def configure_guardduty()

in aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py [0:0]

• 39 lines of code
• 8 McCabe index (conditional complexity)

def configure_guardduty(session, delegated_account_id: str, auto_enable_s3_logs: bool, available_regions: list,
                        finding_publishing_frequency: str, kms_key_arn: str, publishing_destination_arn: str):
    """
    Configure GuardDuty with provided parameters
    :param session:
    :param delegated_account_id:
    :param auto_enable_s3_logs:
    :param available_regions:
    :param finding_publishing_frequency:
    :param kms_key_arn:
    :param publishing_destination_arn:
    :return: None
    """
    accounts, account_ids = get_all_organization_accounts(delegated_account_id)

    # Loop through the regions and enable GuardDuty
    for region in available_regions:
        try:
            regional_guardduty = get_service_client("guardduty", region, session)
            detectors = regional_guardduty.list_detectors()

            if detectors["DetectorIds"]:
                detector_id = detectors["DetectorIds"][0]
                logger.info(f"DetectorID: {detector_id} Region: {region}")

                # Update Publish Destination
                destinations = regional_guardduty.list_publishing_destinations(DetectorId=detector_id)

                if "Destinations" in destinations and len(destinations["Destinations"]) == 1:
                    destination_id = destinations["Destinations"][0]["DestinationId"]

                    regional_guardduty.update_publishing_destination(
                        DetectorId=detector_id,
                        DestinationId=destination_id,
                        DestinationProperties={
                            "DestinationArn": publishing_destination_arn,
                            "KmsKeyArn": kms_key_arn,
                        },
                    )
                else:
                    # Create Publish Destination
                    regional_guardduty.create_publishing_destination(
                        DetectorId=detector_id,
                        DestinationType="S3",
                        DestinationProperties={
                            "DestinationArn": publishing_destination_arn,
                            "KmsKeyArn": kms_key_arn,
                        },
                    )

                # Create members for existing Organization accounts
                logger.info(f"Members created for existing accounts: {accounts} in {region}")
                gd_create_members(regional_guardduty, detector_id, accounts)
                logger.info(f"Waiting {SLEEP_SECONDS} seconds")
                time.sleep(SLEEP_SECONDS)
                update_guardduty_configuration(regional_guardduty, auto_enable_s3_logs, detector_id,
                                               finding_publishing_frequency, account_ids)
        except Exception as exc:
            logger.error(f"configure_guardduty Exception: {exc}")
            raise ValueError(f"Configure GuardDuty Exception. Review logs for details.")