├── lambda
    ├── function.zip
    ├── test.js
    ├── index.js
    └── slack.js
├── readme.md
├── .gitignore
├── LICENSE
└── 2020-02_s3_dlp_flow.svg


/lambda/function.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/darkbitio/aws-s3-dlp/HEAD/lambda/function.zip


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | # Simple S3 DLP
 2 | 
 3 | This is a tool to monitor unauthorized or unexpected data transfer from S3 buckets in your org to an external account. It works by triggering CloudWatch rules generated by S3 API `CopyObject` events. These events are then sent to an SNS Topic, which in turn invoke a Lambda function to parse the event and send a Slack notification if objects were copied to an external account.
 4 | 
 5 | ![flow](2020-02_s3_dlp_flow.svg)
 6 | 
 7 | ### Setup
 8 | 
 9 | The step-by-step setup instructions can be found in [this blog post](https://darkbit.io/blog/2020/02/18/simple-dlp-for-amazon-s3).
10 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Local .terraform directories
 2 | **/.terraform/*
 3 | 
 4 | # .tfstate files
 5 | *.tfstate
 6 | *.tfstate.*
 7 | 
 8 | # Crash log files
 9 | crash.log
10 | 
11 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
12 | # .tfvars files are managed as part of configuration and so should be included in
13 | # version control.
14 | #
15 | # example.tfvars
16 | 
17 | # Ignore override files as they are usually used to override resources locally and so
18 | # are not checked in
19 | override.tf
20 | override.tf.json
21 | *_override.tf
22 | *_override.tf.json
23 | 
24 | # Include override files you do wish to add to version control using negated pattern
25 | #
26 | # !example_override.tf
27 | 
28 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
29 | # example: *tfplan*
30 | 
31 | .DS_Store
32 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Darkbit, LLC
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/lambda/test.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  *  Simple test harness for Lambda handler
 3 |  *
 4 |  *  Run with `node test.js`
 5 |  */
 6 | 
 7 | const { handler } = require('./index')
 8 | 
 9 | /*
10 |  * Sample event message payload
11 |  */
12 | const message = {
13 |   detail: {
14 |     awsRegion: 'us-east-1',
15 |     userAgent: 'aws-cli/1.16.310 Python/3.7.4 Darwin/19.2.0 botocore/1.13.46',
16 |     userIdentity: { arn: 'arn:aws:iam::123456789012:user/brandon.michaels' },
17 |     requestParameters: {
18 |       bucketName: 'secret-9876543210',
19 |     },
20 |     resources: [
21 |       {
22 |         type: 'AWS::S3::Object',
23 |         ARN: 'arn:aws:s3:::exfil-1234567890/file1',
24 |       },
25 |       {
26 |         accountId: '1234567890',
27 |         type: 'AWS::S3::Bucket',
28 |         ARN: 'arn:aws:s3:::exfil-1234567890',
29 |       },
30 |       {
31 |         accountId: '9876543210',
32 |         type: 'AWS::S3::Bucket',
33 |         ARN: 'arn:aws:s3:::secret-9876543210',
34 |       },
35 |       {
36 |         type: 'AWS::S3::Object',
37 |         ARN: 'arn:aws:s3:::secret-9876543210/file1',
38 |       },
