From b12dea4bb9cee907acb018fbcb8cdd16a1c18648 Mon Sep 17 00:00:00 2001 From: Shalabh Nigam Date: Mon, 1 Dec 2025 11:56:40 -0600 Subject: [PATCH 1/2] fix: remove event info logging across all the lambdas, to prevent potential leak of sensitive customer data --- .../account_alternate_contacts/lambda/src/app.py | 10 ---------- .../cloudtrail/cloudtrail_org/lambda/src/app.py | 2 -- .../common/common_prerequisites/lambda/src/app.py | 4 ---- .../lambda/src/app.py | 2 -- .../config/config_management_account/lambda/src/app.py | 2 -- .../solutions/config/config_org/lambda/src/app.py | 8 -------- .../detective/detective_org/lambda/src/app.py | 6 ------ .../ec2/ec2_default_ebs_encryption/lambda/src/app.py | 10 ---------- .../firewall_manager_org/lambda/src/app.py | 2 -- .../genai/bedrock_guardrails/lambda/src/app.py | 2 -- .../solutions/genai/bedrock_org/lambda/src/app.py | 2 -- .../guardduty/guardduty_org/lambda/src/app.py | 4 ---- .../iam/iam_password_policy/lambda/src/app.py | 2 -- .../inspector/inspector_org/lambda/src/app.py | 6 ------ .../solutions/macie/macie_org/lambda/src/app.py | 4 ---- .../patch_mgmt/patch_mgmt_org/lambda/src/app.py | 6 ------ .../s3_block_account_public_access/lambda/src/app.py | 10 ---------- .../security_lake/security_lake_org/lambda/src/app.py | 4 ---- .../securityhub/securityhub_org/lambda/src/app.py | 10 ---------- .../shield_advanced/shield_advanced/lambda/src/app.py | 6 ------ 20 files changed, 102 deletions(-) diff --git a/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py b/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py index a60c324c..a9a4de2c 100644 --- a/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py +++ b/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py @@ -365,8 +365,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) process_accounts(event, params) @@ -398,8 +396,6 @@ def process_event_organizations(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) if event["detail"]["eventName"] == "TagResource" and params["EXCLUDE_ACCOUNT_TAGS"]: @@ -427,8 +423,6 @@ def process_event_lifecycle(event: dict) -> None: Raises: ValueError: Control Tower Lifecycle Event not 'createManagedAccountStatus' or 'updateManagedAccountStatus' """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) aws_account_id = "" @@ -455,8 +449,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) if event["RequestType"] in ["Create", "Update"]: params = get_validated_parameters({"RequestType": event["RequestType"]}) @@ -619,8 +611,6 @@ def lambda_handler(event: dict, context: Any) -> None: """ LOGGER.info("....Lambda Handler Started....") try: - event_info = {"Event": event} - LOGGER.info(event_info) orchestrator(event, context) except Exception: LOGGER.exception(UNEXPECTED) diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py index e2001533..57102dbd 100644 --- a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py @@ -323,8 +323,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) LOGGER.debug(f"{context}") params = get_validated_parameters(event) diff --git a/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py b/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py index bc3faa76..d5252d07 100644 --- a/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py +++ b/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py @@ -444,8 +444,6 @@ def create_update_event(event: CloudFormationCustomResourceEvent, context: Conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters(event) tags: Sequence[TagTypeDef] = [{"Key": params["TAG_KEY"], "Value": params["TAG_VALUE"]}] @@ -473,8 +471,6 @@ def delete_event(event: CloudFormationCustomResourceEvent, context: Context) -> event: event data context: runtime information """ - event_info = {"Event": event} - LOGGER.info(event_info) LOGGER.info("SRA SSM Parameters are being retained.") # delete_ssm_parameters_in_regions(get_enabled_regions()) # noqa: E800 diff --git a/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py b/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py index f7cc4659..1f532542 100644 --- a/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py +++ b/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py @@ -276,8 +276,6 @@ def terraform_handler(event: dict, context: Context) -> None: ValueError: Unexpected error executing Lambda function """ LOGGER.info("....Lambda Handler Started....") - event_info = {"Event": event} - LOGGER.info(event_info) try: request_type = event["RequestType"] diff --git a/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py b/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py index 8d7e622f..6953da16 100644 --- a/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py +++ b/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py @@ -171,8 +171,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters(event) management_account: str = context.invoked_function_arn.split(":")[4] diff --git a/aws_sra_examples/solutions/config/config_org/lambda/src/app.py