in aws_sra_examples/solutions/securityhub/securityhub_enabler_acct/lambda/src/app.py [0:0]
def lambda_handler(event, context):
"""
Lambda Handler
:param event: event data
:param context: runtime information
:return: None
"""
logger.info(event)
partition = context.invoked_function_arn.split(":")[1]
response_data = {}
try:
mgmt_session = assume_role(MGMT_ACCOUNT_ID, ASSUME_ROLE_NAME)
if mgmt_session is None:
raise NameError("STS Assume Role Failed")
# Regions to Deploy
securityhub_regions = get_validated_securityhub_regions(USER_REGIONS, CONTROL_TOWER_REGIONS_ONLY)
# Check for Custom Resource Call
if "RequestType" in event and (
event["RequestType"] == "Delete"
or event["RequestType"] == "Create"
or event["RequestType"] == "Update"
):
action = event["RequestType"]
if action == "Create":
enable_mgmt(mgmt_session, securityhub_regions, partition)
if action == "Delete":
disable_mgmt(mgmt_session, ASSUME_ROLE_NAME, securityhub_regions)
if DISABLE_ALL_ACCOUNTS:
disable_sh_all_accounts()
logger.info(f"Sending Custom Resource Response")
send_response(event, context, "SUCCESS", response_data)
else:
action = "Create"
enabling_securityhub_all_regions(mgmt_session, securityhub_regions, partition, action, event)
except NameError:
logger.error("STS Assume Failed")
if "RequestType" in event:
send_response(event, context, "SUCCESS", response_data)
except Exception as exc:
logger.error(exc)
if "RequestType" in event:
send_response(event, context, "FAILED", response_data)