in code/cfn_secrets.py [0:0]
def lambda_handler(event, context):
"""The Lambda function handler
Validate input template for security vulnerables. Route as appropriate based on risk assesment.
Args:
event: The event passed by Lambda
context: The context passed by Lambda
"""
try:
# Print the entire event for tracking
print("Received event: " + json.dumps(event, indent=2))
print(event)
# Extract the Job ID
job_id = event['CodePipeline.job']['id']
# Extract the Job Data
job_data = event['CodePipeline.job']['data']
# Extract the params
user_parameters = job_data['actionConfiguration']['configuration']['UserParameters']
decoded_parameters = json.loads(user_parameters)
# Get the list of artifacts passed to the function
input_artifacts = job_data['inputArtifacts']
params = get_user_params(job_data)
input_artifact = params['input']
template_file = params['file']
output_bucket = params['output']
# Get the artifact details
input_artifact_data = find_artifact(input_artifacts, input_artifact)
# Get S3 client to access artifact with
s3 = setup_s3_client(job_data)
# Get the JSON template file out of the artifact
template = get_template(s3, input_artifact_data, template_file)
#print("Template: " + str(template))
# Validate template from risk perspective. FailedRules can be used if you wish to expand the script to report failed items
risk, failedRules = evaluate_template(template, job_id)
# Based on risk, store the template in the correct S3 bucket for future process
s3_next_step(s3, output_bucket, risk, failedRules, template, job_id)
except Exception as e:
# If any other exceptions which we didn't expect are raised
# then fail the job and log the exception message.
print('Function failed due to exception.')
print(e)
traceback.print_exc()
put_job_failure(job_id, 'Function exception: ' + str(e))
print('Function complete.')
return "Complete."