def _generate_template(portfolio, product, lambda_arn, uuid):
region_list = get_available_regions('ec2')
if os.path.isfile(os.path.join(manifest_folder, product.skeleton_file)):
portfolio_index = manifest.portfolios.index(portfolio)
product_index = manifest.portfolios[portfolio_index].products.index(
product)
product_name = manifest.portfolios[portfolio_index].products[
product_index].name
logger.info("Generating the product template for {} from {}".format(
product_name, os.path.join(manifest_folder,
product.skeleton_file)))
j2loader = jinja2.FileSystemLoader(manifest_folder)
j2env = jinja2.Environment(loader=j2loader)
j2template = j2env.get_template(product.skeleton_file)
j2result = j2template.render(manifest=manifest,
portfolio_index=portfolio_index,
product_index=product_index,
lambda_arn=lambda_arn,
uuid=uuid,
regions=region_list)
generated_avm_template = os.path.join(
manifest_folder, product.skeleton_file + ".template")
template_copy = os.path.join(manifest_folder,
product.skeleton_file + ".template.copy")
logger.info("Writing the generated product template to {}".format(
generated_avm_template))
with open(generated_avm_template, "w") as fh, open(template_copy,
"w") as copy:
fh.write(j2result)
copy.write(j2result)
return generated_avm_template
else:
logger.error(
"Missing skeleton_file for portfolio:{} and product:{} in Manifest file"
.format(portfolio.name, product.name))
sys.exit(1)
def config_deployer(event):
try:
s3 = S3(logger)
# set variables
source_bucket_name = event.get('bucket_config',
{}).get('source_bucket_name')
key_name = event.get('bucket_config', {}).get('source_s3_key')
destination_bucket_name = event.get('bucket_config',
{}).get('destination_bucket_name')
input_zip_file_name = key_name.split(
"/")[-1] if "/" in key_name else key_name
output_zip_file_name = event.get('bucket_config',
{}).get('destination_s3_key')
alias_name = event.get('kms_config', {}).get('kms_key_alias')
policy = event.get('kms_config', {}).get('kms_key_policy')
flag_value = event.get('metrics_flag')
base_path = '/tmp/lz'
input_file_path = base_path + "/" + input_zip_file_name
extract_path = base_path + "/" + 'extract'
output_path = base_path + "/" + 'out'
exclude_j2_files = []
# Check if the emails are Unique
unique_email_validator(event.get('email_list'))
# Search for existing KMS key alias
key_id = find_alias(alias_name)
# if alias name not found in the list, create a new alias with new target key
if not key_id:
key_id = create_cmk_with_alias(alias_name, policy)
logger.info('Key ID created: {}'.format(key_id))
else:
logger.info('Key ID: {} found attached with alias: {}'.format(
key_id, alias_name))
logger.info('Updating KMS key policy')
update_key_policy(key_id, policy)
# Encrypt configuration bucket
s3.put_bucket_encryption(destination_bucket_name, key_id)
# Download the file from Solutions S3 bucket
make_dir(base_path)
s3.download_file(source_bucket_name, key_name, input_file_path)
# Unzip the config zip file
unzip_function(input_zip_file_name, base_path, extract_path)
# Find and replace the variable in Manifest file
for item in event.get('find_replace'):
f = item.get('file_name')
parameters = item.get('parameters')
if f == 'manifest.yaml.j2':
parameters['guardduty_region_list'] = get_available_regions(
'guardduty')
parameters['config_region_list'] = get_available_regions(
'config')
parameters['sns_region_list'] = get_available_regions('sns')
parameters.update({
'nested_ou_delimiter':
update_alphanum_with_char(
parameters.get('nested_ou_delimiter'))
})
exclude_j2_files.append(f)
filename, file_extension = os.path.splitext(f)
destination_file_path = extract_path + "/" + filename if file_extension == '.j2' else extract_path + "/" + f
find_replace(extract_path, f, destination_file_path, parameters)
# Zip the contents
exclude = ['zip'] + exclude_j2_files
make_dir(output_path)
zip_function(output_zip_file_name, extract_path, output_path, exclude)
# Upload the file in the customer S3 bucket
local_file = output_path + "/" + output_zip_file_name
remote_file = output_zip_file_name
s3.upload_file(destination_bucket_name, local_file, remote_file)
# create SSM parameters to send anonymous data if opted in
put_ssm_parameter('/org/primary/metrics_flag', flag_value)
put_ssm_parameter('/org/primary/customer_uuid', str(uuid4()))
return None
except Exception as e:
message = {
'FILE': __file__.split('/')[-1],
'METHOD': inspect.stack()[0][3],
'EXCEPTION': str(e)
}
logger.exception(message)
raise