def lambda_handler()

in code/SecGuardRails/stack_validate_lambda.py [0:0]

• 27 lines of code
• 13 McCabe index (conditional complexity)

def lambda_handler(event, context):
    """Summary

    Args:
        event (TYPE): Description
        context (TYPE): Description

    Returns:
        TYPE: Description
    """
    # Run all control validations.
    # The control object is a dictionary with the value
    # result : Boolean - True/False
    # failReason : String - Failure description
    # scored : Boolean - True/False
    # Check if the script is initiade from AWS Config Rules
    # Print the entire event for tracking
    print("Received event: " + json.dumps(event, indent=2))
    # Extract the Job ID
    job_id = event['CodePipeline.job']['id']
    # Globally used resources
    region_list = get_regions()
    stackName = event['CodePipeline.job']['data']['actionConfiguration']['configuration']['UserParameters']
    print("stackName: " + stackName)

    # Run individual controls.
    # Comment out unwanted controls
    control4 = []
    control_4_1_result = control_4_1_ensure_ssh_not_open_to_world(region_list, stackName)
    print('control_4_1_result: ' + str(control_4_1_result['Result']))
    control4.append(control_4_1_result)

    # Running 4.2 control for s3 protection
    control_4_2_result = control_4_2_no_global_s3(stackName)
    print('control_4_2_result: ' + str(control_4_2_result['Result']))
    control4.append(control_4_2_result)

    # Join results
    controls = []
    controls.append(control4)

    # Build JSON structure for console output if enabled
    if SCRIPT_OUTPUT_JSON:
        json_output(controls)

    # iterate through controls for error checks
    for control in controls:
        for controlspec in control:
            if controlspec['Result'] is False:
                print("\n")
                if stack_exists(stackName):
                    delete_stack(stackName)
                put_job_failure(job_id, controlspec['failReason'])
                return

    # found nothing and is good to go
    print("\n")
    put_job_success(job_id, 'Job succesful, minimal or no risk detected.')