in source/Orchestrator/check_ssm_doc_state.py [0:0]
def lambda_handler(event, context):
answer = utils.StepFunctionLambdaAnswer() # holds the response to the step function
LOGGER.info(event)
if "Finding" not in event or \
"EventType" not in event:
answer.update({
'status':'ERROR',
'message':'Missing required data in request'
})
LOGGER.error(answer.message)
return answer.json()
finding = Finding(event['Finding'])
answer.update({
'securitystandard': finding.standard_shortname,
'securitystandardversion': finding.standard_version,
'controlid': finding.standard_control,
'standardsupported': finding.standard_version_supported,
'accountid': finding.account_id,
'resourceregion': finding.resource_region
})
if finding.standard_version_supported != 'True':
answer.update({
'status':'NOTENABLED',
'message':f'Security Standard is not enabled": "{finding.standard_name} version {finding.standard_version}"'
})
return answer.json()
# Is there alt workflow configuration?
alt_workflow_doc = event.get('Workflow',{}).get('WorkflowDocument', None)
automation_docid = f'SHARR-{finding.standard_shortname}_{finding.standard_version}_{finding.remediation_control}'
remediation_role = f'SO0111-Remediate-{finding.standard_shortname}-{finding.standard_version}-{finding.remediation_control}'
answer.update({
'automationdocid': automation_docid,
'remediationrole': remediation_role
})
# If alt workflow is configured we don't need to check doc state, as we checked
# it in get_approval_requirement
if alt_workflow_doc:
answer.update({
'status': 'ACTIVE'
})
else:
_add_doc_state_to_answer(
automation_docid,
finding.account_id,
finding.resource_region,
answer
)
return answer.json()