def lambda_handler()

in scripts/s3_block_public_access.py [0:0]

• 33 lines of code
• 1 McCabe index (conditional complexity)

def lambda_handler(event, context):
    logging.info(f"log_level: {log_level}")

    logging.info(json.dumps(event))
    status = event['detail']['serviceEventDetails']['createAccountStatus']
    account_id = status['accountId']
    boto3_config = Config(
        retries={
            'max_attempts': 10,
            'mode': 'standard'
        }
    )
    sts_client = boto3.client('sts', config=boto3_config)
    role_object = sts_client.assume_role(
        RoleArn=f"arn:aws:iam::{account_id}:role/{ROLE_NAME}",
        RoleSessionName="SetupBlockPublicAccess"
    )
    credentials = role_object['Credentials']
    session = boto3.Session(
        aws_access_key_id=credentials['AccessKeyId'],
        aws_secret_access_key=credentials['SecretAccessKey'],
        aws_session_token=credentials['SessionToken'],
    )
  
    s3ctl_client = session.client('s3control', config=boto3_config)
    response = s3ctl_client.put_public_access_block(
        AccountId=account_id,
        PublicAccessBlockConfiguration={
            'BlockPublicAcls': True,
            'IgnorePublicAcls': True,
            'BlockPublicPolicy': True,
            'RestrictPublicBuckets': True
        }
    )
    logging.debug(json.dumps(response))