in AccountCreationLambda.py [0:0]
def create_iam_role_from_cloud_formation(credentials, external_id, template,
stackname, stackregion, billingbucket, cloudtrailbucket, curbucket):
""" Creates IAM role using information from CloudFormation """
# session = boto3.Session(profile_name=profile_name)
cloudformation = boto3.client('cloudformation',
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'],
region_name=stackregion)
# cloudformation = session.client(service_name="cloudformation", region_name="us-east-1")
cloudformation_output = cloudformation.create_stack(StackName=stackname,
TemplateURL="https://s3.amazonaws.com/cf-cc-4172017/cc_aws_cfn_iam_stack.template.json",
Capabilities=["CAPABILITY_IAM"],
Parameters=[
{
"ParameterKey": "ExternalId",
"ParameterValue": external_id
},
{
"ParameterKey": "BillingBucket",
"ParameterValue": billingbucket
},
{
"ParameterKey": "CloudTrailBucket",
"ParameterValue": cloudtrailbucket
},
{
"ParameterKey": "CurBucket",
"ParameterValue": curbucket
}
])
print(cloudformation_output)
stackid = None
if "StackId" in cloudformation_output:
stackid = cloudformation_output["StackId"]
else:
print("Was not able to create role")
return None
# wait thirty seconds to complete the stack creation process
print("Built in wait of 30 seconds to allow stack to be created")
time.sleep(30)
rolearn = get_role_arn_from_stack(cloudformation, stackid)
return rolearn