def lambda_handler(event, _): parameters = ParameterStore(REGION_DEFAULT, boto3) account_id = event.get( 'detail').get( 'requestParameters').get('accountId') organizations = Organizations(boto3, account_id) parsed_event = Event(event, parameters, organizations, account_id) cache = Cache() if parsed_event.moved_to_root or parsed_event.moved_to_protected: return parsed_event.create_output_object(cache) parsed_event.set_destination_ou_name() sts = STS(boto3) role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}'.format( parsed_event.account_id, parsed_event.cross_account_access_role ), 'master_lambda' ) if parsed_event.is_deployment_account: update_master_account_parameters(parsed_event, parameters) configure_deployment_account(parsed_event, role) s3 = S3(REGION_DEFAULT, boto3, S3_BUCKET) account_path = parsed_event.organizations.build_account_path( parsed_event.destination_ou_id, [], # Initial empty array to hold OU Path, cache, ) for region in list(set([parsed_event.deployment_account_region] + parsed_event.regions)): if not parsed_event.is_deployment_account: configure_generic_account(sts, parsed_event, region, role) cloudformation = CloudFormation( region=region, deployment_account_region=parsed_event.deployment_account_region, role=role, wait=False, stack_name=None, s3=s3, s3_key_path=account_path, file_path=None, ) cloudformation.create_stack() return parsed_event.create_output_object(cache)
def lambda_handler(event, _): parameters = ParameterStore(region=REGION_DEFAULT, role=boto3) account_id = event.get('detail').get('requestParameters').get('accountId') organizations = Organizations(role=boto3, account_id=account_id) parsed_event = Event(event=event, parameter_store=parameters, organizations=organizations, account_id=account_id) cache = Cache() account_path = "ROOT" if parsed_event.moved_to_root else parsed_event.organizations.build_account_path( parsed_event.destination_ou_id, [], # Initial empty array to hold OU Path, cache) if parsed_event.moved_to_root or parsed_event.moved_to_protected: return parsed_event.create_output_object(account_path) parsed_event.set_destination_ou_name() return parsed_event.create_output_object(account_path)
def cls_deployment_account(): parameter_store = Mock() organizations = Mock() parameter_store = Mock() parameter_store.fetch_parameter.return_value = str(stub_event.config) event = Event( event=stub_event.event, parameter_store=parameter_store, organizations=organizations, account_id=111111111111 ) event.deployment_account_region = os.environ["AWS_REGION"] event.cross_account_access_role = 'OrganizationAccountAccessRole' event.regions = ['eu-west-1', 'eu-central-1'] # Some example region event.is_deployment_account = 1 event = event.create_output_object('/deployment') return event