# Importing reports via AWS Lambda Function within AWS Security Hub

This is achieved using an AWS Lambda function written in Python. The function extracts an API key from AWS Secrets Manager, constructs a request with scanning data, and sends it to the specified AppSec Portal address.

## Step 1: Integration Preparation

1. AWS Lambda: Ensure you have a configured and functioning AWS Lambda function
2. AWS Secrets Manager: Create a secret in AWS Secrets Manager containing the [**API key**](/appsec-portal/features/scanners/importing-reports-from-scanners-to-appsec-portal.md#authorization-token) for accessing AppSec Portal. Ensure you have read access rights to this secret

## Step 2: Creating AWS Lambda Function

1. Navigate to the AWS Lambda console
2. Create a new Lambda function according to your requirements
3. Make sure the function has the necessary permissions to access Secrets Manager and make HTTP requests
4. Insert the code into the code editor of your function:

```python
import json
import boto3
import urllib.request
import urllib3


def lambda_handler(event, context):
    
    # Fetch AppSec Portal API key from AWS Secrets Manager
    client_sm = boto3.client('secretsmanager')
    appsec_portal_secret_raw = client_sm.get_secret_value(
        SecretId="<secret_name>"
    )
    appsec_portal_api_json = json.loads(appsec_portal_secret_raw["SecretString"])
    appsec_portal_api_token = "Token " + appsec_portal_api_json['key']
    
    while True:
        try:
            url = 'https://<portal_address>/api/v1/scan/import/'
            body = {
                "file": ("event.json", json.dumps(event)),
                "product_name": "AWS",
                "product_type": "AWS",
                "scanner_name": "AWS Security Hub Scan"
            }
            data, header = urllib3.encode_multipart_formdata(body)
            r = urllib.request.Request(url, data=data)
            r.add_header('Authorization', appsec_portal_api_token)
            r.add_header('Content-Type', header)
            response = urllib.request.urlopen(r)
            print(response.getcode())
        except Exception as e:
            raise e
        break
    return {
        'statusCode': 200,
        'body': json.dumps('Hello from Lambda!')
    }
```

Replace "***\<secret\_name>***" with the name of the secret in AWS Secrets Manager containing your API key for AppSec Portal

Replace "***\<portal\_address>***" with the address of your AppSec Portal

5. Save the changes made to the function

## Step 3: Running the Function

1. In the "Test" section of the AWS Lambda console, create a test event with content similar to your report to test the function
2. If the function passes testing successfully, publish it

Congratulations! Your function is now ready to send reports to AppSec Portal


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners/aws-security-hub-scan/importing-reports-via-aws-lambda-function-within-aws-security-hub.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.