AWS람다 aws-service-broker-s3-c5b-AWSSBInjectedIAMUserLamb

1 개요[편집]

aws-service-broker-s3-c5b-AWSSBInjectedIAMUserLamb
  • 트리거
AWS Systems Manager
Amazon CloudWatch Logs
Identity And Access Management
  • 런타임: Python 2.7
import cfnresponse
import random
import string
import boto3
import traceback

alnum = string.ascii_uppercase + string.ascii_lowercase + string.digits
iam_client = boto3.client('iam')
ssm_client = boto3.client('ssm')


def handler(event, context):
    response_code = cfnresponse.SUCCESS
    response_data = {}
    if event['RequestType'] == 'Create':
        phys_id = ''.join(random.choice(alnum) for _ in range(16))
    else:
        phys_id = event['PhysicalResourceId']
    response_data['AsbAccessKeyId'] = 'AsbAccessKeyId-%s' % phys_id
    response_data['AsbSecretAccessKey'] = 'AsbSecretAccessKey-%s' % phys_id
    try:
        username = event['ResourceProperties']['Username']
        if event['RequestType'] == 'Create':
            response = iam_client.create_access_key(UserName=username)
            aws_access_key_id = response['AccessKey']['AccessKeyId']
            secret_access_key = response['AccessKey']['SecretAccessKey']
            ssm_client.put_parameter(Name=response_data['AsbAccessKeyId'], Value=aws_access_key_id, Type='SecureString')
            ssm_client.put_parameter(Name=response_data['AsbSecretAccessKey'], Value=secret_access_key, Type='SecureString')
        elif event['RequestType'] == 'Update':
            print('Update operation unsupported')
            response_code = cfnresponse.FAILED
        elif event['RequestType'] == 'Delete':
            for access_key in iam_client.list_access_keys(UserName=username)['AccessKeyMetadata']:
                iam_client.delete_access_key(UserName=username, AccessKeyId=access_key['AccessKeyId'])
            ssm_client.delete_parameters(Names=[response_data['AsbAccessKeyId'], response_data['AsbSecretAccessKey']])
        cfnresponse.send(event, context, response_code, response_data, phys_id)
    except Exception as e:
        print(str(e))
        traceback.print_exc()
        cfnresponse.send(event, context, cfnresponse.FAILED, response_data, phys_id)

2 참고[편집]

문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}