in rules/customer-fc/aggregate-ram-role-last-login-expired-check-v2.py [0:0]
def handler(event, context):
evt = validate_event(event)
if not evt:
return None
rule_parameters = evt.get('ruleParameters')
result_token = evt.get('resultToken')
ordering_timestamp = evt.get('orderingTimestamp')
invoking_event = evt.get('invokingEvent')
configuration_item = invoking_event.get('configurationItem')
account_id = configuration_item.get('accountId')
resource_id = configuration_item.get('resourceId')
resource_name = configuration_item.get('resourceName')
resource_type = configuration_item.get('resourceType')
region_id = configuration_item.get('regionId')
if filter_configuration_item(configuration_item):
logger.info('filter hit resource {} {}.'.format(resource_id, resource_name))
compliance_type = COMPLIANCE_TYPE_IGNORED
annotation = "filter ignored."
else:
logger.info('evaluate resource {} {}.'.format(resource_id, resource_name))
compliance_type, annotation = evaluate_configuration_item(context, rule_parameters, configuration_item)
evaluations = [
{
'accountId': account_id,
'complianceResourceId': resource_id,
'complianceResourceType': resource_type,
'complianceRegionId': region_id,
'orderingTimestamp': ordering_timestamp,
'complianceType': compliance_type,
'annotation': annotation
}
]
put_evaluations(context, result_token, evaluations)
return evaluations