in solution/compliance/3.4-sub-resource-changes/python_script/subscription.py [0:0]
def pipeline():
global event_bridge_rule_name, log_account_put_events_policy,region_id
global log_archive_uid,member_uid,member_uid_role_name
global sec_group_id,vswitch,vpc,fc_role,srv_name
global fc_name,code_oss_bucket_name,code_oss_object_name
global mysql_endpoint,mysql_port,mysql_dbname,mysql_password,mysql_user
rdMaster = ResourceManage(master_account_access_key, master_account_secret_key, region_id)
# 1、先在日志账号添加角色,信任策略为成员账号 [参数:日志账号]
(sts_ak, sts_sk, sts_token) = rdMaster.AssumeRole(log_archive_uid)
ram = RAM(sts_ak, sts_sk, sts_token, region_id)
ConsoleClient.log("【第一步】日志账号中配置事件总线跨账号路由所需要的角色")
ram.CreateRole(member_uid_role_name, "账号投递的角色", member_uid)
ram.AttachPolicyToRole(log_account_put_events_policy, member_uid_role_name, "System")
# 2、在日志账号中完成函数计算配置 - 配置服务
args = FCConfig(
access_key=sts_ak,
sk=sts_sk,
sts=sts_token,
account=log_archive_uid,
sec_group_id=sec_group_id,
vswitch=vswitch,
vpc=vpc,
fc_role=fc_role,
srv_name=srv_name,
fc_name=fc_name,
code_oss_bucket_name=code_oss_bucket_name,
code_oss_object_name=code_oss_object_name,
mysql_endpoint=mysql_endpoint,
mysql_port=mysql_port,
mysql_user=mysql_user,
mysql_password=mysql_password,
mysql_dbname=mysql_dbname,
)
ConsoleClient.log("【第二步】日志账号中配置函数计算服务")
# Fc.createService(args)
# 3、在日志账号中完成函数计算配置- 配置函数
ConsoleClient.log("【第三步】日志账号中配置函数计算服务,定义函数配置")
Fc.createFunction(args)
# 4、对成员账号配置SLR [参数:成员账号的UID]
(sts_ak, sts_sk, sts_token) = rdMaster.AssumeRole(member_uid)
ram = RAM(sts_ak, sts_sk, sts_token, region_id)
ConsoleClient.log("【第四步】成员账号中配置事件总线所需要用到的SLR")
ram.CreateServiceLinkedRole("source-actiontrail.eventbridge.aliyuncs.com")
# 5、对成员账号配置事件总线
ConsoleClient.log("【第五步】成员账号中配置事件总线:配置规则过滤及事件投递目标")
client = EventBridge.createClient(sts_ak, sts_sk, sts_token, member_uid)
EventBridge.createEventRule(client, log_archive_uid, member_uid_role_name, event_bridge_rule_name)