in source/customer_managed_patch.py [0:0]
def lambda_handler(event, context):
try:
patch_plan_id= event['change_type_id']
ams_app_id= event['app_account_id']
local_exec_params = event['exec_params']
app_acct_role = event['app_acct_role']
local_s3_session = boto3.session.Session()
s3handler = local_s3_session.client('s3')
bucket = S3bucket
key= templateS3Key + local_exec_params
PatchPlanData= s3handler.get_object(Bucket=bucket, Key=key)
PatchBaseLineExecParams= json.loads(PatchPlanData['Body'].read().decode('utf-8'))
except Exception as cust_patch_plan_input_failure:
return (str(cust_patch_plan_input_failure))
if patch_plan_id =="Base_AWS_Patch":
try:
member_account_session = get_session(
str(ams_app_id), str(app_acct_role), "customer_managed_patch",ExternalId
)
cfhandler = member_account_session.client("ssm")
patch_response = cfhandler.create_patch_baseline(
OperatingSystem=PatchBaseLineExecParams['OperatingSystem'],
Name=PatchBaseLineExecParams['Name'],
GlobalFilters={
'PatchFilters': [
{
'Key': PatchBaseLineExecParams['GlobalFilters']['PatchFilters'][0]['Key'],
'Values': [
PatchBaseLineExecParams['GlobalFilters']['PatchFilters'][0]['Values'][0],
]
},
]
},
ApprovalRules={
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': PatchBaseLineExecParams['ApprovalRules']['PatchRules'][0]['PatchFilterGroup']['PatchFilters'][0]['Key'],
'Values': [
PatchBaseLineExecParams['ApprovalRules']['PatchRules'][0]['PatchFilterGroup']['PatchFilters'][0]['Values'][0],
]
},
]
},
'ComplianceLevel': PatchBaseLineExecParams['ApprovalRules']['PatchRules'][0]['ComplianceLevel'],
'ApproveUntilDate': PatchBaseLineExecParams['ApprovalRules']['PatchRules'][0]['ApproveUntilDate'],
'EnableNonSecurity':bool(PatchBaseLineExecParams['ApprovalRules']['PatchRules'][0]['EnableNonSecurity'])
},
]
}
)
BaseLineId = patch_response['BaselineId']
return {'BaselineId': BaseLineId}
except Exception as patch_plan_create_failure:
print(str(patch_plan_create_failure))
else:
return('Unknown Request')