in AWSConfig/AWS-Config-OPA/lambda_sources/function/opa_lambda.py [0:0]
def lambda_handler(event, context):
try:
logger.debug('Lambda event: {}'.format(event))
config = Config(event)
logger.info('Config input processed')
input_file = get_tempfile(json.dumps(config.config_item))
logger.info('OPA input file created')
logger.debug('Name of the input file is: {}'.format(input_file.name))
policy_file = get_tempfile(download_s3_obj(
config.input_parameters['ASSETS_BUCKET'],
config.input_parameters['REGO_POLICIES_PREFIX'],
config.input_parameters['REGO_POLICY_KEY']
))
logger.info('OPA policy file created')
logger.debug('Name of the policy file is: {}'.format(policy_file.name))
opa = Opa(
input_file.name,
config.input_parameters['OPA_POLICY_PACKAGE_NAME'],
config.input_parameters['OPA_POLICY_RULE_TO_EVAL']
)
config.set_compliance(opa.eval_compliance(policy_file.name))
finally:
try:
input_file.close()
policy_file.close()
except UnboundLocalError as e:
logger.error(
'Tempfiles not created. Nothing to close. Error: {}'.format(e)
)
else:
logger.info("Temp files have been closed")