in resource-selector-lambda/handler.py [0:0]
def lambda_handler(event, context):
# We will store our result here
responsedata = {}
failed_on_error = True
# check configuration if failed CFN satck if resource not found
def checkStatus(resource, rs):
if failed_on_error or not rs.getStatus():
responsedata[resource] = 'Error: Resource {} not found'.format(resource)
responsedata['lastError'] = rs.getLastError()
logger.info(f'Response data: {responsedata}')
# send failed status back to CFN
cfnsend(event, context, 'FAILED', responsedata)
return False
else:
return True
# Need to make sure we don't waste time if the request type is
# update or delete. Exit gracefully
if event['RequestType'] == "Delete":
logger.info(f'Request Type is Delete; unsupported')
cfnsend(event, context, 'SUCCESS', responsedata)
return event
if event['RequestType'] == "Update":
logger.info(f'Request Type is Update; unsupported')
cfnsend(event, context, 'SUCCESS', responsedata)
return event
# iterate through resources
if 'Resources' in event['ResourceProperties']:
# get name of resources
res_list = (event['ResourceProperties']['Resources']).keys()
# check global congfig how to handle not found resource
# if Options -> Error = failed - failed CFN stack if any resource not found
# otherwise check Error configuration for each idividual resource
if 'Options' in res_list and 'Error' in event['ResourceProperties']['Resources']['Options']:
if event['ResourceProperties']['Resources']['Options']['Error'] != 'failed':
failed_on_error = False
vpc=None
# search for VPC(s)
if 'vpc' in res_list:
# call resource selector class to search for VPC based on the specify criteria
rs = ResourceSelector(region=region, resource='vpc',cfg=event['ResourceProperties']['Resources']['vpc'])
# get search result to local variable
# that can be reuse with subnets and/or security group resources
vpc = rs.getOutput()
# output search result
responsedata['vpc'] = vpc
# if VPC not found, check if failed CFN
if not responsedata['vpc'] and not checkStatus('vpc', rs):
return responsedata
# destroy class
del rs
# search for Subnet(s)
if 'subnet' in res_list:
# call resource selector class to search for subnet based on the specify criteria
rs = ResourceSelector(region=region, resource='subnet',cfg=event['ResourceProperties']['Resources']['subnet'],vpc=vpc)
# output search result
responsedata['subnet'] = rs.getOutput()
# if Subnet not found, check if failed CFN
if not responsedata['subnet'] and not checkStatus('subnet', rs):
return responsedata
# destroy class
del rs
# search for security group(s)
if 'sg' in res_list:
# call resource selector class to search for security group based on the specify criteria
rs = ResourceSelector(region=region, resource='sg',cfg=event['ResourceProperties']['Resources']['sg'],vpc=vpc)
# output search result
responsedata['sg'] = rs.getOutput()
# if security group not found, check if failed CFN
if not responsedata['sg'] and not checkStatus('sg', rs):
return responsedata
# destroy class
del rs
# search for ACM certificate(s)
if 'acm' in res_list:
# call resource selector class to search for acm certificate based on the specify criteria
rs = ResourceSelector(region=region, resource='acm',cfg=event['ResourceProperties']['Resources']['acm'])
# output search result
responsedata['acm'] = rs.getOutput()
# if acm certificate not found, check if failed CFN
if not responsedata['acm'] and not checkStatus('acm', rs):
return responsedata
# destroy class
del rs
# search for KMS key(s)
if 'kms' in res_list:
# call resource selector class to search for kms key based on the specify criteria
rs = ResourceSelector(region=region, resource='kms',cfg=event['ResourceProperties']['Resources']['kms'])
# output search result
responsedata['kms'] = rs.getOutput()
# if kms key not found, check if failed CFN
if not responsedata['kms'] and not checkStatus('kms', rs):
return responsedata
# destroy class
del rs
# search for IAM policy(s)
if 'policy' in res_list:
# call resource selector class to search for IAM policy based on the specify criteria
rs = ResourceSelector(region=region, resource='policy',cfg=event['ResourceProperties']['Resources']['policy'])
# output search result
responsedata['policy'] = rs.getOutput()
# if IAM policy not found, check if failed CFN
if not responsedata['policy'] and not checkStatus('policy', rs):
return responsedata
# destroy class
del rs
# search for IAM role(s)
if 'role' in res_list:
# call resource selector class to search for IAM role based on the specify criteria
rs = ResourceSelector(region=region, resource='role',cfg=event['ResourceProperties']['Resources']['role'])
# output search result
responsedata['role'] = rs.getOutput()
# if IAM role not found, check if failed CFN
if not responsedata['role'] and not checkStatus('role', rs):
return responsedata
# destroy class
del rs
# get Spot Price
if 'spot' in res_list:
# call resource selector class to get Spot Price for provided instance type and os
rs = ResourceSelector(region=region, resource='spot',cfg=event['ResourceProperties']['Resources']['spot'])
# output search result
responsedata['spotprice'] = rs.getOutput()
# if spot price not found, check if failed CFN
if not responsedata['spotprice'] and not checkStatus('spot', rs):
return responsedata
# destroy class
del rs
# get AMI Image Id based on the criteria
if 'ami' in res_list:
# call resource selector class to get AMI Image ID based on the criteria
rs = ResourceSelector(region=region, resource='ami',cfg=event['ResourceProperties']['Resources']['ami'])
# output search result
responsedata['ami'] = rs.getOutput()
# if image not found, check if failed CFN
if not responsedata['ami'] and not checkStatus('ami', rs):
return responsedata
# destroy class
del rs
# Log response data
logger.info(f'Response data: {responsedata}')
# Using the cfnsend function to format our response to Cloudforamtion and send it
cfnsend(event, context, 'SUCCESS', responsedata)
return responsedata