in control-tower-account-factory/src/common.py [0:0]
def __add_lambda_to_portfolio_principal(self, portfolio_name):
"""Add AWS Lambda IAM role to portfolio in order for Lambda function to provision products"""
# check if lambda already added to portfolio
if portfolio_name in self.lambda_portfolio_list:
return True
portfolio_id = None
has_lambda_principal = False
try:
portfolio_list = self.sc_client.list_portfolios()
# get id for provided portfolio name
for porfolio in portfolio_list['PortfolioDetails']:
if porfolio['DisplayName'] == portfolio_name:
portfolio_id = porfolio['Id']
# if portfolio exists and Lambda IAM role does not have access to porfolio, add it
if portfolio_id:
portfolio_principals = self.sc_client.list_principals_for_portfolio(
PortfolioId=portfolio_id
)
for principal in portfolio_principals['Principals']:
if principal['PrincipalARN'] == self.lambda_role:
has_lambda_principal = True
self.lambda_portfolio_list.append(portfolio_name)
break
if not has_lambda_principal:
self.sc_client.associate_principal_with_portfolio(
PortfolioId=portfolio_id,
PrincipalARN=self.lambda_role,
PrincipalType='IAM'
)
self.lambda_portfolio_list.append(portfolio_name)
time.sleep(30)
self._log_info(f'Lambda role added to portfolio {portfolio_name}')
return True
else:
return False
except ClientError as error:
self._log_error(f'Error adding lambda role to portfolio : {portfolio_name}. Error: {error.response["Error"]}')
self._send_notification('Error adding lambda role to portfolio', f'Portfolio name: {portfolio_name}. Error: {error.response["Error"]}')
return False