39 |     ],
40 |   },
41 | }
42 | 
43 | /*
44 |  * Format a test message with the same shape as an SNS message
45 |  */
46 | const dummy = {
47 |   Records: [
48 |     {
49 |       Sns: {
50 |         Message: JSON.stringify(message),
51 |       },
52 |     },
53 |   ],
54 | }
55 | 
56 | handler(dummy, {})
57 | 


--------------------------------------------------------------------------------
/lambda/index.js:
--------------------------------------------------------------------------------
 1 | 'use strict'
 2 | const { postSlackMessage } = require('./slack')
 3 | 
 4 | exports.handler = (event, {}) => {
 5 |   let details = {}
 6 |   let promises = []
 7 | 
 8 |   // Event contains one or more records from SNS
 9 |   if (event.Records) {
10 |     event.Records.map(record => {
11 |       let message = JSON.parse(record.Sns.Message)
12 | 
13 |       details.resources = message.detail.resources
14 |       details.region = message.detail.awsRegion
15 |       details.bucket = message.detail.requestParameters.bucketName
16 |       details.agent = message.detail.userAgent
17 |       details.user = message.detail.userIdentity.arn
18 | 
19 |       promises.push(this.checkObjectCopyDestination(details))
20 |     })
21 |   }
22 | 
23 |   Promise.all(promises)
24 |     .then(res => {
25 |       res.map(response => console.log(response))
26 |     })
27 |     .catch(err => {
28 |       console.log(`ERROR: ${err}`)
29 |     })
30 | }
31 | 
32 | /*
33 |  * Check copied object destination account
34 |  */
35 | exports.checkObjectCopyDestination = async details => {
36 |   // const validAccounts = ['9876543210', '1234567890']
37 |   const validAccounts = process.env.AUTHORIZED_ACCOUNTS.split(',')
38 |   // compare resources with accountId field
39 |   // check for any unknown or unauthorized accounts
40 |   const unauthorized = !!details.resources
41 |     .filter(resource => resource.accountId)
42 |     .filter(resource => !validAccounts.includes(resource.accountId)).length
43 | 
44 |   // collect object ARNs involved in CopyObject operation
45 |   if (unauthorized) {
46 |     details.objects = details.resources
47 |       .filter(object => object.type === 'AWS::S3::Object')
48 |       .map(object => object.ARN)
49 |   }
50 | 
51 |   return new Promise((resolve, reject) => {
52 |     if (unauthorized) {
53 |       postSlackMessage(details)
54 |         .then(() => {
55 |           resolve('S3 CopyObject is NOT authorized - posted Slack message')
56 |         })
57 |         .catch(err => {
58 |           reject(err)
59 |         })
60 |     } else {
61 |       resolve('S3 CopyObject is authorized')
62 |     }
63 |   })
64 | }
65 | 


--------------------------------------------------------------------------------
/lambda/slack.js:
--------------------------------------------------------------------------------
 1 | 'use strict'
 2 | const https = require('https')
 3 | const url = new URL(process.env.SLACK_WEBHOOK)
 4 | 
 5 | /*
 6 |  * Send a Slack message
 7 |  */
 8 | exports.postSlackMessage = async message => {
 9 |   return new Promise((resolve, reject) => {
