def main()

in pyqldbsamples/export_journal.py [0:0]

• 18 lines of code
• 4 McCabe index (conditional complexity)

def main(ledger_name=Constants.LEDGER_NAME):
    """
    Export a journal to S3.

    This code requires an S3 bucket. You can provide the name of an S3 bucket that
    you wish to use via the arguments (args[0]). The code will check if the bucket
    exists and create it if not. If you don't provide a bucket name, the code will
    create a unique bucket for the purposes of this tutorial.

    Optionally, you can provide an IAM role ARN to use for the journal export via
    the arguments (args[1]). Otherwise, the code will create and use a role named
    "QLDBTutorialJournalExportRole".

    S3 Export Encryption:
    Optionally, you can provide a KMS key ARN to use for S3-KMS encryption, via
    the arguments (args[2]). The tutorial code will fail if you provide a KMS key
    ARN that doesn't exist.

    If KMS Key ARN is not provided, the Tutorial Code will use
    SSE-S3 for the S3 Export.

    If provided, the target KMS Key is expected to have at least the following
    KeyPolicy:
    -------------
    CustomCmkForQLDBExportEncryption:
       Type: AWS::KMS::Key
       Properties:
         KeyUsage: ENCRYPT_DECRYPT
         KeyPolicy:
           Version: "2012-10-17"
           Id: key-default-1
           Statement:
           - Sid: Grant Permissions for QLDB to use the key
             Effect: Allow
             Principal:
               Service: qldb.amazonaws.com
             Action:
               - kms:Encrypt
               - kms:GenerateDataKey
             # In a key policy, you use "*" for the resource, which means "this CMK."
             # A key policy applies only to the CMK it is attached to.
             Resource: '*'
    -------------
    Please see the KMS key policy developer guide here:
    https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html
    """
    s3_resource = resource('s3')
    sts = client('sts')

    kms_arn = None
    role_arn = None

    if len(argv) >= 2:
        s3_bucket_name = argv[1]
        if len(argv) >= 3:
            role_arn = argv[2]
        if len(argv) == 4:
            kms_arn = argv[3]
    else:
        identity = sts.get_caller_identity()
        s3_bucket_name = "{}-{}".format(Constants.JOURNAL_EXPORT_S3_BUCKET_NAME_PREFIX, identity['Account'])

    create_s3_bucket_if_not_exists(s3_bucket_name, s3_resource)

    s3_encryption_config = set_up_s3_encryption_configuration(kms_arn)

    return create_export_and_wait_for_completion(ledger_name, s3_bucket_name, ledger_name + '/',
                                                 s3_encryption_config, role_arn)