def lambda_handler(event, _):
    parameters = ParameterStore(REGION_DEFAULT, boto3)
    account_id = event.get(
        'detail').get(
            'requestParameters').get('accountId')
    organizations = Organizations(boto3, account_id)
    parsed_event = Event(event, parameters, organizations, account_id)
    cache = Cache()

    if parsed_event.moved_to_root or parsed_event.moved_to_protected:
        return parsed_event.create_output_object(cache)

    parsed_event.set_destination_ou_name()

    sts = STS(boto3)
    role = sts.assume_cross_account_role(
        'arn:aws:iam::{0}:role/{1}'.format(
            parsed_event.account_id,
            parsed_event.cross_account_access_role
        ), 'master_lambda'
    )

    if parsed_event.is_deployment_account:
        update_master_account_parameters(parsed_event, parameters)
        configure_deployment_account(parsed_event, role)

    s3 = S3(REGION_DEFAULT, boto3, S3_BUCKET)

    account_path = parsed_event.organizations.build_account_path(
        parsed_event.destination_ou_id,
        [],  # Initial empty array to hold OU Path,
        cache,
    )

    for region in list(set([parsed_event.deployment_account_region] + parsed_event.regions)):
        if not parsed_event.is_deployment_account:
            configure_generic_account(sts, parsed_event, region, role)
        cloudformation = CloudFormation(
            region=region,
            deployment_account_region=parsed_event.deployment_account_region,
            role=role,
            wait=False,
            stack_name=None,
            s3=s3,
            s3_key_path=account_path,
            file_path=None,
        )
        cloudformation.create_stack()

    return parsed_event.create_output_object(cache)
def lambda_handler(event, _):
    parameters = ParameterStore(region=REGION_DEFAULT, role=boto3)
    account_id = event.get('detail').get('requestParameters').get('accountId')
    organizations = Organizations(role=boto3, account_id=account_id)
    parsed_event = Event(event=event,
                         parameter_store=parameters,
                         organizations=organizations,
                         account_id=account_id)
    cache = Cache()

    account_path = "ROOT" if parsed_event.moved_to_root else parsed_event.organizations.build_account_path(
        parsed_event.destination_ou_id,
        [],  # Initial empty array to hold OU Path,
        cache)

    if parsed_event.moved_to_root or parsed_event.moved_to_protected:
        return parsed_event.create_output_object(account_path)

    parsed_event.set_destination_ou_name()

    return parsed_event.create_output_object(account_path)
예제 #3
0
def cls_deployment_account():
    parameter_store = Mock()
    organizations = Mock()

    parameter_store = Mock()
    parameter_store.fetch_parameter.return_value = str(stub_event.config)

    event =  Event(
        event=stub_event.event,
        parameter_store=parameter_store,
        organizations=organizations,
        account_id=111111111111
    )
    event.deployment_account_region = os.environ["AWS_REGION"]
    event.cross_account_access_role = 'OrganizationAccountAccessRole'
    event.regions = ['eu-west-1', 'eu-central-1'] # Some example region
    event.is_deployment_account = 1
    event = event.create_output_object('/deployment')
    return event