10 |     const body = {
11 |       attachments: [
12 |         {
13 |           fallback: 'Unauthorized S3 object copied',
14 |           color: '#9d1111',
15 |           author_name: 'Unauthorized S3 object copied',
16 |           title: message.bucket,
17 |           title_link: `https://s3.console.aws.amazon.com/s3/buckets/${message.bucket}/`,
18 |           text: `S3 object copied to an unknown or unauthorized account.`,
19 |           fields: [
20 |             {
21 |               title: 'Region',
22 |               value: message.region,
23 |               short: false,
24 |             },
25 |             {
26 |               title: 'Initiator',
27 |               value: message.user,
28 |               short: false,
29 |             },
30 |             {
31 |               title: 'Agent',
32 |               value: message.agent,
33 |               short: false,
34 |             },
35 |             {
36 |               title: 'Objects',
37 |               value: message.objects.reverse().join('\n'),
38 |               short: false,
39 |             },
40 |           ],
41 |           footer: 'AWS S3',
42 |           footer_icon:
43 |             'https://user-images.githubusercontent.com/2565382/73571350-40a30580-4466-11ea-81e4-e5a36693f164.png',
44 |           ts: Math.floor(Date.now() / 1000),
45 |         },
46 |       ],
47 |     }
48 |     const data = JSON.stringify(body)
49 |     const options = {
50 |       hostname: url.host,
51 |       path: url.pathname,
52 |       method: 'POST',
53 |       headers: {
54 |         'Content-Type': 'application/json',
55 |         'Content-Length': data.length,
56 |       },
57 |     }
58 | 
59 |     const req = https.request(options, res => {
60 |       res.on('data', () => {
61 |         resolve(res.statusCode)
62 |       })
63 |     })
64 | 
65 |     req.on('error', err => {
66 |       reject(err)
67 |     })
68 | 
69 |     // send the request
70 |     req.write(data)
71 |     req.end()
72 |   })
73 | }
74 | 


--------------------------------------------------------------------------------
/2020-02_s3_dlp_flow.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
3 | <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="591px" height="371px" viewBox="-0.5 -0.5 591 371" style="background-color: rgb(255, 255, 255);"><defs><style type="text/css">@import url(https://fonts.googleapis.com/css?family=Rubik);&#xa;</style></defs><g><rect x="0" y="0" width="590" height="370" fill="#ffffff" stroke="none" pointer-events="all"/><path d="M 328 287.13 L 313.89 289.94 L 305.83 306.75 L 294.62 303.62 L 286.26 294.12 L 283.82 293.65 L 281.04 299.45 L 273.15 297.25 L 267.17 290.46 L 264.64 289.95 L 262.77 293.85 L 258.32 292.61 L 254.06 287.74 L 251.5 287.22 L 251.5 249.53 L 256.03 247.24 L 261.64 248.46 L 261.64 244.41 L 269.43 240.47 L 278.28 243.28 L 278.28 236.04 L 289.73 230.25 L 328 249.35 Z" fill="#d9a741" stroke="none" pointer-events="all"/><path d="M 256.03 288.14 L 251.5 287.22 L 251.5 249.53 L 256.03 247.24 Z M 269.43 290.92 L 261.64 289.36 L 261.64 244.41 L 269.43 240.47 Z M 