39,16 +39,17 @@ then
 	read -p "EC2 Instance Key Name: " ECKEY
 	read -p "Trusted IP address: " TRUSTED
     UNIQUE=$(echo $RANDOM | md5sum | sed "s/[[:digit:].-]//g" | head -c 8)
-    rm lambda/falconpy-layer.zip >/dev/null 2>&1
-    curl -o lambda/falconpy-layer.zip https://falconpy.io/downloads/falconpy-layer.zip
+    # This demo will be using a custom version of the falconpy layer for now. - jshcodes@CrowdStrike 05.04.2023 #230
+    #rm lambda/falconpy-layer.zip >/dev/null 2>&1
+    #curl -o lambda/falconpy-layer.zip https://falconpy.io/downloads/falconpy-layer.zip
     if ! [ -f demo/.terraform.lock.hcl ]; then
         terraform -chdir=demo init
     fi
 	terraform -chdir=demo apply -compact-warnings --var falcon_client_id=$FID \
 		--var falcon_client_secret=$FSECRET --var instance_key_name=$ECKEY \
 		--var trusted_ip=$TRUSTED/32 --var unique_id=$UNIQUE --auto-approve
-    echo -e "$RD\nPausing for 30 seconds to allow configuration to settle.$NC"
-    sleep 30
+    echo -e "$RD\nPausing for 60 seconds to allow configuration to settle.$NC"
+    sleep 60
     all_done
 	exit 0
 fi

s3-bucket-protection/demo/instance.tf

@@ -43,8 +43,8 @@ resource "aws_instance" "amzn_instance" {
         cp /usr/sbin/ifconfig $TESTS/safe2.bin
         # MALICIOUS EXAMPLES
         wget -O malqueryinator.py https://raw.githubusercontent.com/CrowdStrike/falconpy/main/samples/malquery/malqueryinator.py
-        python3 -m pip install crowdstrike-falconpy
-        python3 malqueryinator.py -v "%s?action=CmdRes&u=%I64u&err=kill" -t wide -f malicious.zip -e 3 -k ${var.falcon_client_id} -s ${var.falcon_client_secret}
+        python3 -m pip install urllib3==1.26.15 crowdstrike-falconpy
+        python3 malqueryinator.py -v ryuk -t wide -f malicious.zip -e 3 -k ${var.falcon_client_id} -s ${var.falcon_client_secret}
         unzip -d $TESTS -P infected malicious.zip
         C=0
         for f in $(ls $TESTS --hide=**.*)

s3-bucket-protection/demo/lambda-function.tf

@@ -20,11 +20,21 @@ data "archive_file" "lambda_archive" {
     var.lambda_function_filename
     ]
 }
+variable "python_tools_layer_name" {
+    type = string
+    default = "AWSLambdaPowertoolsPythonV2"
+}
+data "aws_lambda_layer_version" "pythontools" {
+    layer_name = "arn:aws:lambda:${var.region}:017000801446:layer:${var.python_tools_layer_name}"
+    version = 30
+}
+
 resource "aws_lambda_layer_version" "falconpy" {
   filename      = "${path.cwd}/lambda/${var.falconpy_layer_filename}"
   layer_name    = "${var.unique_id}_${var.falconpy_layer_name}"
-  compatible_runtimes = ["python3.7", "python3.8"]
+  compatible_runtimes = ["python3.10"]
 }
+
 resource "aws_lambda_permission" "allow_bucket" {
   statement_id  = "AllowExecutionFromS3Bucket"
   action        = "lambda:InvokeFunction"
@@ -39,8 +49,8 @@ resource "aws_lambda_function" "func" {
   description   = var.lambda_description
   role          = aws_iam_role.iam_for_lambda.arn
   handler       = "lambda_function.lambda_handler"
-  layers        = [aws_lambda_layer_version.falconpy.arn]
-  runtime       = "python3.8"
+  layers        = [data.aws_lambda_layer_version.pythontools.arn, aws_lambda_layer_version.falconpy.arn]
+  runtime       = "python3.10"
   timeout       = 30
   depends_on = [data.archive_file.lambda_archive]
   environment {