def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
dynamodb_client = boto3.client('dynamodb')
orgs_client = octopus.assume_role(event['payer_id'], 'octopus_svc',
'listlinkedaccounts',
'organizations', 'us-east-1')
account = orgs_client.describe_account(AccountId=event['Id'])
insert = dynamodb_client.put_item(
TableName=environ['dynamoDbTable'],
Item={
'Id': {
'S': account['Account']['Id']
},
'Name': {
'S': account['Account']['Name']
},
'Email': {
'S': account['Account']['Email']
},
'Arn': {
'S': account['Account']['Arn']
},
'Status': {
'S': account['Account']['Status']
},
'JoinedMethod': {
'S': account['Account']['JoinedMethod']
},
},
ReturnConsumedCapacity='TOTAL')
print(insert)
return insert
def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
var_list = [{
'account_alias': event['Name']
}, {
'accountid': event['Id']
}, {
'cloudtrail': event['cloudtrail']
}, {
'intranetIP': event['intranetIP']
}, {
'company_name': environ['company_name']
}, {
"mngt_account_id": environ['mngt_account_id']
}]
set_env = octopus.set_env_for_tf(
event['Environment'], environ['terraform_config_bucket'],
octopus.get_tf_files(event['Id'], environ['table_name']), var_list)
if set_env == True:
octopus.setup_terraform(environ['backend_bucket'],
environ['dynamodb_table'],
environ['kms_key_id'],
event['Environment'],
environ['terraform_config_bucket'])
popen(' rm -rf /tmp/*').read()
def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
iam_client = octopus.assume_role(event['Id'], event['role_name'],
event['session_name'], 'iam',
'us-east-1')
key_pair = iam_client.create_access_key(UserName=event['username'])
print(key_pair['ResponseMetadata'])
return key_pair
def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
iam_client = octopus.assume_role(event['Id'], event['role_name'],
event['session_name'], 'iam',
'us-east-1')
delete_key_pair = iam_client.delete_access_key(
UserName=event['username'], AccessKeyId=event['access_key'])
print(delete_key_pair)
def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
iam_client = octopus.assume_role(event['Id'], event['role_name'],
event['session_name'], 'iam',
'us-east-1')
console_access = iam_client.create_login_profile(
UserName=event['username'],
Password=event['password'],
PasswordResetRequired=True)
print(console_access)
def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
dynamodb_client = boto3.client('dynamodb')
insert = dynamodb_client.put_item(TableName=environ['dynamoDbTable'],
Item={
'Id': {
'S': event['Id']
},
'config_files': {
'L': event['config_files']
},
},
ReturnConsumedCapacity='TOTAL')
return 'inserted Item: %s' % insert
def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
orgs_client = boto3.client('organizations')
dynamodb_client = boto3.client(
'dynamodb',
region_name='us-east-1')
lambda_client = boto3.client('lambda')
linked_accounts = orgs_client.list_accounts()
accounts = linked_accounts['Accounts']
print(linked_accounts)
print()
while linked_accounts['NextToken']:
token=linked_accounts['NextToken']
linked_accounts = orgs_client.list_accounts(
NextToken=token
)
accounts.extend(linked_accounts['Accounts'])
print(linked_accounts)
print()
if 'NextToken' not in linked_accounts:
break
print('Done... Showing accounts:')
print(accounts)
print ('A total of %s accounts are linked to your payer account...\
' % (len(accounts)))
print()
for account in accounts:
item = dynamodb_client.get_item(
TableName= environ['table_name'],
Key={
'Id': {
'S': account['Id']
}
},
ReturnConsumedCapacity='TOTAL',
ConsistentRead=True
)
print('account:')
print(account)
print('item:')
print(item)
print()
if 'Item' in item and \
'Arn' in item['Item'] and \
'Email' in item['Item'] and \
'Name' in item['Item'] and \
'Status' in item['Item'] and \
'JoinedMethod' in item['Item'] and \
account['Arn'] == item['Item']['Arn']['S'] and \
account['Email'] == item['Item']['Email']['S'] and \
account['Name'] == item['Item']['Name']['S'] and \
account['Status'] == item['Item']['Status']['S'] and \
account['JoinedMethod'] == item['Item']['JoinedMethod']['S']:
print('Account %s not changed.' % (account['Id']))
elif 'Item' in item:
print('Account %s changed.' % (account['Id']))
msg = '''
The AWS Account ID: %s
with e-mail: %s has been modified.
