in source/remediation_runbooks/scripts/EnableAWSConfig_createtopic.py [0:0]
def create_encrypted_topic(event, context):
kms_key_arn = event['kms_key_arn']
new_topic = False
topic_arn = ''
topic_name = event['topic_name']
try:
sns = connect_to_sns()
topic_arn = sns.create_topic(
Name=topic_name,
Attributes={
'KmsMasterKeyId': kms_key_arn.split('key/')[1]
}
)['TopicArn']
new_topic = True
except ClientError as client_exception:
exception_type = client_exception.response['Error']['Code']
if exception_type == 'InvalidParameter':
print(f'Topic {topic_name} already exists. This remediation may have been run before.')
print('Ignoring exception - remediation continues.')
topic_arn = sns.create_topic(
Name=topic_name
)['TopicArn']
else:
exit(f'ERROR: Unhandled client exception: {client_exception}')
except Exception as e:
exit(f'ERROR: could not create SNS Topic {topic_name}: {str(e)}')
if new_topic:
try:
ssm = connect_to_ssm()
ssm.put_parameter(
Name='/Solutions/SO0111/SNS_Topic_Config.1',
Description='SNS Topic for AWS Config updates',
Type='String',
Overwrite=True,
Value=topic_arn
)
except Exception as e:
exit(f'ERROR: could not create SNS Topic {topic_name}: {str(e)}')
create_topic_policy(topic_arn)
return {"topic_arn": topic_arn}