def is_ct_account()

in src/securityhub_enabler.py [0:0]

• 14 lines of code
• 7 McCabe index (conditional complexity)

def is_ct_account(account_id, org_client):
    # Find Account OU to Test for CT Policies
    parent = org_client.list_parents(
        ChildId=account_id
    )['Parents'][0]
    # enumerate policies for the account so we can look for Control
            # Tower SCPs
    policies = org_client.list_policies_for_target(
        TargetId=parent['Id'],
        Filter="SERVICE_CONTROL_POLICY"
    )
    for policy in policies['Policies']:
        if policy['Name'][:15] == 'aws-guardrails-':
            # Found a CT account
            return True
    if parent['Type'] != 'ROOT':
        return is_ct_account(parent['Id'], org_client)
    return False