def update(event, _):
old_properties = validate_properties(old_resource_properties(event))
properties = validate_properties(resource_properties(event))
parameter_name = cfn.physical_resource_id(event)
releases = cssm.fetch_json_parameter(ssm, parameter_name)
current_release_prefix = properties.current_release_prefix
if len(releases) > 1 \
and releases[0] == old_properties.current_release_prefix \
and releases[1] == current_release_prefix \
and cfn.is_stack_rollback_complete_cleanup_in_progress(cf, event):
# in the case of a stack rollback and swap of the 2 first releases, we just assume
# that it is update to rollback the resource itself.
releases.pop(0)
else:
# 1. we need to put the release into the list; if the release is already inside, we remove it. in any case,
# we put the release in front of the list.
try:
releases.remove(current_release_prefix)
except ValueError:
pass
releases.insert(0, current_release_prefix)
# 2. we cleanup old releases if we have gone over the parameterised count
while len(releases) > properties.release_count_number:
old_release_prefix = releases.pop()
delete_objects(properties.bucket, old_release_prefix)
put_json_parameter(parameter_name, releases)
return parameter_name
def check_certificate(event, round_index):
try:
properties = validate_properties(cfn.resource_properties(event))
certificate_arn = properties.certificate_arn
if event['RequestType'] == 'Delete':
cfn.send_success(event)
return True
event['PhysicalResourceId'] = certificate_arn
if round_index >= MAX_ROUND_COUNT:
cfn.send_failed(
event,
"certificate {} did not stablise".format(certificate_arn))
return True
acm = acm_service(certificate_arn)
certificate = acm.describe_certificate(CertificateArn=certificate_arn)
certificate_status = certificate['Certificate']['Status']
if certificate_status == 'ISSUED':
cfn.send_success(event)
return True
elif certificate_status == 'PENDING_VALIDATION':
return False
else:
cfn.send_failed(
event, 'the certificate {} is in invalid status {}.'.format(
certificate_arn, certificate_status))
return True
except Exception as e:
print(traceback.format_exc())
cfn.send_failed(event, "exception during checking: {}".format(str(e)))
return True
def create(event, _):
properties = validate_properties(resource_properties(event))
parameter_name = naming.s3_release_cleanup_parameter_name(
stack_arn=cfn.stack_id(event),
logical_resource_id=cfn.logical_resource_id(event))
put_json_parameter(parameter_name, [properties.current_release_prefix])
return parameter_name
def create(event, _):
properties = validate_properties(resource_properties(event))
certificate_arn = properties.custom_domain_config.certificate_arn
if certificate_arn is None:
out = idp.create_user_pool_domain(Domain=properties.domain,
UserPoolId=properties.user_pool_id)
else:
out = idp.create_user_pool_domain(
Domain=properties.domain,
UserPoolId=properties.user_pool_id,
CustomDomainConfig=properties.custom_domain_config)
cloudfront_domain = out.get('CloudFrontDomain')
if cloudfront_domain is None:
cloudfront_domain = ''
domain = properties.domain + '.auth.' + idp._client_config.region_name + '.amazoncognito.com'
else:
domain = properties.domain
helper.Data.update({
'UserPoolId': properties.user_pool_id,
'CloudFrontDomainName': cloudfront_domain,
'CloudFrontHostedZoneId': 'Z2FDTNDATAQYW2',
'Domain': domain
})
return properties.domain
def create(event, _):
properties = validate_properties(resource_properties(event))
physical_id = physical_resource_id(event, properties)
value = next_value(properties)
helper.Data.update({'ValueText': str(value), 'Value': value})
return physical_id
def create(event, _):
p = validate_properties(resource_properties(event))
parameter_name = naming.cog_cond_pre_auth_parameter_name(p.user_pool_id, p.user_pool_client_id)
parameter_value = json.dumps({'All': p.all, 'Domains': p.domains, 'Emails': p.emails})
put_string_parameter(ssm, parameter_name,
value=parameter_value,
description='Forge Cognito Pre Auth Settings Parameter')
return parameter_name
def create_certificate(sns_message_id, event):
if should_skip_message(sns_message_id, event):
return
properties = validate_properties(resource_properties(event))
cert_proc = CertificateProcessor(None, properties)
certificate_arn = cert_proc.create_certificate()
try:
cert_proc.create_record_set_group()
start_wait_state_machine(certificate_arn, sns_message_id, event)
except Exception as e:
raise CertificateError(certificate_arn) from e
def properties(event):
try:
p = Properties(physical_resource_id=physical_resource_id(event),
logical_resource_id=event['LogicalResourceId'],
stack_id=event['StackId'],
ordinal=resource_properties(event)['Ordinal'])
except KeyError as e:
raise ValueError('cloudformation event not valid') from e
if not p.ordinal:
raise ValueError('Ordinal is obligatory')
return p
def delete_certificate(event):
certificate_arn = cfn.physical_resource_id(event)
log.msg('deleting certificate', certificate_arn=certificate_arn)
