""" import json import logging import os import boto3 from crhelper import CfnResource # Setup Default Logger logger = logging.getLogger(__name__) logger.setLevel(logging.INFO) logger.setLevel(os.environ.get("LOG_LEVEL", logging.ERROR)) # Initialize the helper helper = CfnResource(json_logging=False, log_level="DEBUG", boto_level="CRITICAL") try: ds_client = boto3.client("ds") secretsmanager_client = boto3.client("secretsmanager") except Exception as error: helper.init_failure(error) def get_adconnector_parameters(params: dict) -> dict: """Creates a parameters dictionary for the ds:connect_directory API call to create AD Connector. Args: params: event resource properties
import json import yaml import boto3 from crhelper import CfnResource import logging import cfnresponse logger = logging.getLogger(__name__) # Initialise the custom_resource_helper, all inputs are optional, this example shows the defaults custom_resource_helper = CfnResource(json_logging=False, log_level='WARN', boto_level='WARN', sleep_on_delete=30) try: ## Init code goes here def read_component_yaml(component_yaml): with open(component_yaml, 'r') as file: return yaml.safe_load(file) def get_existing_component(ib, platform, component_config): existing_component = ib.list_components( owner='Self', filters=[{ 'name': 'name', 'values': [component_config.get('name')] }, { 'name': 'platform', 'values': [platform] }]) if len(existing_component.get('componentVersionList')) > 0:
import boto3 from crhelper import CfnResource from decorators import with_logging helper = CfnResource(json_logging=False, log_level='DEBUG', boto_level='CRITICAL') s3_client = boto3.client("s3") @with_logging @helper.create @helper.update def create(event, context): props = event.get('ResourceProperties', None) version = props.get("Version") destination_artefact = props.get("ArtefactName") destination_bucket = props.get("CodeBuildArtefactBucket") source_bucket = props.get("PreBuiltArtefactsBucket") source_artefact = "{}/amazon-s3-find-and-forget/{}/build.zip".format(source_bucket, version) s3_client.copy_object( Bucket=destination_bucket, CopySource=source_artefact, Key=destination_artefact ) return "arn:aws:s3:::{}/{}".format(destination_bucket, destination_artefact) @with_logging
import logging import threading from botocore.vendored import requests import boto3 import subprocess import shlex import os import string import random import re from crhelper import CfnResource import logging import string logger = logging.getLogger(__name__) helper = CfnResource(json_logging=True, log_level='DEBUG') try: s3_client = boto3.client('s3') kms_client = boto3.client('kms') except Exception as e: helper.init_failure(e) def rand_string(l): return ''.join(random.choice(string.ascii_lowercase) for _ in range(l)) def run_command(command): logger.debug("executing command: %s" % command) e = None
from __future__ import print_function from crhelper import CfnResource import boto3 import logging logger = logging.getLogger(__name__) # Initialise the helper, all inputs are optional, this example shows the defaults helper = CfnResource(json_logging=False, log_level='DEBUG', boto_level='CRITICAL', sleep_on_delete=120, ssl_verify=None) try: ## Init code goes here connect = boto3.client('connect') pass except Exception as e: helper.init_failure(e) @helper.create def create(event, context): logger.info("[Event] %s", event) response = connect.create_user( Username='******', Password='******', IdentityInfo={ 'FirstName': 'Admin', 'LastName': 'istrator',
from crhelper import CfnResource from concurrent.futures import ThreadPoolExecutor, as_completed from time import time as now # Setup Default Logger logging.basicConfig(level=logging.DEBUG) logger = logging.getLogger(__name__) """ The purpose of this script is to configure GuardDuty within the delegated administrator account in all provided regions to add existing accounts, enable new accounts automatically, and publish findings to an S3 bucket. """ # Initialise the helper, all inputs are optional, this example shows the defaults helper = CfnResource(json_logging=False, log_level="INFO", boto_level="CRITICAL") CLOUDFORMATION_PARAMETERS = [ "AUTO_ENABLE_S3_LOGS", "AWS_PARTITION", "CONFIGURATION_ROLE_NAME", "DELEGATED_ADMIN_ACCOUNT_ID", "DELETE_DETECTOR_ROLE_NAME", "ENABLED_REGIONS", "FINDING_PUBLISHING_FREQUENCY", "KMS_KEY_ARN", "PUBLISHING_DESTINATION_BUCKET_ARN" ] SERVICE_ROLE_NAME = "AWSServiceRoleForAmazonGuardDuty" SERVICE_NAME = "guardduty.amazonaws.com" PAGE_SIZE = 20 # Max page size for list_accounts MAX_RUN_COUNT = 18 # 3 minute wait = 18 x 10 seconds SLEEP_SECONDS = 10 MAX_THREADS = 10 STS_CLIENT = boto3.client('sts')
