def create_report_batch_job_handler(event, context):
check_history_id = eventhelper.get_check_history_id_batch(event)
trace_id = check_history_id
common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe())
# セキュリティチェックレポート作成ジョブ登録
return awssecuritychecks_logic.create_report_batch_job(
trace_id, check_history_id)
def execute_securitycheck_aggregate_handler(event, context):
check_history_id = eventhelper.get_check_history_id_batch(event)
trace_id = check_history_id
common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe())
# セキュリティチェック結果集計
return awssecuritychecks_logic.execute_securitycheck_aggregate(
trace_id, check_history_id)
def get_check_awsaccounts_handler(event, context):
# 必要な情報を取得
check_history_id = eventhelper.get_check_history_id_batch(event)
trace_id = check_history_id
common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe())
# セキュリティチェック対象AWSアカウント取得
return awssecuritychecks_logic.get_check_awsaccounts(
trace_id, check_history_id)
def execute_send_result_slack_handler(event, context):
check_history_id = eventhelper.get_check_history_id_batch(event)
language = eventhelper.get_language_batch(event)
trace_id = check_history_id
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# Slack通知送信処理
awschecksBatch_logic.execute_send_result_slack(trace_id, check_history_id,
language)
def execute_securitycheck_statemachine_handler(event, context):
# Amazon SNSメッセージを取得
message = eventhelper.get_message_from_sns(event)
message = json.loads(message)
# 必要な情報を取得
check_history_id = eventhelper.get_check_history_id_batch(message)
trace_id = check_history_id
common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe())
# セキュリティチェックStepFunctions起動
awssecuritychecks_logic.execute_securitycheck_statemachine(
trace_id, check_history_id)
def check_effective_awsaccount_handler(event, context):
# 必要な情報を取得
check_history_id = eventhelper.get_check_history_id_batch(event)
trace_id = check_history_id
coop_id = eventhelper.get_coop_id_batch(event)
role_name = eventhelper.get_role_name(event)
external_id = eventhelper.get_external_id(event)
organization_id = eventhelper.get_organization_id_batch(event)
project_id = eventhelper.get_project_id_batch(event)
common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe())
# 対象となるAWSアカウント
target_aws_account = eventhelper.get_awsaccount(event)
# AWSアカウントチェック
return awssecuritychecks_logic.check_effective_awsaccount(
trace_id, target_aws_account, coop_id, role_name, external_id,
organization_id, project_id, check_history_id)
def execute_asc_check_handler(event, context):
check_history_id = eventhelper.get_check_history_id_batch(event)
trace_id = check_history_id
aws_account = eventhelper.get_awsaccount(event)
coop_id = eventhelper.get_coop_id_batch(event)
aws_account_name = eventhelper.get_awsaccount_name_batch(event)
role_name = eventhelper.get_role_name(event)
external_id = eventhelper.get_external_id(event)
organization_id = eventhelper.get_organization_id_batch(event)
organization_name = eventhelper.get_organization_name_batch(event)
project_id = eventhelper.get_project_id_batch(event)
project_name = eventhelper.get_project_name_batch(event)
check_result_id = eventhelper.get_check_result_id_batch(event)
effective_awsaccount = eventhelper.get_effective_awsaccount(event)
common_utils.begin_cw_logger(trace_id, __name__, inspect.currentframe())
# セキュリティチェックASC実行
return awssecuritychecks_logic.execute_asc_check(
trace_id, aws_account, coop_id, aws_account_name, role_name,
external_id, organization_id, organization_name, project_id,
project_name, check_history_id, check_result_id, effective_awsaccount)
def execute_send_checkerror_email_handler(event, context):
message = eventhelper.get_message_from_sns(event)
message = json.loads(message)
aws_account = eventhelper.get_awsaccount(message)
check_history_id = eventhelper.get_check_history_id_batch(message)
organization_id = eventhelper.get_organization_id_batch(message)
project_id = eventhelper.get_project_id_batch(message)
error_code = eventhelper.get_error_code_batch(message)
execute_user_id = eventhelper.get_execute_user_id_batch(message)
region_name = eventhelper.get_region_name_batch(message)
check_code_item = eventhelper.get_check_code_item_batch(message)
data_body = eventhelper.get_data_body_batch(message)
trace_id = execute_user_id
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# 通知メール送信処理
awschecksBatch_logic.execute_send_checkerror_email(
trace_id, context.aws_request_id, aws_account, check_history_id,
organization_id, project_id, error_code, execute_user_id, region_name,
check_code_item, data_body)
def execute_ibp_check_handler(event, context):
check_history_id = eventhelper.get_check_history_id_batch(event)
trace_id = check_history_id
common_utils.begin_logger(trace_id, __name__, inspect.currentframe())
# セキュリティチェックIBP実行
return {"ibp-result": "true"}
