def lambda_handler(event, _):
parameters = ParameterStore(REGION_DEFAULT, boto3)
account_id = event.get(
'detail').get(
'requestParameters').get('accountId')
organizations = Organizations(boto3, account_id)
parsed_event = Event(event, parameters, organizations, account_id)
cache = Cache()
if parsed_event.moved_to_root or parsed_event.moved_to_protected:
return parsed_event.create_output_object(cache)
parsed_event.set_destination_ou_name()
sts = STS(boto3)
role = sts.assume_cross_account_role(
'arn:aws:iam::{0}:role/{1}'.format(
parsed_event.account_id,
parsed_event.cross_account_access_role
), 'master_lambda'
)
if parsed_event.is_deployment_account:
update_master_account_parameters(parsed_event, parameters)
configure_deployment_account(parsed_event, role)
s3 = S3(REGION_DEFAULT, boto3, S3_BUCKET)
account_path = parsed_event.organizations.build_account_path(
parsed_event.destination_ou_id,
[], # Initial empty array to hold OU Path,
cache,
)
for region in list(set([parsed_event.deployment_account_region] + parsed_event.regions)):
if not parsed_event.is_deployment_account:
configure_generic_account(sts, parsed_event, region, role)
cloudformation = CloudFormation(
region=region,
deployment_account_region=parsed_event.deployment_account_region,
role=role,
wait=False,
stack_name=None,
s3=s3,
s3_key_path=account_path,
file_path=None,
)
cloudformation.create_stack()
return parsed_event.create_output_object(cache)
def lambda_handler(event, _):
parameters = ParameterStore(region=REGION_DEFAULT, role=boto3)
account_id = event.get('detail').get('requestParameters').get('accountId')
organizations = Organizations(role=boto3, account_id=account_id)
parsed_event = Event(event=event,
parameter_store=parameters,
organizations=organizations,
account_id=account_id)
cache = Cache()
account_path = "ROOT" if parsed_event.moved_to_root else parsed_event.organizations.build_account_path(
parsed_event.destination_ou_id,
[], # Initial empty array to hold OU Path,
cache)
if parsed_event.moved_to_root or parsed_event.moved_to_protected:
return parsed_event.create_output_object(account_path)
parsed_event.set_destination_ou_name()
return parsed_event.create_output_object(account_path)
def cls_deployment_account():
parameter_store = Mock()
organizations = Mock()
parameter_store = Mock()
parameter_store.fetch_parameter.return_value = str(stub_event.config)
event = Event(
event=stub_event.event,
parameter_store=parameter_store,
organizations=organizations,
account_id=111111111111
)
event.deployment_account_region = os.environ["AWS_REGION"]
event.cross_account_access_role = 'OrganizationAccountAccessRole'
event.regions = ['eu-west-1', 'eu-central-1'] # Some example region
event.is_deployment_account = 1
event = event.create_output_object('/deployment')
return event
