def update(event, _): old_properties = validate_properties(old_resource_properties(event)) properties = validate_properties(resource_properties(event)) parameter_name = cfn.physical_resource_id(event) releases = cssm.fetch_json_parameter(ssm, parameter_name) current_release_prefix = properties.current_release_prefix if len(releases) > 1 \ and releases[0] == old_properties.current_release_prefix \ and releases[1] == current_release_prefix \ and cfn.is_stack_rollback_complete_cleanup_in_progress(cf, event): # in the case of a stack rollback and swap of the 2 first releases, we just assume # that it is update to rollback the resource itself. releases.pop(0) else: # 1. we need to put the release into the list; if the release is already inside, we remove it. in any case, # we put the release in front of the list. try: releases.remove(current_release_prefix) except ValueError: pass releases.insert(0, current_release_prefix) # 2. we cleanup old releases if we have gone over the parameterised count while len(releases) > properties.release_count_number: old_release_prefix = releases.pop() delete_objects(properties.bucket, old_release_prefix) put_json_parameter(parameter_name, releases) return parameter_name
def check_certificate(event, round_index): try: properties = validate_properties(cfn.resource_properties(event)) certificate_arn = properties.certificate_arn if event['RequestType'] == 'Delete': cfn.send_success(event) return True event['PhysicalResourceId'] = certificate_arn if round_index >= MAX_ROUND_COUNT: cfn.send_failed( event, "certificate {} did not stablise".format(certificate_arn)) return True acm = acm_service(certificate_arn) certificate = acm.describe_certificate(CertificateArn=certificate_arn) certificate_status = certificate['Certificate']['Status'] if certificate_status == 'ISSUED': cfn.send_success(event) return True elif certificate_status == 'PENDING_VALIDATION': return False else: cfn.send_failed( event, 'the certificate {} is in invalid status {}.'.format( certificate_arn, certificate_status)) return True except Exception as e: print(traceback.format_exc()) cfn.send_failed(event, "exception during checking: {}".format(str(e))) return True
def create(event, _): properties = validate_properties(resource_properties(event)) parameter_name = naming.s3_release_cleanup_parameter_name( stack_arn=cfn.stack_id(event), logical_resource_id=cfn.logical_resource_id(event)) put_json_parameter(parameter_name, [properties.current_release_prefix]) return parameter_name
def create(event, _): properties = validate_properties(resource_properties(event)) certificate_arn = properties.custom_domain_config.certificate_arn if certificate_arn is None: out = idp.create_user_pool_domain(Domain=properties.domain, UserPoolId=properties.user_pool_id) else: out = idp.create_user_pool_domain( Domain=properties.domain, UserPoolId=properties.user_pool_id, CustomDomainConfig=properties.custom_domain_config) cloudfront_domain = out.get('CloudFrontDomain') if cloudfront_domain is None: cloudfront_domain = '' domain = properties.domain + '.auth.' + idp._client_config.region_name + '.amazoncognito.com' else: domain = properties.domain helper.Data.update({ 'UserPoolId': properties.user_pool_id, 'CloudFrontDomainName': cloudfront_domain, 'CloudFrontHostedZoneId': 'Z2FDTNDATAQYW2', 'Domain': domain }) return properties.domain
def create(event, _): properties = validate_properties(resource_properties(event)) physical_id = physical_resource_id(event, properties) value = next_value(properties) helper.Data.update({'ValueText': str(value), 'Value': value}) return physical_id
def create(event, _): p = validate_properties(resource_properties(event)) parameter_name = naming.cog_cond_pre_auth_parameter_name(p.user_pool_id, p.user_pool_client_id) parameter_value = json.dumps({'All': p.all, 'Domains': p.domains, 'Emails': p.emails}) put_string_parameter(ssm, parameter_name, value=parameter_value, description='Forge Cognito Pre Auth Settings Parameter') return parameter_name
def create_certificate(sns_message_id, event): if should_skip_message(sns_message_id, event): return properties = validate_properties(resource_properties(event)) cert_proc = CertificateProcessor(None, properties) certificate_arn = cert_proc.create_certificate() try: cert_proc.create_record_set_group() start_wait_state_machine(certificate_arn, sns_message_id, event) except Exception as e: raise CertificateError(certificate_arn) from e
def properties(event): try: p = Properties(physical_resource_id=physical_resource_id(event), logical_resource_id=event['LogicalResourceId'], stack_id=event['StackId'], ordinal=resource_properties(event)['Ordinal']) except KeyError as e: raise ValueError('cloudformation event not valid') from e if not p.ordinal: raise ValueError('Ordinal is obligatory') return p
def delete_certificate(event): certificate_arn = cfn.physical_resource_id(event) log.msg('deleting certificate', certificate_arn=certificate_arn) # We delete only if the certificate has been properly created before. if c.is_certificate_arn(certificate_arn): properties = validate_properties(resource_properties(event)) cert_proc = CertificateProcessor(certificate_arn=certificate_arn, properties=properties) if not cfn.is_being_replaced(cf, event): # This resource may create DNS Records that should be deleted as well. Also there is an SNS parameter # to ensure that the resource is created only once (to handle possible SNS delivery duplication) # these are deleted only if the resource is being deleted (the update function takes care of the DNS # records if the resource is being replaced). cert_proc.delete_record_set_group() delete_sns_message_ssm_parameter(event) cert_proc.delete_certificate() cfn.send_success(event)
def update_certificate(sns_message_id, event): if should_skip_message(sns_message_id, event): return new_properties = validate_properties(resource_properties(event)) old_properties = validate_properties(cfn.old_resource_properties(event)) certificate_arn = cfn.physical_resource_id(event) if needs_new(event, old_properties, new_properties): log.msg('new certificate needed', stack_arn=cfn.stack_id(event), logical_resource_id=cfn.logical_resource_id(event)) log.msg('delete old dns record', old_properties=old_properties) cert_proc = CertificateProcessor(certificate_arn, old_properties) cert_proc.delete_record_set_group() create_certificate(sns_message_id, event) else: cert_proc = CertificateProcessor(certificate_arn, new_properties) if safe_set(old_properties.tags) != safe_set(new_properties.tags): cert_proc.update_tags() if old_properties.with_caa != new_properties.with_caa: if new_properties.with_caa: cert_proc.create_caa_records() else: cert_proc.delete_caa_records() cfn.send_success(event)
def delete(event, _): properties = validate_properties(resource_properties(event)) if has_valid_physical_resource_id( event, properties) and cfn.is_stack_delete_in_progress(cf, event): delete_all_images(properties) return cfn.physical_resource_id(event)
def create(event, _): properties = validate_properties(resource_properties(event)) return physical_resource_id(event, properties)
def delete(event, _): properties = validate_properties(resource_properties(event)) delete_user_pool_domain(properties) return physical_resource_id(event)
def update(event, _): properties = validate_properties(resource_properties(event)) swap_rules(properties) return physical_resource_id(event, properties)
def create(event, _): properties = validate_properties(resource_properties(event)) return put_sequence_parameter(properties)
def delete(event, _): properties = validate_properties(resource_properties(event)) if has_valid_physical_resource_id(event, properties) and should_delete(event): delete_objects(properties) return cfn.physical_resource_id(event)
def create(event, _): properties = validate_properties(resource_properties(event)) db_instances = rds.describe_db_instances( DBInstanceIdentifier=properties.db_instance_identifier) return db_instances['DBInstances'][0]['DbiResourceId']
def delete(event, _): properties = validate_properties(resource_properties(event)) if cfn.is_being_replaced(cf, event): swap_rules(properties) return cfn.physical_resource_id(event)