289.73 294.77 L 278.28 292.58 L 278.28 236.04 L 289.73 230.25 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/><path d="M 262.77 293.85 L 258.32 292.61 L 254.06 287.74 L 256.03 288.14 L 258.67 287.9 Z M 281.04 299.45 L 273.15 297.25 L 267.17 290.46 L 269.43 290.92 L 274.58 290.26 Z M 305.83 306.75 L 294.62 303.62 L 286.26 294.12 L 289.73 294.77 L 296.48 293.44 Z" fill-opacity="0.15" fill="#000000" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 314px; margin-left: 290px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Rubik; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">SNS Topic</div></div></div></foreignObject><text x="290" y="326" fill="#000000" font-family="Rubik" font-size="12px" text-anchor="middle">SNS Topic</text></switch></g><path d="M 305.18 71.56 L 312.14 70.62 L 321.29 81.9 L 321.29 68.59 L 305.18 64.33 Z M 305.18 106.75 L 321.29 102.4 L 321.29 89.28 L 312.14 100.47 L 305.18 99.5 Z M 293.74 132 L 282.3 126.29 L 282.3 118.76 L 273.34 121.73 L 266.27 118.16 L 266.27 113.81 L 260.32 115.23 L 255.5 112.74 L 255.5 58.32 L 260.32 55.82 L 266.27 57.24 L 266.27 52.9 L 273.34 49.27 L 282.3 52.16 L 282.3 44.75 L 293.74 39 L 332 58.3 L 332 112.62 Z" fill="#f58534" stroke="none" pointer-events="all"/><path d="M 321.29 102.4 L 321.29 89.28 L 324.27 85.52 L 321.29 81.9 L 321.29 68.59 L 327.05 67.81 L 327.05 103.27 Z M 305.18 99.5 L 305.18 71.56 L 312.14 70.62 L 312.14 100.47 Z M 282.3 126.29 L 282.3 44.75 L 293.74 39 L 293.74 132 Z M 266.27 118.16 L 266.27 52.9 L 273.34 49.27 L 273.34 121.73 Z M 255.5 112.74 L 255.5 58.32 L 260.32 55.82 L 260.32 115.23 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/><path d="M 305.18 64.33 L 305.18 61.12 L 327.05 67.81 L 321.29 68.59 Z" fill-opacity="0.5" fill="#000000" stroke="none" pointer-events="all"/><path d="M 305.18 106.75 L 321.29 102.4 L 327.05 103.27 L 327.05 103.27 L 305.18 110.05 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 139px; margin-left: 294px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Rubik; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">Lambda</div></div></div></foreignObject><text x="294" y="151" fill="#000000" font-family="Rubik" font-size="12px" text-anchor="middle">Lambda</text></switch></g><path d="M 135 112.58 L 128.82 115.74 L 110.68 111.3 L 110.68 124.9 L 96.76 132 L 82.73 124.9 L 82.73 111.3 L 64.66 115.74 L 58.5 112.6 L 58.5 58.3 L 64.66 55.15 L 82.73 59.51 L 82.73 46.1 L 96.76 39 L 110.68 46.1 L 110.68 59.51 L 128.82 55.13 L 135 58.3 Z" fill="#e05243" stroke="none" pointer-events="all"/><path d="M 64.66 55.15 L 64.66 115.74 L 58.5 112.6 L 58.5 58.3 Z M 96.76 62.48 L 82.73 65.97 L 82.73 46.1 L 96.76 39 Z M 96.76 97.23 L 82.73 95.43 L 82.73 75.56 L 96.76 73.75 Z M 96.76 132 L 82.73 124.9 L 82.73 105.03 L 96.76 108.52 Z M 128.82 115.74 L 110.68 111.3 L 110.68 104.95 L 96.76 102.42 L 96.76 97.23 L 110.68 95.43 L 110.68 75.56 L 96.76 73.75 L 96.76 68.56 L 110.68 65.97 L 110.68 59.51 L 128.82 55.13 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/><path d="M 96.76 68.56 L 82.73 65.97 L 96.76 62.48 L 110.68 65.97 