def lambda_handler(event, context):
"""This is main lambda function"""
bucketName = event['detail']['requestParameters']['bucketName']
subscriberAccountId = event['account']
sessionName = context.function_name
cbcapMgmtRoleName = os.environ['mgmt_role_common_name']
s3 = get_aws_resource('s3', subscriberAccountId, cbcapMgmtRoleName,
sessionName)
if not encryption_enabled(bucketName, s3, subscriberAccountId):
encryption_status = enable_encryption(bucketName, s3,
subscriberAccountId)
if encryption_status:
logger.logDebug(
f'Lambda {sessionName} executed and {bucketName} in {subscriberAccountId} successfully encrypted'
)
else:
logger.logError(f'Lambda Execution Failed.')
def encryption_enabled(bucketName, s3, subscriberAccountId):
"""This function will return whether the Bucket is encrypted or not."""
try:
s3.get_bucket_encryption(Bucket=bucketName)
logger.logInfo(
f'S3 bucket: {bucketName} is already encrypted in Account number:{subscriberAccountId}'
)
return True
except botocore.exceptions.ClientError as error:
if 'ServerSideEncryptionConfigurationNotFoundError' in str(error):
return False
else:
logger.logError(
f'Bucket {bucketName} in {subscriberAccountId} not encrypted due to following error: \n {error}'
)
message = f'S3 Bucket {bucketName} in {subscriberAccountId} not encrypted due to following error: \n {error}'
logger.logDebug(f'sent error email')
notify_email(toEmail, fromEmail, message)
return True