def handler()

in Deployment/RateRuleReload.py [0:0]

• 38 lines of code
• 9 McCabe index (conditional complexity)

def handler(event, context):   
    log = logging.getLogger()
    # ------------------------------------------------------------------
    # Declare variables
    # ------------------------------------------------------------------
    accounts = {}
    region = ''
    role_arn = ''
    sec_account = str(os.getenv('SECURITY_ACCOUNT'))
    
    try:
        # ------------------------------------------------------------------
        # Set Log Level
        # ------------------------------------------------------------------
        log_level = str(os.getenv('LOG_LEVEL').upper())
        if log_level not in ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL']:
            log_level = 'DEBUG'
        log.setLevel(log_level)

        log.info('[RateBasedRule-Reload] Start')
        # -------------------------------------------------------------------
        # Collect member accounts of the Organization 
        # -------------------------------------------------------------------    
        fms_client = boto3.client('fms')
        
        # If there are more than 100 AWS accounts, then collect all accounts using NextToken parameter
        accounts = fms_client.list_member_accounts(
            MaxResults=100
        )
        
        # Loop through all member accounts except security account itself
        for mem_account in accounts['MemberAccounts']:
            # Most customers use Security account only for managing security resources, hence ignoring it for updating WebACL.
            if mem_account != sec_account:
                for index in range(len(event['Scope'])):
                    scope_type = event['Scope'][index]['Type']
                    policy = event['Scope'][index]['Policy']
                    role_arn = "arn:aws:iam::{}:role/WAF-RateRule-Reload".format(mem_account)
        
                    sts_client = boto3.client('sts')
        
                    sts_response = sts_client.assume_role(
                        RoleArn=role_arn,
                        RoleSessionName='WafRateBasedRule'
                    )
        
                    credentials = sts_response['Credentials']
        
                    assumed_session = boto3.Session(
                        aws_access_key_id=credentials['AccessKeyId'],
                        aws_secret_access_key=credentials['SecretAccessKey'],
                        aws_session_token=credentials['SessionToken']
                    )
        
                    get_webacl(log, scope_type, policy, assumed_session)
    
    except Exception as error:
        log.error(str(error))
        raise

    log.info('[RateBasedRule-Reload] End')