in aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py [0:0]
def update(event, context):
"""
CloudFormation Update Event. Updates CloudTrail with the provided parameters.
:param event: event data
:param context: runtime information
:return: CloudFormation response
"""
logger.info("Update Event")
try:
check_parameters(event)
params = event.get("ResourceProperties")
cloudtrail_name = params.get("CLOUDTRAIL_NAME")
CLOUDTRAIL_CLIENT.update_trail(
**get_cloudtrail_parameters(
False,
cloudtrail_name=cloudtrail_name,
cloudwatch_log_group_arn=params.get("CLOUDWATCH_LOG_GROUP_ARN"),
cloudwatch_log_group_role_arn=params.get("CLOUDWATCH_LOG_GROUP_ROLE_ARN"),
kms_key_id=params.get("KMS_KEY_ID"),
s3_bucket_name=params.get("S3_BUCKET_NAME"),
s3_key_prefix=params.get("S3_KEY_PREFIX"),
tag_key1=params.get("TAG_KEY1"),
tag_value1=params.get("TAG_VALUE1"),
)
)
logger.info("Updated Organization CloudTrail")
event_selectors = get_data_event_config(
aws_partition=params.get("AWS_PARTITION", "aws"),
enable_s3_data_events=(params.get("ENABLE_S3_DATA_EVENTS", "false")).lower() in "true",
enable_lambda_data_events=(params.get("ENABLE_LAMBDA_DATA_EVENTS", "false")).lower() in "true",
enable_data_events_only=(params.get("ENABLE_DATA_EVENTS_ONLY", "false")).lower() in "true",
)
if event_selectors:
CLOUDTRAIL_CLIENT.put_event_selectors(TrailName=cloudtrail_name, EventSelectors=[event_selectors])
logger.info("Data Events Updated")
CLOUDTRAIL_CLIENT.start_logging(Name=cloudtrail_name)
except ClientError as ce:
if ce.response["Error"]["Code"] == "TrailNotFoundException":
logger.error("Trail Does Not Exist")
raise ValueError(f"TrailNotFoundException: {str(ce)}")
else:
logger.error(f"Unexpected error: {str(ce)}")
raise ValueError(f"CloudTrail API Exception: {str(ce)}")
except Exception as exc:
logger.error(f"Unexpected error: {str(exc)}")
raise ValueError(f"Exception: {str(exc)}")