# the License. A copy of the License is located at # # http://aws.amazon.com/apache2.0/ # # or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and # limitations under the License. import logging import time import boto3 from botocore.config import Config from crhelper import CfnResource helper = CfnResource(json_logging=False, log_level="INFO", boto_level="ERROR", sleep_on_delete=0) logger = logging.getLogger(__name__) boto3_config = Config(retries={"max_attempts": 60}) @helper.create @helper.delete def no_op(_, __): pass @helper.update def update(event, _): updated_config_version = event["ResourceProperties"]["ConfigVersion"] logging.info("Updated config version: %s", updated_config_version)
import boto3 from crhelper import CfnResource import logging from datetime import datetime logger = logging.getLogger() logger.setLevel(logging.WARNING) helper = CfnResource(json_logging=False, log_level='DEBUG') client = boto3.client('serverlessrepo') def launch_stack(event): helper.Status = "SUCCESS" props = event.get("ResourceProperties") template_params = props.get("Parameters") stackname = props.get("StackName") response = client.create_cloud_formation_template( ApplicationId=props.get("ApplicationId"), SemanticVersion=props.get("SemanticVersion")) template_url = response.get("TemplateUrl") cfn = boto3.client('cloudformation') current_ts = datetime.now().isoformat().split('.')[0].replace(':', '-') #stackname = stackname + current_ts capabilities = ['CAPABILITY_IAM', 'CAPABILITY_AUTO_EXPAND'] try: stackdata = cfn.create_stack(StackName=stackname, DisableRollback=False, TemplateURL=template_url, Parameters=template_params, Capabilities=capabilities)
import boto3 import logging from crhelper import CfnResource logger = logging.getLogger(__name__) helper = CfnResource(polling_interval=1) try: pass except Exception as e: helper.init_failure(e) def start_build(project_name, environment_variables_override): codebuild = boto3.client("codebuild") bootstrapper_build = codebuild.start_build( projectName=project_name, environmentVariablesOverride=environment_variables_override, ).get("build") return bootstrapper_build.get("id") def get_details_needed_for_build(event): request_type = event["RequestType"] properties = event.get("ResourceProperties") if request_type in ["Create", "Update"]: project_name = properties.get("CreateUpdateProject") else: project_name = properties.get("DeleteProject")
import logging import time import boto3 from crhelper import CfnResource logger = logging.getLogger(__name__) helper = CfnResource(json_logging=True, log_level='INFO') STATUS_IN_PROGRESS = 'InProgress' CLUSTER_LOGGING_TYPES = ["api", "audit", "authenticator", "controllerManager", "scheduler"] try: eks_client = boto3.client('eks') except Exception as init_exception: helper.init_failure(init_exception) @helper.create @helper.update def create_update_handler(event, _): """ Handler for create and update actions. """ logger.debug("Event info %s", event) props = event['ResourceProperties'] update_type = props['clusterUpdateType'] logger.info("Update type %s", update_type)
"""Elasticsearch Domain Snapshot Repository Lambda Executes Lambda Function to create a new Elasticsearch Domain Snapshot Repository """ from elasticsearch.exceptions import ConnectionError, ConnectionTimeout, NotFoundError from elasticsearch import Elasticsearch, RequestsHttpConnection from requests_aws4auth import AWS4Auth from crhelper import CfnResource import logging import boto3 import os helper = CfnResource(json_logging=True, log_level='INFO', boto_level='CRITICAL') def handler(event: dict, context: dict) -> None: """AWS Lambda function handler - Elasticsearch Domain Snapshot Repository function :type: dict :param: event: aws cloudformation custom resource event :type: dict :param: context: aws lambda function environment context :rtype: None """ logger: logging.Logger = log(__name__.upper()) logger.info(f'EVENT: {event}') helper(event, context)
