in aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py [0:0]
def update_member_detectors(guardduty_client, detector_id: str, account_ids: list):
"""
update member detectors
:param guardduty_client: GuardDuty client
:param detector_id: GuardDuty detector id
:param account_ids: member account list
:return: None
"""
try:
configuration_params = {
"DetectorId": detector_id,
"AccountIds": account_ids,
"DataSources": {"S3Logs": {"Enable": True}}
}
update_member_response = guardduty_client.update_member_detectors(**configuration_params)
if "UnprocessedAccounts" in update_member_response and update_member_response["UnprocessedAccounts"]:
unprocessed = True
retry_count = 0
unprocessed_accounts = []
while unprocessed:
time.sleep(SLEEP_SECONDS)
retry_count += 1
remaining_accounts = []
for unprocessed_account in update_member_response["UnprocessedAccounts"]:
if unprocessed_account["AccountId"] in account_ids:
remaining_accounts.append(unprocessed_account["AccountId"])
if remaining_accounts:
configuration_params["AccountIds"] = remaining_accounts
update_member_response = guardduty_client.update_member_detectors(**configuration_params)
if "UnprocessedAccounts" in update_member_response \
and update_member_response["UnprocessedAccounts"]:
unprocessed_accounts = update_member_response["UnprocessedAccounts"]
if retry_count == 2:
unprocessed = False
else:
unprocessed = False
if unprocessed_accounts:
logger.info(f"Update Member Detectors Unprocessed Member Accounts: {unprocessed_accounts}")
raise ValueError(f"Unprocessed Member Accounts")
except Exception as error:
logger.error(f"update member detectors error: {error}")
raise ValueError("Error updating member detectors")