b/aws_sra_examples/solutions/config/config_org/lambda/src/app.py index 65fef0a0..75452367 100644 --- a/aws_sra_examples/solutions/config/config_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/config/config_org/lambda/src/app.py @@ -74,8 +74,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Update"}) accounts = common.get_active_organization_accounts() @@ -117,8 +115,6 @@ def process_event_organizations(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) if event["detail"]["eventName"] == "AcceptHandshake" and event["detail"]["responseElements"]["handshake"]["state"] == "ACCEPTED": @@ -481,8 +477,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) accounts = common.get_active_organization_accounts() @@ -533,8 +527,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None: LOGGER.info("....Lambda Handler Started....") boto3_version = boto3.__version__ LOGGER.info(f"boto3 version: {boto3_version}") - event_info = {"Event": event} - LOGGER.info(event_info) try: orchestrator(event, context) except Exception: diff --git a/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py b/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py index 00ec81d3..903a10b7 100644 --- a/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py @@ -72,8 +72,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Update"}) excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] @@ -366,8 +364,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] @@ -412,8 +408,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None: LOGGER.info("....Lambda Handler Started....") boto3_version = boto3.__version__ LOGGER.info(f"boto3 version: {boto3_version}") - event_info = {"Event": event} - LOGGER.info(event_info) try: orchestrator(event, context) except Exception: diff --git a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py index a392561a..fef544fb 100644 --- a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py +++ b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py @@ -345,8 +345,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) process_accounts(event, params) @@ -379,8 +377,6 @@ def process_event_organizations(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) if event["detail"]["eventName"] == "TagResource" and params["EXCLUDE_ACCOUNT_TAGS"]: @@ -408,8 +404,6 @@ def process_event_lifecycle(event: dict) -> None: Raises: ValueError: Control Tower Lifecycle Event not 'createManagedAccountStatus' or 'updateManagedAccountStatus' """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) aws_account_id = "" @@ -436,8 +430,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) if event["RequestType"] in ["Create", "Update"]: params = get_validated_parameters({"RequestType": event["RequestType"]}) @@ -582,8 +574,6 @@ def lambda_handler(event: dict, context: Any) -> None: """ LOGGER.info("....Lambda Handler Started....") try: - event_info = {"Event": event} - LOGGER.info(event_info) orchestrator(event, context) except Exception: LOGGER.exception(UNEXPECTED) diff --git a/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py b/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py index 256d275d..aa11ec0d 100644 --- a/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py @@ -188,8 +188,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> Raises: botocore.exceptions.ClientError: Client error """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters(event) if params["action"] == "Add": diff --git a/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py b/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py index 46abd774..8602c963 100644 --- a/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py @@ -838,8 +838,6 @@ def create_event(event: dict, context: Any) -> str: DRY_RUN_DATA = {} LIVE_RUN_DATA = {} - event_info = {"Event": event} - LOGGER.info(event_info) LOGGER.info(f"CFN_RESPONSE_DATA START: {CFN_RESPONSE_DATA}") # Deploy state table deploy_state_table() diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py index 3483b08b..8273bc1f 100644 --- a/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py @@ -1413,8 +1413,6 @@ def create_event(event: dict, context: Any) -> str: DRY_RUN_DATA = {} LIVE_RUN_DATA = {} - event_info = {"Event": event} - LOGGER.info(event_info) LOGGER.info(f"CFN_RESPONSE_DATA START: {CFN_RESPONSE_DATA}") # Deploy state table deploy_state_table() diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py b/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py index 56ad168b..9177778f 100644 --- a/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py @@ -300,8 +300,6 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None: ValueError: Unexpected error executing Lambda function """ LOGGER.info("....Lambda Handler Started....") - event_info = {"Event": event} - LOGGER.info(event_info) try: if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"): raise ValueError( @@ -327,8 +325,6 @@ def terraform_handler(event: Dict[str, Any], context: Context) -> None: ValueError: Unexpected error executing Lambda function """ LOGGER.info("....Lambda Handler Started....") - event_info = {"Event": event} - LOGGER.info(event_info) try: if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"): raise ValueError( diff --git a/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py b/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py index 0fb8f471..3f3420c7 100644 --- a/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py +++ b/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py @@ -116,8 +116,6 @@ def process_cloudformation_event(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) LOGGER.debug(f"{context}") params = get_validated_parameters(event) diff --git a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py index d12107af..5cb0618e 100644 --- a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py @@ -81,8 +81,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Update"}) excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] @@ -443,8 +441,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] @@ -578,8 +574,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None: LOGGER.info("....Lambda Handler Started....") boto3_version = boto3.__version__ LOGGER.info(f"boto3 version: {boto3_version}") - event_info = {"Event": event} - LOGGER.info(event_info) try: orchestrator(event, context) except Exception: diff --git a/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py b/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py index c51d432e..828fc8c7 100644 --- a/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py @@ -206,8 +206,6 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None: ValueError: Unexpected error executing Lambda function """ LOGGER.info("....Lambda Handler Started....") - event_info = {"Event": event} - LOGGER.info(event_info) try: if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"): raise ValueError( @@ -233,8 +231,6 @@ def terraform_handler(event: Dict[str, Any], context: Context) -> None: ValueError: Unexpected error executing Lambda function """ LOGGER.info("....Terraform Lambda Handler Started....") - event_info = {"Event": event} - LOGGER.info(event_info) try: if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"): raise ValueError( diff --git a/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py b/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py index d56ae666..9b59361f 100644 --- a/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py @@ -866,8 +866,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Update", "ResourceProperties": os.environ}) regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") @@ -882,8 +880,6 @@ def process_event_organizations(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Create", "ResourceProperties": os.environ}) regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") @@ -933,8 +929,6 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None: LOGGER.info("....Lambda Handler Started....") boto3_version = boto3.__version__ LOGGER.info(f"boto3 version: {boto3_version}") - event_info = {"Event": event} - LOGGER.info(event_info) try: orchestrator(event, context) except Exception: diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py b/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py index 7dc3b0ac..6f2a4fa3 100644 --- a/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py +++ b/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py @@ -333,8 +333,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) process_accounts(event, params) @@ -366,8 +364,6 @@ def process_event_organizations(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) if event["detail"]["eventName"] == "TagResource" and params["EXCLUDE_ACCOUNT_TAGS"]: @@ -395,8 +391,6 @@ def process_event_lifecycle(event: dict) -> None: Raises: ValueError: Control Tower Lifecycle Event not 'createManagedAccountStatus' or 'updateManagedAccountStatus' """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) aws_account_id = "" @@ -423,8 +417,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) if event["RequestType"] in ["Create", "Update"]: params = get_validated_parameters({"RequestType": event["RequestType"]}) @@ -576,8 +568,6 @@ def lambda_handler(event: dict, context: Any) -> None: """ LOGGER.info("....Lambda Handler Started....") try: - event_info = {"Event": event} - LOGGER.info(event_info) orchestrator(event, context) except Exception: LOGGER.exception(UNEXPECTED) diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py index 9559214a..57735b70 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py @@ -145,8 +145,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Update"}) accounts = common.get_active_organization_accounts() regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") @@ -680,8 +678,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) accounts = common.get_active_organization_accounts() regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"]) diff --git a/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py b/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py