Z" fill-opacity="0.5" fill="#000000" stroke="none" pointer-events="all"/><path d="M 110.68 105.1 L 96.76 108.52 L 82.73 105.03 L 96.76 102.42 Z" fill-opacity="0.5" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 139px; margin-left: 97px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Rubik; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">S3 Buckets</div></div></div></foreignObject><text x="97" y="151" fill="#000000" font-family="Rubik" font-size="12px" text-anchor="middle">S3 Buckets</text></switch></g><path d="M 99.75 315 L 58.5 294.46 L 58.5 285.99 L 66.77 284.78 L 66.77 239.94 L 73.69 237.35 L 77.75 238.27 L 77.75 226.85 L 87.39 222 L 120.36 234.88 L 120.36 271.99 L 129.44 272.01 L 129.44 284.29 L 141 286 L 141 294.44 Z" fill="#759c3e" stroke="none" pointer-events="all"/><path d="M 73.69 287.39 L 66.77 285.31 L 66.77 239.94 L 73.69 237.35 Z M 87.39 291.57 L 77.75 288.7 L 77.75 226.85 L 87.39 222 Z M 99.75 295.24 L 90.91 292.55 L 90.91 273.9 L 99.75 274.82 Z M 99.75 315 L 58.5 294.46 L 58.5 285.99 L 99.75 300.55 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/><path d="M 129.44 272.01 L 99.75 274.82 L 90.91 273.9 L 120.36 271.99 Z M 141 286 L 99.75 300.55 L 58.5 285.99 L 66.77 284.78 L 66.77 285.31 L 73.69 287.39 L 77.75 286.74 L 77.75 288.7 L 87.39 291.57 L 90.91 290.82 L 90.91 292.55 L 99.75 295.24 L 129.44 286.33 L 129.44 284.29 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 322px; margin-left: 100px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Rubik; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">CloudWatch Events</div></div></div></foreignObject><text x="100" y="334" fill="#000000" font-family="Rubik" font-size="12px" text-anchor="middle">CloudWatch Eve...</text></switch></g><image x="459.5" y="51" width="68" height="68" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAYAAADDPmHLAAAaEUlEQVR4Xu1dCXQUVdb+0tnJAiGQhACCgOyCA4M7ioiIuI/6u4KIMvijqLj/joLoqAiKuw4joCgjooIbiKio4wZuDIIKiARkywKBBBKyp//z9VS3VfWqa+tKuhrrnsM52nnrfV+95b57vxcHT/7QGoj7Q/fe6zw8APzBQeABwAPAH1wDf/DuezOAB4CY14APQDaASgAHm7g38QD+BKATgHYAMgEUA9gFYB2AHU1cv+PFx+IMwAE/DcD5AE4H0AFAgqSZMgD/AfA2gNcAFDqksUEAxgE4F0COTpnfAVgEYBaAfQ7V3aTFxBoATgEwA8BAE1qpAvAYgGkADphIr5WkG4CHAFxoMT8H/0EATwGosZi3WZPHCgDYznsATLWhnZ8BnA2gwGJezjDzAbSwmE+e/GtppnJqJoqgKdpZYwEAbONzAMZH0PtSACcA2GiyjNsATDeZ1ijZTgAjAPxolDAaf48FAEwCMFNPOQmZWWioOgh/ne5s+wuAY02szZdLX75mlb6kBKT164ykvFbwpSahvqwS1ZuLUVVQpNfE3wAcDaAkGoOsV6fbAdAdAKdw7r4VktKpOzqOn4zMo09BfGoa4PejautGlLz9IorfmBX4fw3h5uxaHYVwb/ElgGR1msS2mci74mS0PKkPfMmJQhG1xWXYvWgl9i5bDX9Do1YVXwDgHqbeTSBwOwC4k79IrbC8iyegw/jJ8CWnaOrywNpVKLjvr6gp3Kb+ewOAIwGs18hIXXwlzRKKP7ca3BsdJp0DX4o48OpyqjYVYut9C1FXqrnvvAbAHA8A5jSQKx3jFCDNHn4Ruk553rCEg5vW4aerT4G/QfjgHgfAZUUtf5GOcIrfs4b1R8dJ58DKrUnd7nJsunFOYHlQCfcDnNWa2l5hqJ9gAjfPAFcDmC3vSWJ2Lo6cvwpc883IrhemY8dsnsYUsgVAVwDqNYJT//HylKld89Bt5ljEJQorkGH1lT9vx+ZbX9RKNxbAC4YFNFMCNwNgLoCr5HrIH3MbOoz7m2nVNFTsx+qRXbRmgXyVkYhWPX6dCn10mTYK6f06m65PnXDb9DdR9qmw+X9HMijZLtfJjG4GwPuSpS/U3x4zF6HlMada6v+PYwaDy4FK/gzge9lvtPL9U54mpVMOuj8XyckTOLhxJ36dRBwrpFoyXbtiGXAzAL4BQBNsSPo8vwJpvc0YAX/Ps/GWC1G+6iP1IJwJ4D3Zj48CuFmeKOfiE5F3JTftEYjfj58vf0xrL9ALwIYISnYsq5sBsBTASHlPu89YiFbH0/xvXn657WKUfbVcnYGWwSWyH18BcKk8Ucdbz0PWUB4YIpPNt89D5Y/CaWQogE8iK9mZ3G4GAKdkTs0haXfZRHS87n5LPTcJgBUAOCgh6fLAFUj/0+GW6tJKvO2hRSj7nKYMhRBsr0ZcuAMFuBkAgkUuPj0TR768Ckk53MOZE5MA+BTAyQoATBuN9H689Y1Mts14C2WfCHuQUXrWxshqtJbbzQDgWY+m0+BVb6Bn3AT2ePQNIM5c0z0A6APCnBatgcrJ1LT40HqmkNZDz0PnWx9FQkv6geiLB4DYBkB7AJsApKq7kdg6B/mjbw7MCEl5HeFL0jYLewCIbQCw9ZcB+JfRl27x7+pTgLcHsKjA5k5OZ5D7HKzUA4CkTLfvAeRjThv6PwAYX8kZI4XGhA9kybwZwFhnrkjRW/K1o3OmXakAQAM/vYSC4gHArjajlK8PgPOku4LDANAwYGZmoEvYTQB4zyAXDwBRGki3VOsBwC0jEaV2eACIQPF5APpL0zD/W/Cni6BsM1np2MH1nK7XdL5kYAhdv6yIBwAr2gKQIV3UXADgOLUjhcWynE7OUC06XdCK+K3Jwj0AmFQUN1r0kpgMoK3JPNFM9jqAuwD8atAIDwAmRomG9zcADDGR1k1J6Jl5BYC3dBrlAcBgxOhEScNJFzeNrMW23C7FFWpl8wCgo8xWAFYB6BEuTWqXXkjr0R+J2XlhL2UsDpbp5H5/I+rL96Jm12848J/P0VhDl7uwQh8Dev+oJVYAwEsxhj9pRp6YVposoZEpmH+na9YZQuE+H9qOvAztrpiElI6cIKIvjdVVKF2xGDtnP4jaEjr5CkLlMUZQ7hDKRG4EAHV/khRcOgwADV7cfDPQgSce9oHLGv+V29W+EQAYFs2NlEJ4D3/EQ/OR0Z8HAPdJY9VBFDw4AXs/1lz2OZvR/18eF+A2AAyWglMZy2gkDEV/AMDTdkLR9QDAHf9PAI6QtyA+vSX6PP8RUg5T/GzUyOb/u9+PggcmYM+yBVp1MwroTdkf3AIAjgcDH6w5Pv63IwQ2Q9p1o1TVytADAAtbrM7Q49HX0fJYEnS4Xxgt/NO4YVpxAYwB5FIQFDcAwIkweLofc3bTXP+0RkwPAIxrulKeqdVxw9H9EcZrxo7s//4zbLjhHHWDOf3zAin4tbgBALcAeERPs3FJCfDXGgYXrwbAJcRU4Ek4AJCHhw6ZCqc7O5E5boDKulHHoapACAimy3kw9jDaAGCgCGPIqHeFJOe3Ru6oIcgY2BXx6Snw1zeianMhSt/9Fvs+FryNg3lJbnGHGd2HAwCJkGhSDQlj8Acs24K4xCQz5boqzY5Z92PXSwz+UQh/uFX6JdoA4H6E19sKaXPu0cgbM1STj4AJ96/6BTueeBf15cLHzrMwo5C3Gw1EOAAcJV2qhPK36NYXfeeR4yD2ZM/7r6LgfoEXgvYA2gUo0QRARwBC6FDWqf3Q8RZjv5eKtb+h4M6XtAaFfEr3Go1WOAAMB6CIp8ocNAQ9H9ezphpVFb2/l3+9Ahtv5r2VQj4EwH5GGwDXS2xiocYlZmeg+z+uRXyatqezuiO7Zi3HnrcZSqmQNRKnoa7iwwGA0bOKmzRa+vrM/Xf0RjGCmks/eB2bpyqizFjaQgCXuAAAbMf/yLuXN2oIci7lPs6ckI1k/SjyXghCIktdirxwAGC8PNkvQ8Lz/4BlBYjzWSdLMNeNpku184WHsXM26f4UQg7BYERwNJeAzwGcKG9ZFxthaRvGPo3aIoGbkuZ7kmOFlXAA4CizNJoeQ9Lr2WWutf7pdfKna4aicj1PRwrh1PuM9EvTBYdOW4yyz2hPUwhjHYIWKg6QwqrWY9b/IrljG0tfxK83z8XBDcLxn7YO2jwsA4AZhKkpe9gF6DrVVRxHhkriwBMAGkLPYHoQUTgYweUg8MNht5+PVkP6GpZvlIAbNG7UVEKWi4+l3+iroLhM6Tn7OiTltzYqWvH3MDMATwKMrLIFAM2InN7//BDpfRS8DZYa2pyJ/Y0N2DDxbBxYI3wEdBsbIGuLQBCRe+ngwPk7IvED60c/rsUYJieIiBgAdXv2Y/3oJ7SayhmcbvC2AECKVE5PjM8LSVLbdugz55PA1a/bZfuzU1D4L03FqIma6OXEoJOQkCDqiKeEjaOlLlf9WohNNyh4rpifN5L8vIOH94gBsPPZZShdQp5qhXDNM6RTMboNFJi6WEVy+8PRffoCpHbuaUkhzZWY1HDbn74bRa8pxjRYPS1utHPIHUcJcoHqveuMMUjrw2O6Pdk+8x3s++gHdWZer58l+zEiAFSs2YKCu0hpLMgUM+F0RgDgZpD0aceoi/elpCLv0olod8l14AnBFeL3o/y7T7HjuXtRuVFQPJtIRwreZAXXX3mzSexMOteQtOiRj64zrkJcgmChNewuCSM33TRbJKMD/io5rAbLsA2A8i83YOdTS1G/X7AEkimdTOeKk5xWo40AwDw8EtImoFgKgoXFJSQic+BJSOveH4ltcuFLFiK5DZUVSQJ/Iz2CSgMeQeVff4TaEt0+kyBS88AscQQJ3kLZZw5E+wkjLRFF1u+rCBBFcm1WCc3rHBj5umwJAI3VdeDSUrr0O5T9WzhdBKsjOaIpPj0zAGCh3DDRMmjtbBLJyDqfl5sBAkCTRFi6iKE5TVg3s07rjw7Xn2mKMLL6txJsnboQtUV8u0KQCRLzufwPAgBISA2fxtA0+tFofBvIPpDuRtc3LvQBW9Azj030t4+cOstCpQ4k5Vp/A4BnTZRFF6fP1LQ0zMdbOdLGZR7XU3NJIC3s7sUrAyZZf51mXApnUZ7L61TtEABgop3hkmyV/AFMv09gdgYIVpgu+dnzSzJnqI6gNw5k5fmP9+z0ljErpKQJS0ZM+zzZw0gXH5+ajLp9FajeUgxSw4adW/67FvPsrLU+8Z7aid00LYq88NhttqNMZxUAwbK5H6Bi6VoVOZWWlRYbp60FQGZIDiLfDgo35euVxJs0Br84IfSroFOtYIqUCuc5kactu8IBZ3tJq6eeXQzLtAsA+RLCIxVf0