from crhelper import CfnResource import logging import cslog log = cslog.logger(__name__) import ipaddress from aws_xray_sdk import global_sdk_config global_sdk_config.set_sdk_enabled(False) # Disable xray import config as Cfg import debug as Dbg import misc # Initialise the helper, all inputs are optional, this example shows the defaults helper = CfnResource(json_logging=True, log_level='DEBUG', boto_level='CRITICAL', sleep_on_delete=120) try: ## Init code goes here pass except Exception as e: helper.init_failure(e) def get_policy_content(url, account_id, region, api_gw_id=None): content = misc.get_url(url) if content is None: raise ValueError("Failed to load specified GWPolicyUrl '%s'!" % url) log.info(f"Success for get URL {url} : %s" % str(content, "utf-8")) try:
from controltowersetup import ( AccessAnalyzer, GuardDuty, Macie, Organizations, RAM, ServiceCatalog, ) warnings.filterwarnings("ignore", "No metrics to publish*") tracer = Tracer() logger = Logger() metrics = Metrics() helper = CfnResource(json_logging=True, log_level="INFO", boto_level="INFO") CT_AUDIT_ACCOUNT_NAME = "Audit" SERVICE_ACCESS_PRINCIPALS = { "backup.amazonaws.com", "config.amazonaws.com", "config-multiaccountsetup.amazonaws.com", "guardduty.amazonaws.com", "macie.amazonaws.com", } DELEGATED_ADMINISTRATOR_PRINCIPALS = { "access-analyzer.amazonaws.com", "config-multiaccountsetup.amazonaws.com", "guardduty.amazonaws.com", "macie.amazonaws.com",
Lex bot Associated Lex Intents Associated Lex Slot Types """ import os import logging import json import time import boto3 from botocore import exceptions as botocore_exceptions from boto3 import exceptions as boto3_exceptions from crhelper import CfnResource logger = logging.getLogger(__name__) helper = CfnResource(json_logging=False, log_level='DEBUG', boto_level='CRITICAL', sleep_on_delete=120) try: lex_client = boto3.client('lex-models', os.environ['AWS_REGION']) s3_resource = boto3.resource('s3') SLEEP_TIME = 10 except (botocore_exceptions.BotoCoreError, botocore_exceptions.ClientError, boto3_exceptions.Boto3Error) as exception: helper.init_failure(exception) def check_required_properties(dictionary, key): """ Check if a key is present in dictionary, otherwise raise KeyError stating "key is a required property"
import os import boto3 import logging import urllib.request from crhelper import CfnResource from distutils import util logger = logging.getLogger(__name__) logger.setLevel(logging.INFO) helper = CfnResource(json_logging=True, log_level='DEBUG', boto_level='CRITICAL', sleep_on_delete=120) def assume_role(accountId, region): sts = boto3.client("sts") identity = sts.get_caller_identity() if identity["Account"] == accountId: logger.warning(f"Already in Account '{accountId}', not assuming role...") return boto3.Session(region_name=region) credentials = sts.assume_role(RoleArn=f"arn:aws:iam::{accountId}:role/OrganizationAccountAccessRole", RoleSessionName="IAMSAMLProvider") logger.info(f"Assumed OrganizationAccountAccessRole in {accountId} for access key: {credentials['Credentials']['AccessKeyId']}") assumed = boto3.Session( aws_access_key_id=credentials["Credentials"]["AccessKeyId"], aws_secret_access_key=credentials["Credentials"]["SecretAccessKey"], aws_session_token=credentials["Credentials"]["SessionToken"], region_name=region )
# # # Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance # # with the License. A copy of the License is located at # # # # http://www.apache.org/licenses/LICENSE-2.0 # # # # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES # # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions # # and limitations under the License. # ###################################################################################################################### import boto3, logging from crhelper import CfnResource client_kinesis_analytics = boto3.client('kinesisanalyticsv2') helper = CfnResource(json_logging=True) logger = logging.getLogger(__name__) def _filter_empty_items(str_list): return list(filter(None, str_list)) def _get_application_details(application_name): response = client_kinesis_analytics.describe_application(ApplicationName=application_name) application_detail = response['ApplicationDetail'] description = application_detail['ApplicationConfigurationDescription'] if 'VpcConfigurationDescriptions' in description: existing = description['VpcConfigurationDescriptions'] vpc_config_id = existing[0]['VpcConfigurationId'] else: vpc_config_id = None
from __future__ import print_function from crhelper import CfnResource import logging import boto3 logger = logging.getLogger(__name__) # Initialise the helper, all inputs are optional, this example shows the defaults helper = CfnResource() try: ## Init code goes here pass except Exception as e: helper.init_failure(e) @helper.create @helper.update def create(event, context): logger.info("Got Create") bucket = event['ResourceProperties']['BucketName'] logger.info(bucket) logger.info("Above bucket created") @helper.delete def delete(event, context): logger.info("Got Delete") try: bucket = event['ResourceProperties']['BucketName'] logger.info(bucket)
