in AWSConfig/AWS-Config-OPA/lambda_sources/function/opa_lambda.py [0:0]
def set_compliance(self, compliance) -> None:
evaluation = {
'Annotation': 'Setting compliance based on OPA policy evaluation.\n',
'ComplianceResourceType': self.config_item['resourceType'],
'ComplianceResourceId': self.config_item['resourceId'],
'OrderingTimestamp': self.config_item['configurationItemCaptureTime']
}
if self.resource_status == 'ResourceDeleted':
evaluation['ComplianceType'] = 'NOT_APPLICABLE'
msg = 'Resource {} is deleted, setting Compliance Status to ' \
'NOT_APPLICABLE.'.format(self.resource_id)
logger.info(msg)
evaluation['Annotation'] += msg
elif compliance:
evaluation['ComplianceType'] = 'COMPLIANT'
msg = 'Resource {} is compliant'.format(self.resource_id)
logger.info(msg)
evaluation['Annotation'] += msg
else:
evaluation['ComplianceType'] = 'NON_COMPLIANT'
msg = 'Resource {} is NOT compliant'.format(self.resource_id)
logger.info(msg)
evaluation['Annotation'] += msg
try:
self.client.put_evaluations(Evaluations=[evaluation],
ResultToken=self.result_token)
except ClientError as e:
logger.error(
'Config service PUT Evaluation failed with error: {}'.format(
e.response['Error']['Message']
)
)