in aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py [0:0]
def delete(event, _):
"""
CloudFormation Delete Event.
:param event: event data
:param _:
:return: CloudFormation response
"""
try:
logger.debug(f"Delete Event - {event}")
check_parameters(event)
params = event.get("ResourceProperties")
control_tower_regions_only = (params.get("CONTROL_TOWER_REGIONS_ONLY", "false")).lower() in "true"
available_regions = get_available_service_regions(params.get("ENABLED_REGIONS"), "macie2",
control_tower_regions_only)
# Loop through the regions and disable Macie
for region in available_regions:
try:
regional_client = get_service_client(None, "macie2", region)
disable_organization_admin_accounts(regional_client, region, params.get("CONFIGURATION_ROLE_NAME"),
params.get("AWS_PARTITION"))
organizations_client = get_service_client(None, "organizations", region)
delegated_admin_accounts = list_delegated_administrators(organizations_client, "macie.amazonaws.com")
if delegated_admin_accounts:
for delegated_admin_account in delegated_admin_accounts:
deregister_delegated_administrator(organizations_client, delegated_admin_account,
"macie.amazonaws.com")
except Exception as error:
logger.error(f"Exception: {error}")
raise ValueError(f"API Exception: {error}")
accounts, account_ids = get_all_organization_accounts("None")
# Cleanup member account Macie
start = now()
processes = []
with ThreadPoolExecutor(max_workers=MAX_THREADS) as executor:
for account_id in account_ids:
try:
member_session = assume_role(account_id, params.get('DISABLE_MACIE_ROLE_NAME'),
"CleanupMacie", params.get("AWS_PARTITION"))
processes.append(executor.submit(
cleanup_member_account,
member_session,
account_id,
available_regions
))
except Exception as error:
logger.error(f"{error}")
continue
logger.debug(f"Time taken to cleanup member accounts: {now() - start}")
except Exception as error:
logger.error(f"Exception: {error}")
raise ValueError(f"Delete event exception. See logs for error.")