import logging import boto3 from botocore.exceptions import ClientError from crhelper import CfnResource import CFrontClasses from str2bool import str2bool logger = logging.getLogger(__name__) # Initialise the helper, all inputs are optional, this example shows the defaults helper = CfnResource(json_logging=False, log_level='DEBUG', boto_level='CRITICAL') CFN_STATES = { "failed": [ "CREATE_FAILED", "ROLLBACK_IN_PROGRESS", "ROLLBACK_FAILED", "ROLLBACK_COMPLETE", "DELETE_FAILED", "UPDATE_ROLLBACK_IN_PROGRESS", "UPDATE_ROLLBACK_FAILED", "UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS", "UPDATE_ROLLBACK_COMPLETE" ], "in_progress": [ "CREATE_IN_PROGRESS", "DELETE_IN_PROGRESS", "UPDATE_IN_PROGRESS", "UPDATE_COMPLETE_CLEANUP_IN_PROGRESS", "InProgress" ], "success": ["CREATE_COMPLETE", "DELETE_COMPLETE", "UPDATE_COMPLETE", "Deployed"] } EXPECTED_CREATE_RESPONSE_KEYS = [{ "Distribution":
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # import boto3, json, time, os, logging, botocore, uuid from crhelper import CfnResource from botocore.exceptions import ClientError logger = logging.getLogger() logger.setLevel(logging.INFO) logging.getLogger('boto3').setLevel(logging.CRITICAL) logging.getLogger('botocore').setLevel(logging.CRITICAL) session = boto3.Session() helper = CfnResource(json_logging=False, log_level='INFO', boto_level='CRITICAL', sleep_on_delete=15) @helper.create @helper.update # This module perform the following: # 1. attempt to create stackset if one does not exist # 2. attempt to deploy stackset instance to target accounts def create(event, context): logger.info(json.dumps(event)) try: firstLaunch = False stackSetName = os.environ['stackSetName'] stackSetUrl = os.environ['stackSetUrl'] newRelicAccId = os.environ['newRelicAccId']
import json import logging import boto3 from crhelper import CfnResource logger = logging.getLogger(__name__) helper = CfnResource(json_logging=False, log_level="DEBUG", boto_level="CRITICAL") client = boto3.client("iam") dms_vpc_role = "dms-vpc-role" dms_cloudwatch_logs_role = "dms-cloudwatch-logs-role" dms_access_for_endpoint = "dms-access-for-endpoint" dms_vpc_policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole" dms_cloudwatch_logs_policy_arn = ( "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole") dms_access_for_endpoint_policy_arn = ( "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role") dms_assume_role_policy_01 = { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "dms.amazonaws.com" }, "Action": "sts:AssumeRole", }],
# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance # # with the License. A copy of the License is located at # # # # http://www.apache.org/licenses/LICENSE-2.0 # # # # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES # # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions # # and limitations under the License. # # ##################################################################################################################### from uuid import uuid4 as uuid from crhelper import CfnResource DEFAULT_LENGTH = 32 helper = CfnResource(log_level="INFO") @helper.create def generate_name(event, _): """ Generate a physical resource ID limited in length to event['Length'] :param event: The CloudFormation custom resource event :return: PhysicalResourceId """ length = DEFAULT_LENGTH try: length = int(event.get("Length", DEFAULT_LENGTH)) except ValueError: pass # use DEFAULT_LENGTH if the length doesn't convert to an int
from __future__ import print_function import logging import boto3 from crhelper import CfnResource logger = logging.getLogger(__name__) helper = CfnResource(json_logging=False, log_level="DEBUG", boto_level="CRITICAL", sleep_on_delete=120) fsx = boto3.client("fsx") @helper.create def create(event, context): logger.info("Got Create") properties = event.get("ResourceProperties", {}) fsx_id = properties.get("FSxFileSystemId") dns_name, private_ip = _fsx_describe_file_systems(fsx_id) helper.Data.update({"FSxDNSName": dns_name, "FSxPrivateIP": private_ip}) @helper.update def update(event, context): logger.info("Got Update")