Previous configuration was:
- Name: %s;
- Email: %s;
- Arn: %s;
- Status: %s;
- Joined Method: %s
Current configuration detected is:
- Name: %s;
- Email: %s;
- Arn: %s;
- Status: %s;
- Joined Method: %s
''' % (item['Item']['accountid']['S'],\
item['Item']['Email']['S'],\
item['Item']['Name']['S'],\
item['Item']['Email']['S'],\
item['Item']['Arn']['S'],\
item['Item']['Status']['S'],\
item['Item']['JoinedMethod']['S'],\
account['Name'],\
account['Email'],\
account['Arn'],\
account['Status'],\
account['JoinedMethod'],\
)
print(msg)
insert_account = lambda_client.invoke(
FunctionName=environ['insert-account-function'],
InvocationType='RequestResponse',
LogType='Tail',
Payload=dumps(account)
)
print(insert_account)
elif 'Item' not in item:
print('New Account %s detected on your AWS Organization\
' % (account['Id']))
msg = '''
The AWS Account ID: %s is new in your environment.
Current configuration detected is:
- Name: %s;
- Email: %s;
- Arn: %s;
- Status: %s;
- Joined Method: %s
''' % (account['Id'],\
account['Name'],\
account['Email'],\
account['Arn'],\
account['Status'],\
account['JoinedMethod'],\
)
print(msg)
insert_account = lambda_client.invoke(
FunctionName=environ['insert-account-function'],
InvocationType='RequestResponse',
LogType='Tail',
Payload=dumps(account)
)
print(insert_account)
def lambda_handler(event, context):
print('message received on function trigger: %s' % event)
if octopus.validate_event_data(event):
var_list = [{'payerid':event['payer_id']}]
lambda_client = boto3.client('lambda')
s3_client = boto3.client('s3')
iam_client = octopus.assume_role(
event['payer_id'],
'octopus_svc',
'createroletonewaccount',
'iam',
'us-east-1')
set_env = octopus.set_env_for_tf(
event['Environment'],
environ['terraform_config_bucket'],
octopus.get_tf_files(
event['Environment'],
environ['table_name']),
var_list)
if set_env == True:
# tf_environment = octopus.setup_terraform(
# environ['backend_bucket'],
# environ['dynamodb_table'],
# environ['kms_key_id'],
# event['Environment'],
# environ['terraform_config_bucket'])
# if tf_environment == True:
if 1 == 1:
print('New account %s created' % (event['Name']))
print('Searching terraform state file for new accountId..')
tf_state = s3_client.get_object(
Bucket=environ['backend_bucket'],
Key='workspace/%s/backend' % (event['Environment'])
)
print('Answer from get_object command: %s' % tf_state)
content = loads(tf_state['Body'].read().decode('utf-8'))
print('State File: %s' % content)
account_id = content['modules'][0]\
['resources']['aws_organizations_account.%s' \
% event['Name']]['primary']['id']
print('Account ID for the new account is: %s' % account_id)
print('Saving data about new account on database...')
insert_account = lambda_client.invoke(
FunctionName=environ['insert_account_function'],
InvocationType='RequestResponse',
LogType='Tail',
Payload=dumps({"Id":account_id,"payer_id":event['payer_id']})
)
print('''Answer from LambdaFunction to Insert Account: %s \
''' % insert_account['Payload'].read())
print('Creating Cross Account Role for Octopus...')
print('Creating temporary key...')
create_key = iam_client.create_access_key(
UserName='******'
)
print('''Create Key Status: %s \
''' % create_key['ResponseMetadata'])
var_list = [
{"accesskey":create_key['AccessKey']['AccessKeyId']},
{"secretkey":create_key['AccessKey']['SecretAccessKey']},
{"id":account_id},
{"mngt_account_id":environ['mngt_account_id']}]
set_env = octopus.set_env_for_tf(
event['Name'],
environ['terraform_config_bucket'],
octopus.get_tf_files(
'new-account-conf',
environ['table_name']),
var_list)
if set_env == True:
octopus.init_terraform(
environ['backend_bucket'],
environ['dynamodb_table'],
environ['kms_key_id'],
event['Name'],
environ['terraform_config_bucket'])
print('Creating workspace for the new account...')
print(popen('''cd /tmp/%s && /tmp/terraform workspace new %s \
''' % (event['Name'],event['Name'])).read())
print('Workspace created...')
tf_environment = octopus.setup_terraform(
environ['backend_bucket'],
environ['dynamodb_table'],
environ['kms_key_id'],
event['Name'],
environ['terraform_config_bucket'])
iam_client.delete_access_key(
UserName='******',
AccessKeyId=create_key['AccessKey']['AccessKeyId']
)
popen(' rm -rf /tmp/*').read()
if tf_environment == True:
print('setup completed...')
else:
print('Command unsuccessfull... please see output: ' + tf_environment)