def get_ct_regions()

in src/securityhub_enabler.py [0:0]

• 13 lines of code
• 3 McCabe index (conditional complexity)

def get_ct_regions(ct_session):
    # This is a hack to find the control tower supported regions, as there
    # is no API for it right now it enumerates the
    # AWSControlTowerBP-BASELINE-CLOUDWATCH CloudFormation StackSet and finds
    # what regions it has deployed stacks too.
    # It doesn't have to evaluate enabled_regions as only enabled regions
    # will/can have stacks deployed
    # TODO this only works if the SecurityHub Enabler stack is deployed in the
    # Control Tower installation region!  Otherwise defaults to initial Control
    # Tower regions.
    cf = ct_session.client('cloudformation')
    region_set = set()
    try:
        stacks = cf.list_stack_instances(
            StackSetName='AWSControlTowerBP-BASELINE-CLOUDWATCH')
        for stack in stacks['Summaries']:
            region_set.add(stack['Region'])
    except Exception as e:
        LOGGER.warning('Control Tower StackSet not found in this region')
        region_set = {'us-east-1', 'us-west-2', 'eu-west-1', 'eu-central-1'}
    LOGGER.info(f"Control Tower Regions: {list(region_set)}")
    return list(region_set)