def create_bucket

def create_bucket_policy()

in source/remediation_runbooks/scripts/EnableAWSConfig_createconfigbucket.py [0:0]
52 lines of code
2 McCabe index (conditional complexity)

def create_bucket_policy(config_bucket, aws_partition):  
    s3 = connect_to_s3(boto_config)   
    try:
        bucket_policy = {
            "Version": "2012-10-17",
            "Statement": [
            {
                "Sid": "AWSConfigBucketPermissionsCheck",
                "Effect": "Allow",
                "Principal": {
                    "Service": [
                        "config.amazonaws.com"
                    ]
                },
                "Action": "s3:GetBucketAcl",
                "Resource": "arn:" + aws_partition + ":s3:::" + config_bucket
            },
            {
                "Sid": "AWSConfigBucketExistenceCheck",
                "Effect": "Allow",
                "Principal": {
                    "Service": [
                        "config.amazonaws.com"
                    ]
                },
                "Action": "s3:ListBucket",
                "Resource": "arn:" + aws_partition + ":s3:::" + config_bucket
            },
            {
                "Sid": "AWSConfigBucketDelivery",
                "Effect": "Allow",
                "Principal": {
                    "Service": [
                        "config.amazonaws.com"    
                    ]
                },
                "Action": "s3:PutObject",
                "Resource": "arn:" + aws_partition + ":s3:::" + config_bucket + "/*",
                "Condition": { 
                    "StringEquals": { 
                        "s3:x-amz-acl": "bucket-owner-full-control"
                    }
                }
            }
            ]
        }
        s3.put_bucket_policy(
            Bucket=config_bucket,
            Policy=json.dumps(bucket_policy)
        )
    except Exception as e:
        exit(f'ERROR: PutBucketPolicy failed for {config_bucket}: {str(e)}')