in source/Lambda/innovation_sbx_attach_scp.py [0:0]
def create(event, context):
logger.info("Attaching SCPs")
try:
props = event["ResourceProperties"]
sbx = props['Sandbox_Account_ID']
sbx_ou = props['Sandbox_OU']
scp_gd = props['SCPGD']
scp_ntwrk = props['SCPNTWRK']
tb = props['Template_Base_Path']
client = boto3.client('organizations', config=config)
scp_guardrails = create_scp_sbx(client, scp_gd, tb, 'innovation_sbx_guardrails_scp.json')
scp_network = create_scp_sbx(client, scp_ntwrk, tb, 'innovation_sbx_network_controls_scp.json')
client.attach_policy(PolicyId=scp_guardrails, TargetId=sbx_ou)
client.attach_policy(PolicyId=scp_network, TargetId=sbx_ou)
logger.info("Attached Service Control Policies")
responseData = {
"Message": "Sandbox SCPs Attached"
}
send(event, context, SUCCESS, responseData, "Sbx_Attach_SCPs")
except Exception as e:
message = {'MESSAGE': 'Exception occurred while creating and attaching SCPs',
'FILE': __file__.split('/')[-1], 'METHOD': inspect.stack()[0][3], 'EXCEPTION': str(e), 'TRACE': traceback.format_exc()}
logger.exception(message)
errorResponseData = {
"Message": "Sandbox SCP Attachment Failed"
}
send(event, context, FAILED, errorResponseData, "Sbx_Attach_SCPs")