This is a JVM based lambda for processing access log events. It is part of the edge security solution for Cerberus.
ALBAccessLogEventHandler::handleScheduledEvent(), gets triggered every 5 minutes. ALBAccessLogEventHandler has a list of processors that can ingest the events and do various things like rate limiting.
To learn more about Cerberus, please see the Cerberus website.
This processor will query Athena and ensures that ips that show up more than the requests per interval limit are added to the auto block list for the Cerberus Env WAF
We would like to have a processor for auto blocking ips that spam bad requests.
To build and deploy the fat jar required for Lambda run ./gradlew cerberus-log-processor-lambda:sJ cerberus-log-processor-lambda:deploySam -Penv=[ENVIRONMENT]
To update with a new version, you'll need to remove the principal added to the alb log bucket and then delete stack before running the above command.