qKHDTeM0YgN3COLDSQBo7D7MtSEmIDBJBycSPrDowjvdAVToKw67qvmSaHuZi5auLZzJgl6Bb9rdOGj1/dIAWBDrzGVhbZgeteIbvH63WA0Eh+3oouXwBkfJis9bYy8bTib8cxnZ1bTrNYDgDk80ibMvQE5hhkoE054LqPTBF8LU3hUmaum+VN5ALCmc7rK01jEExH3QbSAccfNa7i1ADZbKy76qWMVADSm9JMGgZcSXPM5CDwG0aJneTMU/aGITgtiCQB8QmaiFPxAsqhwQgsMqeB5CqCjhyc6GogFAKQB4Dt+9ODlf1uRZQAYFezEm32c8um5yw1h8O1gY65aK601l5bHXMYz8CTAoyX3HPTV4++WxSkAcG1kHBsdGzglGxmJaAvnVyrwqKt6QEXT+sjp3q7w+pXnbLtso7R88vlZxdsFdhvTRPn2AnhY2nzyIsi0RAoARqySxZMWKHMvOf3eNK7TVKrwnIeUhDZ5fsFOMZGYcpOWaY4g5sURb+8i1ZPpAYkwIa+0CXY5CaZukXY7xnyMPOGds9HXrtcAXjDxWVW1cLql7ZyGJUF8iMOfk9uiV1IrtPGloNJfj+31Ffi8ugj7G3VnQnk0kF67WC+DNYRr8AgHqDmy88qbzq5PmrEX2AEALWOMRFC4MtvsGS1ltCTKhcsJbfh0TVdIUpwPYzN6YlxGT2THi7ir9zdiedUOPFL2A7bUa3pDc9bhTdlKnfbSMseTRCyzobB7d0th447OAAQMn8EaY3PA1dm0AMAr06C3bij9YQnpmN32ZHRPNHY+qfU34m97v8HrlZoPhtOEyrO8FssGwcfpU9MZsHNeEi4emoVTB2SgU24SsjITNG9tHdKNZjE1tX4U7avD2s1VWLKyHG9/UY76hrCGQXUYvFCm1RlA00WMpab7EjE4JQ+dEjKQEieatEsaqvBKhUDWpQYAnRiZiLGJIWkX3wLv5I1AW42vPpyyqZJ79n6L+RWaTrHh3uxhKBWXNYUkJ8Vh6lX5uHJEayTGW1VZU8IB2FJYiztm7cTHqzVnPJqh6XIe9nrYSm94FczB4XlcIRekdcGUrAHI9IU3Zf9cuw8ji7inU4gaAML7fWzg23kj0C/Jmps0a+GScEHxh/ihVs4LHaifThPq9Z3rPvtHZ9iQZGcmYOG9h+Oobs3r6WQFNg2NfkyeU4hZ7/JOTBDdB7OtAECIYWNVk7MGYmxGWP6oUGtMAkB4Ku7CtC54JNsMU4q2yr6t2Y2LihkGKAg3mvL7edrv2ceQ8Gt/84EuOLa3VfODleFzJi0fSx83Yxve+kLwRKJ3CgdI00xtBQBC9MxJKe0wL+cUU2ckEwDgl8doJMU0siRvBPra+PrlauXMw/pVQlfw4GuhfJiK06TC5e3GC3Nwz2j3u78H+7X/YAMGjtuAfQcEj6T/k2wZAtrMAoAK4j20YnFf3m4keiTqXY79Xp8JADBYQmEYyo1Pxar255sCmN53NLN8LZ4sF4yBcn4AngwUZuMWKT6se6EXWqaZuaJ35it2opQnF+3GffOEJZ8eUZqMXmYBIPjN8xj2Xfu/mB4cEwBguJTCKHRcSi4W5Fh7K1hLiW9VbsVNpUJ0EMPBGP0UWMkkr5pQ9nNPaIk5d7jN2ckYIttKajHgGs1XabmJERxFzQKApliFoz2/fM4AZmVt7V6cU6R+pyFgyw564XJnrnDLPqtFJzzdRs7lZLY2ZbovqotwRYkQCsAfgujiRokWv5A8PL49rj4zGqZ+e32U5yIACASV0EwvnIvNAqCDmm6kTXwKvrUwA3xUtRPX7Bb4BYiIoLcNXbBeljf6vLTOeDybpFeRyarqYlxSwi2MQtiY4HmfblXyaB3Mv7szRhzN8PrYk7Pu3IxVPwuOSCSdpOOoQswCgAYSXjIoFsQP2p1pyjDDGu/btxpzDwhTE0ONgw9DRhMAwunjlXs6Y/ig2ATAOXdtxlc/CgDgU+jC9bhZAHAMBRKFU1LzMbftEMN9AM2yZxS+h2q/sDvloAdv6aIJAMEz99EJ7XHliNhcAgaN3xAwEKlEM1TcCgBu1AqreqD1IFyeHp41tMbfgMtKVuD7GsFIQbs8jUrB81k0AcA3CXmrGRKafJ+5yX5gaLQWjuJ9deg7Zj1oF1AJDXnCtGAFADTT0pggXM9ekt4Vd7caEDAHy2VNbSluKV2JzXWaXtq8rSKoghJNAPBGUmGmbJUeHzgGpiZbDwyN1uCz3tlLS3HnLIEpROvOJdBMKwBgeu6UuWMWpKUvCUNS89EhPg386tfV7sU3NSXh/Jf51dM6JY9iiSYAaHxiWxSL/uQr2+GGC5xyR2h6WFTXNmLQ+I0oLBVcIsP6QlgFANPzKpiDZVe4EeDLnepteTQBwL68oL7lpDFo+Yxu6NUpEpcHu2qyno+XQnOWCvceLIheTZpucVYBwMJoUHgVgEDAa6LJ3JnwRlGL0SDaAOD9P48pinXssJwkLP57F/Aq2K3C9f7pN3dj6oual34cK9pYNMUOAFgQF0ZumhiDbubFTubZIjFzhnPGiDYA2EaGkDOSWCFZGfF4YmJHnHFMJuLsaqyJ0LP3QAOmzN2FBSuEuw7WyLWAJvaw8QqRdudwyYxKx4Nwh2Z+VeRq4T86aIYTNwCAO2Xy4fIdREGO7tkCl53WOuAQktc6MWpgqK3zY21BFZauLMe89/eCl0BhRH7h5egMoC6M8yNttpxGeX1Go1HwWRNdokJZQW4AAJvDCwD6CyicUoQOJ8QhKyMBvmY+JHCjp3HbpzW4fEGEcRS6EukMYFS+lb+7BQBsM08oNA+7/FmUsOplYCqvgA1fUPUAEB6idHPn3QQDQmNF6BdGpxZN+nCtTngAMB5asooxRFztvWycs/lScLP3HIC/NxdDSFN0zU1LgLp//FDops53lIKhYVYDYZzUWfDpODKeMn5hCQBNh0CjSr0ZwEhD4f9O6xBvi5pbhzxJ0drjyOORzd14PXW7eQawDxOX5/QAoD1A9HvgcdZIP1x7OfUa7rbdigOjDjZnu90yA1wkXXiZXeM5+AzKpD8j12N6OcUMIDwAKCHOQeddaiRRIKSKYeCs4ADZnF+T2bo8ACg