def associate_admin

def associate_admin_account()

in aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py [0:0]
39 lines of code
9 McCabe index (conditional complexity)

def associate_admin_account(delegated_admin_account_id: str):
    """
    Associate an administrator account for Firewall Manager
    :param delegated_admin_account_id: Delegated admin account ID
    :return: None
    """
    firewall_manager_client = boto3.client("fms", region_name="us-east-1")  # APIs only work in us-east-1 region

    try:
        logger.info("Making sure there is no existing admin account")
        admin_account = firewall_manager_client.get_admin_account()
        if "AdminAccount" in admin_account:
            logger.error("Admin account already exists. Disassociate the account first")
            raise ValueError("Admin account already exists. Disassociate the account first")
    except ClientError as ce:
        if "ResourceNotFoundException" in str(ce):
            logger.info(f"Administrator account does not exist. Continuing... {ce}")
        else:
            logger.error(f"Unexpected error: {ce}")
            raise ValueError("Error getting existing admin account.")

    try:
        logger.info("Associating admin account in Firewall Manager")
        firewall_manager_client.associate_admin_account(AdminAccount=delegated_admin_account_id)
        logger.info("...waiting 1 minute")
        time.sleep(60)  # use 1 minute wait
        while True:
            try:
                logger.info("Getting admin account status in Firewall Manager")
                admin_account_status = firewall_manager_client.get_admin_account()
                logger.info(f"get admin account status is {admin_account_status['RoleStatus']}")
                if admin_account_status["RoleStatus"] == "READY":
                    logger.info("Admin account status = READY")
                    break
                logger.info("...waiting 20 seconds")
                time.sleep(20)
                continue
            except ClientError:
                logger.error("There was an getting admin account info in Firewall Manager")
                raise ValueError("Error getting admin account info in Firewall Manager")
    except ClientError as ce:
        logger.error(f"There was an issue associating admin account in Firewall Manager: {ce}")
        raise ValueError("Unexpected error. Check logs for details.")
    except Exception as exc:
        logger.error(f"Unexpected error: {exc}")
        raise ValueError("Unexpected error. Check logs for details.")