Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
AWS Lambda automate updating policies #3
Quick conversion from the awscli and bash commands to Python. This enables future plans to automate the updates to this repository and to run this in AWS Lambda. Python outputs the same policy document json that the old process does.
`app.py` contains the AWS CDK to create a Python Lambda function with the appropriate permission to log and pull all the IAM Policies. The `dulwich` module is used for all git operations. Before running `cdk deploy` an Secret needs to be created in AWS Managed Secrets and a few environment variables need to be created. See `app.py` for instructions. Lambda Function is invoked every hour. To test, deploy and trigger the Lambda with a test event. Execution can take around a minute. More memory will speed it up.
Note - this depends on having an GitHub Account with a Personal Access token. I took the route of creating a "machine user" @rypeck-bot to automate. Currently pointed at https://github.com/RyPeck/aws_managed_policies/tree/master and running every hour.
Next steps could be to get it working with SSH (there are Lambda Layers that make this look possible) but I thought I'd leave off here for now.