def enable_mgmt()

in aws_sra_examples/solutions/securityhub/securityhub_enabler_acct/lambda/src/app.py [0:0]

• 32 lines of code
• 5 McCabe index (conditional complexity)

def enable_mgmt(mgmt_session, securityhub_regions, partition):
    """
    Enable Security Hub in the Management Account
    :param mgmt_session: Management Account Session
    :param securityhub_regions: regions to enable
    :param partition: AWS partition
    :return: None
    """

    for region in securityhub_regions:
        sh_mgmt_client = mgmt_session.client("securityhub", region_name=region)
        # Ensure SecurityHub is Enabled in the Management Account
        try:
            sh_mgmt_client.get_findings()
        except ClientError as ce:
            logger.info(
                f"SecurityHub not currently Enabled on Management Account "
                f"{MGMT_ACCOUNT_ID} in {region}. Enabling it."
            )
            try:
                sh_mgmt_client.enable_security_hub(EnableDefaultStandards=False)
            except Exception as exc:
                logger.info(
                    f"Unable to Enable Security Hub on Management Account "
                    f"{MGMT_ACCOUNT_ID} in {region}. Error: {exc}"
                )
                continue
        else:
            logger.info(
                f"SecurityHub already Enabled in Management Account "
                f"{MGMT_ACCOUNT_ID} in {region}"
            )
        try:
            # Enable Action Target
            sh_mgmt_client.create_action_target(
                Name="CWExportS3", Description="CWExportS3", Id="CWExportS3"
            )
        except ClientError:
            logger.info(f"SecurityHub Action Target Already Present")

        process_security_standards(sh_mgmt_client, partition, region, MGMT_ACCOUNT_ID)
        process_integrations(sh_mgmt_client, partition, region, MGMT_ACCOUNT_ID)
    return