def lambda_handler()

in aws-cloudknox-controltower/lambda/CloudKnox_TriggerLifecycleEvent.py [0:0]

• 69 lines of code
• 14 McCabe index (conditional complexity)

def lambda_handler(event, context):
    """Handle new account create."""

    try:
        secret_list = json.loads(get_secret_value('CloudKnoxSecretString'))
        service_id=""
        api_id=""
        access_key=""
        secret_key=""
        url=""

        service_id_key='serviceId'
        api_id_key='apiId'
        access_key_key='accessKey'
        secret_key_key='secretKey'
        url_key='url'

        if service_id_key in secret_list:
            service_id = secret_list[service_id_key]
        if api_id_key in secret_list:
            api_id = secret_list[api_id_key]
        if access_key_key in secret_list:
            access_key = secret_list[access_key_key]
        if secret_key_key in secret_list:
            secret_key = secret_list[secret_key_key]
        if url_key in secret_list:
            url = secret_list[url_key]

        millis = int(round(time.time() * 1000))
        timestamp = str(millis)

        access_token = get_access_token(service_id,timestamp,access_key,secret_key,url,443)
        print('accessToken is: ' + access_token)

        cloudknox_sentry_account_id = os.environ['CloudKnoxSentryAccountId']
        event_details = event['detail']
        region_name = event_details['awsRegion']
        event_name = event_details['eventName']
        srv_event_details = event_details['serviceEventDetails']
        if event_name == 'CreateManagedAccount' or event_name == 'UpdateManagedAccount':
            new_acc_info = {}
            logger.info('Event Processed Sucessfully')
            if event_name == 'CreateManagedAccount':
                new_acc_info = srv_event_details['createManagedAccountStatus']
            if event_name == 'UpdateManagedAccount':
                new_acc_info = srv_event_details['updateManagedAccountStatus']
            cmd_status = new_acc_info['state']
            if cmd_status == 'SUCCEEDED':
                acc_id = new_acc_info['account']['accountId']
                cloudformation = boto3.client('cloudformation')
                for item in stackset_list:
                    try:
                        print('ctlambda-apiId: '+ api_id )
                        print('ctlambda-eventName: ' + event_name)
                        print('ctlambda-accessToken: '+ access_token )
                        print('ctlambda-serviceId: '+ service_id )
                        print('ctlambda-timestamp: '+ timestamp )
                        print('ctlambda-url: ' + url)
                        print('ctlambda-CloudKnoxSentryAccountId: ' + cloudknox_sentry_account_id)
                        print('ctlambda-regionName: ' + region_name)
                        print('ctlambda-StackSetName: ' + item)
                        print('ctlambda-accId: ' + acc_id)
                        cloudformation.create_stack_instances(StackSetName=item,
    							  Accounts=[acc_id], Regions=[region_name])
                        logger.info('Processed %s Sucessfully', item)
                        add_cloudknox_account(api_id, access_token, service_id, timestamp, url,
    					cloudknox_sentry_account_id, acc_id, 443)
                    except Exception as e:
                        logger.error('Unable to launch in:%s, REASON: %s', item, e)
            else:
                logger.info('Unsucessful Event Received. SKIPPING :%s', event)
                return False
        else:
            logger.info('Control Tower Event Captured :%s', event)
    except Exception as e:
        logger.error('Unexpected Error: %s', e)