def lambda_handler(event, _):
sts = STS()
role = sts.assume_cross_account_role(
'arn:aws:iam::{0}:role/{1}'.format(event["account_id"],
event["cross_account_access_role"]),
'master_lambda')
if event['is_deployment_account']:
configure_master_account_parameters(event)
configure_deployment_account_parameters(event, role)
s3 = S3(region=REGION_DEFAULT, bucket=S3_BUCKET)
for region in list(
set([event["deployment_account_region"]] + event["regions"])):
if not event["is_deployment_account"]:
configure_generic_account(sts, event, region, role)
cloudformation = CloudFormation(
region=region,
deployment_account_region=event["deployment_account_region"],
role=role,
wait=True,
stack_name=
None, # Stack name will be automatically defined based on event
s3=s3,
s3_key_path=event["full_path"],
account_id=event["account_id"])
if is_inter_ou_account_move(event):
cloudformation.delete_all_base_stacks(True) #override Wait
cloudformation.create_stack()
if region == event["deployment_account_region"]:
cloudformation.create_iam_stack()
return event
def worker_thread(sts, region, account_id, role, event):
partition = get_partition(REGION_DEFAULT)
role = sts.assume_cross_account_role(
f'arn:{partition}:iam::{account_id}:role/{role}', 'remove_base')
parameter_store = ParameterStore(region, role)
paginator = parameter_store.client.get_paginator('describe_parameters')
page_iterator = paginator.paginate()
for page in page_iterator:
for parameter in page['Parameters']:
if 'Used by The AWS Deployment Framework' in parameter.get(
'Description', ''):
parameter_store.delete_parameter(parameter.get('Name'))
cloudformation = CloudFormation(
region=region,
deployment_account_region=event.get('deployment_account_region'),
role=role,
wait=True,
stack_name=None,
s3=None,
s3_key_path=None,
account_id=account_id)
return cloudformation.delete_all_base_stacks()
def worker_thread(sts, region, account_id, role, event):
role = sts.assume_cross_account_role(
'arn:aws:iam::{0}:role/{1}'.format(account_id, role), 'remove_base')
cloudformation = CloudFormation(
region=region,
deployment_account_region=event.get('deployment_account_region'),
role=role,
wait=True,
stack_name=None,
s3=None,
s3_key_path=None)
return cloudformation.delete_all_base_stacks()
def worker_thread(sts, region, account_id, role, event):
role = sts.assume_cross_account_role(
'arn:aws:iam::{0}:role/{1}'.format(account_id, role),
'remove_base')
parameter_store = ParameterStore(region, role)
parameters = [param['Name'] for param in parameter_store.client.describe_parameters()['Parameters'] if 'Used by The AWS Deployment Framework' in param['Description']]
for parameter in parameters:
parameter_store.delete_parameter(parameter)
cloudformation = CloudFormation(
region=region,
deployment_account_region=event.get('deployment_account_region'),
role=role,
wait=True,
stack_name=None,
s3=None,
s3_key_path=None,
account_id=account_id
)
return cloudformation.delete_all_base_stacks()