code/SecGuardRails/cfn_validate_lambda.py [348:398]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return risk, failedRules def s3_next_step(s3, bucket, risk, failedRules, template, job_id): # Store data in temporary physical file s3Client = boto3.client('s3', config=botocore.client.Config(signature_version='s3v4')) tmp_file = tempfile.NamedTemporaryFile() tmp_zip = tempfile.NamedTemporaryFile() for item in template: tmp_file.write(item) tmp_file.flush() # Process file based on risk value if risk < 5: with zipfile.ZipFile(tmp_zip.name, 'w') as zip: zip.write(tmp_file.name, "valid.template.json") zip.close() s3Client.upload_file( # Add encryption support tmp_zip.name, bucket, 'valid.template.zip') tmp_file.close() put_job_success(job_id, 'Job succesful, minimal or no risk detected.') elif 5 <= risk < 50: with zipfile.ZipFile(tmp_zip.name, 'w') as zip: zip.write(tmp_file.name, "flagged.template.json") zip.close() s3Client.upload_file( # Add encryption support tmp_zip.name, bucket, 'flagged.template.zip') tmp_file.close() put_job_success(job_id, 'Job succesful, medium risk detected, manual approval needed.') elif risk >= 50: tmp_file.close() print("High risk file, fail pipeline") put_job_failure(job_id, 'Function exception: Failed filters ' + str(failedRules)) return 0 def lambda_handler(event, context): """The Lambda function handler Validate input template for security vulnerables. Route as appropriate based on risk assesment. Args: event: The event passed by Lambda context: The context passed by Lambda """ try: # Print the entire event for tracking print("Received event: " + json.dumps(event, indent=2)) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - code/cfn_s3_versioning.py [275:325]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return risk, failedRules def s3_next_step(s3, bucket, risk, failedRules, template, job_id): # Store data in temporary physical file s3Client = boto3.client('s3', config=botocore.client.Config(signature_version='s3v4')) tmp_file = tempfile.NamedTemporaryFile() tmp_zip = tempfile.NamedTemporaryFile() for item in template: tmp_file.write(item) tmp_file.flush() # Process file based on risk value if risk < 5: with zipfile.ZipFile(tmp_zip.name, 'w') as zip: zip.write(tmp_file.name, "valid.template.json") zip.close() s3Client.upload_file( # Add encryption support tmp_zip.name, bucket, 'valid.template.zip') tmp_file.close() put_job_success(job_id, 'Job succesful, minimal or no risk detected.') elif 5 <= risk < 50: with zipfile.ZipFile(tmp_zip.name, 'w') as zip: zip.write(tmp_file.name, "flagged.template.json") zip.close() s3Client.upload_file( # Add encryption support tmp_zip.name, bucket, 'flagged.template.zip') tmp_file.close() put_job_success(job_id, 'Job succesful, medium risk detected, manual approval needed.') elif risk >= 50: tmp_file.close() print("High risk file, fail pipeline") put_job_failure(job_id, 'Function exception: Failed filters ' + str(failedRules)) return 0 def lambda_handler(event, context): """The Lambda function handler Validate input template for security vulnerables. Route as appropriate based on risk assesment. Args: event: The event passed by Lambda context: The context passed by Lambda """ try: # Print the entire event for tracking print("Received event: " + json.dumps(event, indent=2)) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -