in templates/aws-cloudfront-waf/source/helper/helper.py [0:0]
def lambda_handler(event, context):
log = logging.getLogger()
responseStatus = 'SUCCESS'
reason = None
responseData = {}
resourceId = event['PhysicalResourceId'] if 'PhysicalResourceId' in event else event['LogicalResourceId']
result = {
'StatusCode': '200',
'Body': {'message': 'success'}
}
# ------------------------------------------------------------------
# Set Log Level
# ------------------------------------------------------------------
log_level = str(os.getenv('LOG_LEVEL').upper())
if log_level not in ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL']:
log_level = 'ERROR'
log.setLevel(log_level)
try:
# ----------------------------------------------------------
# Read inputs parameters
# ----------------------------------------------------------
log.info(event)
request_type = event['RequestType'].upper() if ('RequestType' in event) else ""
log.info(request_type)
# ----------------------------------------------------------
# Process event
# ----------------------------------------------------------
if event['ResourceType'] == "Custom::CheckRequirements":
if 'CREATE' in request_type or 'UPDATE' in request_type:
check_service_dependencies(log, event['ResourceProperties'])
if event['ResourceProperties']['ProtectionActivatedScannersProbes'] == 'yes':
check_app_log_bucket(log, event['ResourceProperties']['Region'],
event['ResourceProperties']['AppAccessLogBucket'])
check_requirements(log, event['ResourceProperties'])
# DELETE: do nothing
elif event['ResourceType'] == "Custom::CreateUUID":
if 'CREATE' in request_type:
responseData['UUID'] = str(uuid.uuid4())
log.debug("UUID: %s" % responseData['UUID'])
# UPDATE: do nothing
# DELETE: do nothing
elif event['ResourceType'] == "Custom::CreateDeliveryStreamName":
# --------------------------------------------------------------------------
# Delivery stream names acceptable characters are:
# - Uppercase and lowercase letters
# - Numbers
# - Underscores
# - Hyphens
# - Periods
# Also:
# - It must be between 1 and 64 characters long
# - AWS WAF requires a name starting with the prefix "aws-waf-logs-"
# --------------------------------------------------------------------------
if 'CREATE' in request_type:
prefix = "aws-waf-logs-"
suffix = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(6)])
stack_name = event['ResourceProperties']['StackName']
# remove spaces
stack_name = stack_name.replace(" ", "_")
# remove everything that is not [a-zA-Z0-9] or '_' and strip '_'
# note: remove hypens and periods for convenience
stack_name = re.sub(r'\W', '', stack_name).strip('_')
delivery_stream_name = prefix + "_" + suffix
if len(stack_name) > 0:
max_len = 64 - len(prefix) - 1 - len(suffix)
delivery_stream_name = prefix + stack_name[:max_len] + "_" + suffix
responseData['DeliveryStreamName'] = delivery_stream_name
log.debug("DeliveryStreamName: %s" % responseData['DeliveryStreamName'])
# UPDATE: do nothing
# DELETE: do nothing
elif event['ResourceType'] == "Custom::CreateGlueDatabaseName":
# --------------------------------------------------------------------------
# Delivery stream names acceptable characters are:
# - Lowercase letters
# - Numbers
# - Underscores
# Also:
# - It must be between 1 and 32 characters long. Names longer than that
# break AWS::Athena::NamedQuery database parameter
# --------------------------------------------------------------------------
if 'CREATE' in request_type:
suffix = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(6)]).lower()
stack_name = event['ResourceProperties']['StackName']
# remove spaces
stack_name = stack_name.replace(" ", "_")
# remove everything that is not [a-z0-9] or '_' and strip '_'
stack_name = re.sub(r'\W', '', stack_name).strip('_').lower()
# reduce to max_len (considering random sufix + '_')
max_len = 32 - 1 - len(suffix)
stack_name = stack_name[:max_len].strip('_')
# define database name
database_name = suffix
if len(stack_name) > 0:
database_name = stack_name + '_' + suffix
responseData['DatabaseName'] = database_name
log.debug("DatabaseName: %s" % responseData['DatabaseName'])
# UPDATE: do nothing
# DELETE: do nothing
except Exception as error:
log.error(error)
responseStatus = 'FAILED'
reason = str(error)
result = {
'statusCode': '400',
'body': {'message': reason}
}
finally:
# ------------------------------------------------------------------
# Send Result
# ------------------------------------------------------------------
if 'ResponseURL' in event:
send_response(log, event, context, responseStatus, responseData, resourceId, reason)
return json.dumps(result)