#!/usr/bin/env python """ Function to generate a random string author: [email protected] license: Apache 2.0 """ import random import string from crhelper import CfnResource CRHELPER = CfnResource() """ Run on Create and Update """ @CRHELPER.create @CRHELPER.update def _generate_random_string(event, _): if event["ResourceProperties"]["Length"] is not None: _length = int(event["ResourceProperties"]["Length"]) else: _length = 8 _seed = f"{string.ascii_letters}{string.digits}" _generated_string = "".join(random.choice(_seed) for x in range(_length))
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 import json import os import time import logging import boto3 from crhelper import CfnResource from botocore.exceptions import ClientError logger = logging.getLogger() logger.setLevel(logging.INFO) helper = CfnResource() # Setup Clients personalize = boto3.client('personalize') ssm = boto3.client('ssm') iam = boto3.client('iam') schemas_to_delete = [ 'retaildemostore-schema-users', 'retaildemostore-schema-items', 'retaildemostore-schema-interactions', 'retaildemostore-event-schema' ] def get_dataset_arn(dataset_group_name): dataset_group_arn = None dataset_groups_paginator = personalize.get_paginator('list_dataset_groups')
# # # http://www.apache.org/licenses/LICENSE-2.0 # # # # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES # # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions # # and limitations under the License. # ###################################################################################################################### import boto3, logging, os, json from crhelper import CfnResource from botocore import config config = config.Config(**json.loads(os.environ['AWS_SDK_USER_AGENT'])) client_secrets_manager = boto3.client('secretsmanager', config=config) helper = CfnResource(json_logging=True, log_level='INFO') def _get_key_arn_for_secret(secret_arn): ''' There are some requirements when using SCRAM authentication with Amazon MSK: https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html#msk-password-limitations This custom resource checks for those limitations, and returns the KmsKeyId (which will be used on the Lambda role policy). ''' describe_response = client_secrets_manager.describe_secret( SecretId=secret_arn) if not describe_response['Name'].startswith('AmazonMSK_'): raise Exception(
import boto3 import common from crhelper import CfnResource if TYPE_CHECKING: from mypy_boto3_s3control.client import S3ControlClient from mypy_boto3_ssm.client import SSMClient # Setup Default Logger LOGGER = logging.getLogger("sra") log_level = os.environ.get("LOG_LEVEL", logging.ERROR) LOGGER.setLevel(log_level) # Initialize the helper. `sleep_on_delete` allows time for the CloudWatch Logs to get captured. helper = CfnResource(json_logging=True, log_level=log_level, boto_level="CRITICAL", sleep_on_delete=120) # Global Variables MAX_THREADS = 10 SSM_PARAMETER_PREFIX = os.environ.get("SSM_PARAMETER_PREFIX", "/sra/s3-block-account-public-access") UNEXPECTED = "Unexpected!" try: MANAGEMENT_ACCOUNT_SESSION = boto3.Session() except Exception: LOGGER.exception(UNEXPECTED) raise ValueError( "Unexpected error executing Lambda function. Review CloudWatch logs for details." ) from None
# http://www.apache.org/licenses/LICENSE-2.0 # # # # or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES # # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions # # and limitations under the License. # ###################################################################################################################### import logging from crhelper import CfnResource from shared_util import custom_logging from util.quicksight import QuicksightApi logger = custom_logging.get_logger(__name__) helper = CfnResource(json_logging=False, log_level="INFO") def get_resource_propertices(event): logger.debug(f"servicing request event:{event}") request_type = event["RequestType"] resource_properties = event["ResourceProperties"] resource = resource_properties["Resource"] logger.info( f"servicing request request_type:{request_type} resource:{resource}") return resource_properties def log_exception(error): """