1xYd6yBTqhJBTgHcljmzWnGiQZwdQakDuFBr8C51EyTPolPDWc7SZMG2nKrRajjcDKDUmACApIQ7ZLRkXIwovZUr3Gz7lypgDO49BWx1LW+k9ABgA4Pi+aXjnQcWTPoocVTWN+OyHCjw4vwg/bdUk6KZ3Hq2I3Bu4TjwARAiAYPbaej9mLCjGY6+TGlgQ+huaj6JpRph4AHAIAMFiJj2zAy8vJ2eTIPSdII+hq8QDgMMAqKhqxOCJv2C7GJpFD2h6QrtKPAA4DAAW98QbJbj/JVL5KeQ1ABe7avRNmDqbs71NFhxK9rBRYnAovZKHqToonAKMNoFaCmJcHuPzVEJXM/MPAjeT5t00A/B5T4Wr+DHJOViYqx4j65pZXLkFN5cKvqjy5+ODhQqGIPoBvjed1MTmZcO2apx4veAJx5dB9ChuzVfgYEo3AUAgiGAE8jftzwd5ASORGWU/4Jn9wgtbcoKIYPF0AVOMHN3CV8+29qLLl+sqcO7fhEhsLcNTJN1yJG9kmnWkCaFCSBHD7bPihY638k7HUUmRBWmeXvgeNtYJ3DlapJEkAxKeWl0zpxc6tDXr/Q5MX1Ac+KcSOSGFs5qLoDQ3AYDdIC/w2fL+nJvWGU9EwBHwZXURLhfXfxpn+MSNsFOTGEoVJJWjhrfGY9eTIsFY9pTX44Trf0FpuWAhNHTRNi7d+RRuA8BVEhGloqdv5J4WoIa1KiSMPK94uRZBFPliwlGP8AKHvnUKeXXK4Rg2kPGx4YUROldN+y1A4KghBJzp59ys9tVuercBgMsAmR2prJBwL/BO7unITzBP19YIP24r/RqLtNlC9Rg06QhCvkBFZZkt4jFtfD4uGpKlGRBSXtmAu57fhYUfa0bouHL6p4LdBgC2SfPdPjKGPd/2ZFOEkQf99bitdBWWHtym9WHwOMCvX+/hpbDPxpE1ZOwZ2ejfLRUExc49tfh0TUXABKwRlcv6DcOz7H69TuRzIwB49UY2EmGKTkAcLknvhmsze6ODxmxQ5a/HkoPbMLNsLQobhAeVqS86VLJc8gXrCTei9PA50QElqx+LdqBI54pwIwDYO4ZlkS6e7xFoSu+kLPRKzEJOfAoONNYF6OK/rinRoqGR579czUSmo0puOkiqZEyDGr4QxhPQO8i14lYAUGF8s49uVZqvltvQKJ+d4Tt+VoQuYjThWrVG0SeQtn+B9dxK5c2R1s0AYP+deLiBvDh0OOXbOnaESxK9esgjZAaMvPplXJ6CV9FOxc2Rx+0AoA64HjPejcczs566Qd3x673Loff8GAgyXHo4iuSWPKkwJJ62hO0AyEhNkMXEwAcVFAsACLaVg09jCo9wfIk7nNAEx0ejSf3GfYQnOhqIJQDIu0GzHPcI/ApJNUcaMhpZ+Ejzmljyy482OmMVANHW2yFTvweAQ2Yo7XXEA4A9vR0yuTwAHDJDaa8jHgDs6e2QyeUB4JAZSnsd+X/q0gf5r+K75QAAAABJRU5ErkJggg==" preserveAspectRatio="none"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 127px; margin-left: 494px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; "><div style="display: inline-block; font-size: 12px; font-family: Rubik; color: #000000; line-height: 1.2; pointer-events: all; background-color: #ffffff; white-space: nowrap; ">Slack Channel</div></div></div></foreignObject><text x="494" y="139" fill="#000000" font-family="Rubik" font-size="12px" text-anchor="middle">Slack Chann...</text></switch></g><path d="M 100 160 L 100 199.9" fill="none" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 100 206.65 L 95.5 197.65 L 100 199.9 L 104.5 197.65 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 141 268.94 L 229.9 269.89" fill="none" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 236.65 269.96 L 227.6 274.37 L 229.9 269.89 L 227.69 265.37 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 290 220 L 290 180.1" fill="none" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 290 173.35 L 294.5 182.35 L 290 180.1 L 285.5 182.35 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 350 90 L 409.9 90" fill="none" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 416.65 90 L 407.65 94.5 L 409.9 90 L 407.65 85.5 Z" fill="#6c8ebf" stroke="#6c8ebf" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://desk.draw.io/support/solutions/articles/16000042487" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Viewer does not support full SVG 1.1</text></a></switch></svg>


--------------------------------------------------------------------------------