def test_ami_from_instance(): result = parse("""{ "eventVersion": "1.05", "eventTime": "2020-04-01T03:25:13Z", "eventSource": "ec2.amazonaws.com", "eventName": "CreateImage", "awsRegion": "us-west-2", "sourceIPAddress": "205.251.233.178", "userAgent": "console.ec2.amazonaws.com", "requestParameters": { "instanceId": "i-0ed7c37bce75f98f9" }, "responseElements": { "requestId": "e7999feb-6f64-4fc7-8507-17c5fbe8da29", "imageId": "ami-0528b3966f95526ee" }, "requestID": "e7999feb-6f64-4fc7-8507-17c5fbe8da29", "eventID": "eeb6529b-8b20-41ea-983a-ef544830e81a", "eventType": "AwsApiCall", "recipientAccountId": "527579490183" }""") assert result.region == "us-west-2" assert result.instanceId == "i-0ed7c37bce75f98f9" assert result.destinationImageId == "ami-0528b3966f95526ee" assert result.accountId == "527579490183"
def test_copy_ami(): result = parse("""{ "eventVersion": "1.05", "eventTime": "2020-04-01T04:06:48Z", "eventSource": "ec2.amazonaws.com", "eventName": "CopyImage", "awsRegion": "us-west-2", "sourceIPAddress": "205.251.233.178", "userAgent": "console.ec2.amazonaws.com", "requestParameters": { "sourceRegion": "us-west-2", "sourceImageId": "ami-0528b3966f95526ee" }, "responseElements": { "requestId": "3df999ff-e62b-4306-bd08-871b3f8c27e0", "imageId": "ami-00339be3aeeb7ac2d" }, "requestID": "3df999ff-e62b-4306-bd08-871b3f8c27e0", "eventID": "3cf5b242-86b1-4b5b-9a4f-a2da69ab8c4c", "eventType": "AwsApiCall", "recipientAccountId": "527579490183" }""") assert result.region == "us-west-2" assert result.sourceImageId == "ami-0528b3966f95526ee" assert result.destinationImageId == "ami-00339be3aeeb7ac2d" assert result.accountId == "527579490183"
def test_run_instances(): result = parse("""{ "eventSource": "ec2.amazonaws.com", "eventName": "RunInstances", "awsRegion": "us-west-2", "responseElements": { "instancesSet": { "items": [ { "instanceId": "i-0f94de47f90462018", "imageId": "ami-0ce21b51cb31a48b8", "ownerId": "527579490183" } ] } }, "requestID": "3dc68d64-9435-4c46-9562-1e3272747cbe", "eventID": "f3902997-b8f3-40c2-8f3a-403f47b3fc4f", "eventType": "AwsApiCall", "recipientAccountId": "527579490183" }""") assert result.region == "us-west-2" assert result.instanceId == "i-0f94de47f90462018" assert result.imageId == "ami-0ce21b51cb31a48b8" assert result.accountId == "527579490183"
def lambda_handler(event, context): print(event) cloudwatch_event = event["awslogs"]["data"] decode_base64 = base64.b64decode(cloudwatch_event) log_uncompressed = gzip.decompress(decode_base64).decode("utf8") print(log_uncompressed) for log_entry in json.loads(log_uncompressed)["logEvents"]: log_text = log_entry["message"] print(log_text) result = parse(log_entry) actions = determine_action(result) execute_all(traversal, actions) return "Ok"
def test_dont_understand(): result = parse("{ 'someJSON': true }") assert result is None
def test_invalid_json(): result = parse("blah") assert result is None