def main()

in usecase-5/usecase-5-step-6.py [0:0]

• 62 lines of code
• 15 McCabe index (conditional complexity)

def main():
    """
    ############################################################################
    #  Issuing a cert from ACM PCA for the private domain alb.workshop.com     #
    ############################################################################
    """
    try:
        elbv2_client = boto3.client('elbv2')
        lambda_client = boto3.client('lambda')
        ssm_client = boto3.client('ssm')
        acm_pca_client = boto3.client('acm-pca')
        acm_client = boto3.client('acm')

        ##################################################################################################
        #   Retrieve subordinate_pca_arn                                                                 #
        #   The subordinate pca arn comes from the ACM subordinate PCA created in step 2 and is required #
        #   for issuing certificates                                                                     #
        #   The target group was created in step 1                                                       #
        ##################################################################################################

        subordinate_pca_arn = ssm_client.get_parameter(Name='/dp-workshop/subordinate_pca_arn')['Parameter']['Value']
        target_group_arn = ssm_client.get_parameter(Name='/dp-workshop/target_group_arn')['Parameter']['Value']

        response = acm_client.request_certificate(
            DomainName='alb.workshop.com',
            CertificateAuthorityArn=subordinate_pca_arn
        )
        certificate_arn = response['CertificateArn']
      
        print("Attaching HTTPS listener to ALB and requesting certificate for the private domain alb.workshop.com\n")
        print("This step takes about a minute to complete\n")

        # It takes some time to create the certificate and for the certificate to be active , hence the sleep in the code
        time.sleep(5)
        
        #####################################################################################################
        #   Getting certificate chain for the issued private cert                                           #
        #   The certificate chain is required by clients to trust the HTTPS Connection to alb.workshop.com  #
        #####################################################################################################
        response = acm_client.get_certificate(
            CertificateArn=certificate_arn
        )
        
        current_directory_path = os.path.dirname(os.path.realpath(__file__)) + '/'
        cert_chain_path = current_directory_path + 'cert_chain.pem'

        textfilecertchain = open(cert_chain_path, 'wb')
        textfilecertchain.write(response['CertificateChain'].encode('utf_8'))
        textfilecertchain.close()
        
        ##################################################################################
        #   Putting the certificate ARN in the parameter store to use later for cleanup  #
        ##################################################################################
        ssm_client.put_parameter(Name='/dp-workshop/private_cert_arn',Type='String',Value=certificate_arn)

        ###########################################################################################
        #   Creating a HTTPS listener for the ALB                                                 #
        #   Associating the certificate and target group with the HTTPS listener                  #
        ###########################################################################################
        response = elbv2_client.describe_load_balancers()
        for LB in  response['LoadBalancers']:
            #print LB['LoadBalancerArn']
            response = elbv2_client.describe_tags(
                ResourceArns=[
                    LB['LoadBalancerArn'],
                ],
            )
            for TagsAlb in  response['TagDescriptions']:
                #print TagsAlb['Tags']
                for Tag in TagsAlb['Tags']:
                    if Tag['Key'] == 'workshop' and Tag['Value'] == 'data-protection':
                        # Add a HTTPS listener
                        response = elbv2_client.create_listener(
                            LoadBalancerArn=LB['LoadBalancerArn'],
                            Protocol='HTTPS',
                            Port=443,
                            Certificates=[
                                {
                                    'CertificateArn': certificate_arn
                                },
                            ],
                            DefaultActions=[
                                {
                                    'Type': 'forward',
                                    'TargetGroupArn': target_group_arn,
                                }
                            ]
                        )
                        
                        #######################################################################################
                        #   Putting the listener ARN in the parameter store to use later for cleanup later    #
                        #######################################################################################
                        ssm_client.put_parameter(Name='/dp-workshop/listener_arn',Type='String',Value=response['Listeners'][0]['ListenerArn'])

        time.sleep(60)
        print("Successfully attached a HTTPS listener to the ALB")
        print("\nSuccessfully issued a private certificate for the private domain alb.workshop.com")
        print("\nStep-6 has been successfully completed \n")
    except:
        print("Unexpected error:", sys.exc_info()[0])
        raise
    else:
        exit(0)