# We delete only if the certificate has been properly created before.
if c.is_certificate_arn(certificate_arn):
properties = validate_properties(resource_properties(event))
cert_proc = CertificateProcessor(certificate_arn=certificate_arn,
properties=properties)
if not cfn.is_being_replaced(cf, event):
# This resource may create DNS Records that should be deleted as well. Also there is an SNS parameter
# to ensure that the resource is created only once (to handle possible SNS delivery duplication)
# these are deleted only if the resource is being deleted (the update function takes care of the DNS
# records if the resource is being replaced).
cert_proc.delete_record_set_group()
delete_sns_message_ssm_parameter(event)
cert_proc.delete_certificate()
cfn.send_success(event)
def update_certificate(sns_message_id, event):
if should_skip_message(sns_message_id, event):
return
new_properties = validate_properties(resource_properties(event))
old_properties = validate_properties(cfn.old_resource_properties(event))
certificate_arn = cfn.physical_resource_id(event)
if needs_new(event, old_properties, new_properties):
log.msg('new certificate needed',
stack_arn=cfn.stack_id(event),
logical_resource_id=cfn.logical_resource_id(event))
log.msg('delete old dns record', old_properties=old_properties)
cert_proc = CertificateProcessor(certificate_arn, old_properties)
cert_proc.delete_record_set_group()
create_certificate(sns_message_id, event)
else:
cert_proc = CertificateProcessor(certificate_arn, new_properties)
if safe_set(old_properties.tags) != safe_set(new_properties.tags):
cert_proc.update_tags()
if old_properties.with_caa != new_properties.with_caa:
if new_properties.with_caa:
cert_proc.create_caa_records()
else:
cert_proc.delete_caa_records()
cfn.send_success(event)
def delete(event, _):
properties = validate_properties(resource_properties(event))
if has_valid_physical_resource_id(
event, properties) and cfn.is_stack_delete_in_progress(cf, event):
delete_all_images(properties)
return cfn.physical_resource_id(event)
def create(event, _):
properties = validate_properties(resource_properties(event))
return physical_resource_id(event, properties)
def delete(event, _):
properties = validate_properties(resource_properties(event))
delete_user_pool_domain(properties)
return physical_resource_id(event)
def update(event, _):
properties = validate_properties(resource_properties(event))
swap_rules(properties)
return physical_resource_id(event, properties)
def create(event, _):
properties = validate_properties(resource_properties(event))
return put_sequence_parameter(properties)
def delete(event, _):
properties = validate_properties(resource_properties(event))
if has_valid_physical_resource_id(event, properties) and should_delete(event):
delete_objects(properties)
return cfn.physical_resource_id(event)
def create(event, _):
properties = validate_properties(resource_properties(event))
db_instances = rds.describe_db_instances(
DBInstanceIdentifier=properties.db_instance_identifier)
return db_instances['DBInstances'][0]['DbiResourceId']
def delete(event, _):
properties = validate_properties(resource_properties(event))
if cfn.is_being_replaced(cf, event):
swap_rules(properties)
return cfn.physical_resource_id(event)