def get_resource_arn(self, stack_id, logical_resource_id): cf = self.context.aws.client('cloudformation', region=util.get_region_from_arn(stack_id)) try: res = cf.describe_stack_resource( StackName=stack_id, LogicalResourceId=logical_resource_id) except ClientError as e: if optional and e.response['Error']['Code'] == 'ValidationError': return None raise HandledError( 'Could not get the id for the {} resource from the {} stack.'. format(logical_resource_id, stack_id), e) resource_name = res['StackResourceDetail']['PhysicalResourceId'] resource_type = res['StackResourceDetail']['ResourceType'] return util.get_resource_arn(stack_id, resource_type, resource_name, context=self.context)
def __get_mappings(context, deployment_name, exclusions, role, args=None): mappings = {} deployment_stack_id = context.config.get_deployment_stack_id( deployment_name) region = util.get_region_from_arn(deployment_stack_id) account_id = util.get_account_id_from_arn(deployment_stack_id) context.view.retrieving_mappings(deployment_name, deployment_stack_id, role) player_accessible_arns = __get_player_accessible_arns( context, deployment_name, role, args) resources = context.stack.describe_resources(deployment_stack_id, recursive=True) for logical_name, description in resources.iteritems(): if logical_name in exclusions: continue physical_resource_id = description.get('PhysicalResourceId') if physical_resource_id: if __is_user_pool_resource(description): mappings[logical_name] = { 'PhysicalResourceId': physical_resource_id, 'ResourceType': description['ResourceType'], 'UserPoolClients': description[ 'UserPoolClients'] # include client id / secret } else: resource_arn = util.get_resource_arn( description['StackId'], description['ResourceType'], physical_resource_id, optional=True, context=context) if resource_arn and resource_arn in player_accessible_arns: if __is_service_api_resource(description): __add_service_api_mapping(context, logical_name, description, mappings) else: mappings[logical_name] = { 'PhysicalResourceId': physical_resource_id, 'ResourceType': description['ResourceType'] } k_exchange_token_handler_name = 'PlayerAccessTokenExchange' if k_exchange_token_handler_name not in exclusions: login_exchange_handler = context.stack.get_physical_resource_id( context.config.project_stack_id, k_exchange_token_handler_name) if login_exchange_handler != None: mappings[k_exchange_token_handler_name] = { 'PhysicalResourceId': login_exchange_handler, 'ResourceType': 'AWS::Lambda::Function' } #now let's grab the player identity stuff and make sure we add it to the mappings. access_stack_arn = context.config.get_deployment_access_stack_id( deployment_name, True if args is not None and args.is_gui else False) if access_stack_arn != None: access_resources = context.stack.describe_resources(access_stack_arn, recursive=True) for logical_name, description in access_resources.iteritems(): if description['ResourceType'] == 'Custom::CognitoIdentityPool': if logical_name in exclusions: continue mappings[logical_name] = { 'PhysicalResourceId': description['PhysicalResourceId'], 'ResourceType': description['ResourceType'] } if 'region' not in exclusions: mappings['region'] = { 'PhysicalResourceId': region, 'ResourceType': 'Configuration' } if 'account_id' not in exclusions: mappings['account_id'] = { 'PhysicalResourceId': account_id, 'ResourceType': 'Configuration' } return mappings