in code/SecGuardRails/cfn_validate_lambda.py [0:0]
def lambda_handler(event, context):
"""The Lambda function handler
Validate input template for security vulnerables. Route as appropriate based on risk assesment.
Args:
event: The event passed by Lambda
context: The context passed by Lambda
"""
try:
# Print the entire event for tracking
print("Received event: " + json.dumps(event, indent=2))
# Extract the Job ID
job_id = event['CodePipeline.job']['id']
# Extract the Job Data
job_data = event['CodePipeline.job']['data']
# Extract the params
params = get_user_params(job_data)
# Get the list of artifacts passed to the function
input_artifacts = job_data['inputArtifacts']
input_artifact = params['input']
template_file = params['file']
output_bucket = params['output']
# Get the artifact details
input_artifact_data = find_artifact(input_artifacts, input_artifact)
# Get S3 client to access artifact with
s3 = setup_s3_client(job_data)
# Get the JSON template file out of the artifact
template = get_template(s3, input_artifact_data, template_file)
print("Template: " + template)
# Get validation rules from DDB
rules = get_rules()
# Validate template from risk perspective. FailedRules can be used if you wish to expand the script to report failed items
risk, failedRules = evaluate_template(rules, template)
# Based on risk, store the template in the correct S3 bucket for future process
s3_next_step(s3, output_bucket, risk, failedRules, template, job_id)
except Exception as e:
# If any other exceptions which we didn't expect are raised
# then fail the job and log the exception message.
print('Function failed due to exception.')
print(e)
traceback.print_exc()
put_job_failure(job_id, 'Function exception: ' + str(e))
print('Function complete.')
return "Complete."