index 6e175a3d..df75e71f 100644 --- a/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py @@ -241,8 +241,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": "Update"}) process_add_update_event(params) @@ -346,8 +344,6 @@ def process_event_organizations(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({}) regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") @@ -382,8 +378,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) @@ -429,8 +423,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None: ValueError: Unexpected error executing Lambda function """ LOGGER.info("....Lambda Handler Started....") - event_info = {"Event": event} - LOGGER.info(event_info) try: orchestrator(event, context) except Exception: @@ -449,8 +441,6 @@ def terraform_handler(event: Dict[str, Any], context: Context) -> None: ValueError: Unexpected error executing Lambda function """ LOGGER.info("....Lambda Handler Started....") - event_info = {"Event": event} - LOGGER.info(event_info) try: if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"): raise ValueError( diff --git a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py index 6f115fc8..c0bbffe8 100644 --- a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py +++ b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py @@ -75,8 +75,6 @@ def process_event(event: dict) -> None: Args: event: event data """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) excluded_accounts: list = [] @@ -605,8 +603,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - event_info = {"Event": event} - LOGGER.info(event_info) params = get_validated_parameters({"RequestType": event["RequestType"]}) excluded_accounts: list = [] @@ -650,8 +646,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None: LOGGER.info("....Lambda Handler Started....") boto3_version = boto3.__version__ LOGGER.info(f"boto3 version: {boto3_version}") - event_info = {"Event": event} - LOGGER.info(event_info) try: orchestrator(event, context) except Exception as ex: From c86c3debee8e0275bb6c94bb1fce7f3eedbd7bca Mon Sep 17 00:00:00 2001 From: Shalabh Nigam Date: Mon, 1 Dec 2025 12:54:16 -0600 Subject: [PATCH 2/2] fix: linting errors across the solution (D202 and U100) --- .../lambda/src/app.py | 17 ++++++++--------- .../ami_bakery/ami_bakery_org/lambda/src/app.py | 2 +- .../cloudtrail/cloudtrail_org/lambda/src/app.py | 6 +++--- .../common_prerequisites/lambda/src/app.py | 2 +- .../lambda/src/app.py | 2 +- .../config_management_account/lambda/src/app.py | 4 ++-- .../config/config_org/lambda/src/app.py | 11 +++++------ .../detective/detective_org/lambda/src/app.py | 7 +++---- .../lambda/src/app.py | 17 ++++++++--------- .../genai/bedrock_guardrails/lambda/src/app.py | 6 +++--- .../sra_bedrock_check_eval_job_bucket/app.py | 2 +- .../genai/bedrock_org/lambda/src/app.py | 10 +++++----- .../guardduty/guardduty_org/lambda/src/app.py | 6 +++--- .../iam/iam_password_policy/lambda/src/app.py | 4 ++-- .../inspector/inspector_org/lambda/src/app.py | 9 ++++----- .../solutions/macie/macie_org/lambda/src/app.py | 6 +++--- .../patch_mgmt/patch_mgmt_org/lambda/src/app.py | 12 ++++++------ .../lambda/src/app.py | 17 ++++++++--------- .../security_lake_org/lambda/src/app.py | 6 +++--- .../securityhub_org/lambda/src/app.py | 15 +++++++-------- .../shield_advanced/lambda/src/app.py | 7 +++---- 21 files changed, 80 insertions(+), 88 deletions(-) diff --git a/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py b/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py index a9a4de2c..095c2b97 100644 --- a/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py +++ b/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py @@ -316,7 +316,7 @@ def local_testing(aws_account: AccountTypeDef, params: dict) -> None: process_alternate_contacts(account_client, aws_account, params) -def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None: +def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None: # noqa: U100 """Process Accounts and Create SNS Messages for each account for solution deployment. Args: @@ -339,7 +339,7 @@ def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], para process_sns_message_batches(sns_messages, params["SNS_TOPIC_ARN"]) -def process_account(event: dict, aws_account_id: str, params: dict) -> None: +def process_account(event: dict, aws_account_id: str, params: dict) -> None: # noqa: U100 """Process Account and Create SNS Message for account for solution deployment. Args: @@ -359,7 +359,7 @@ def process_account(event: dict, aws_account_id: str, params: dict) -> None: publish_sns_message(sns_message, "Account Alternate Contacts", params["SNS_TOPIC_ARN"]) -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -370,7 +370,7 @@ def process_event(event: dict) -> None: process_accounts(event, params) -def process_event_sns(event: dict) -> None: +def process_event_sns(event: dict) -> None: # noqa: U100 """Process SNS event. Args: @@ -390,7 +390,7 @@ def process_event_sns(event: dict) -> None: process_alternate_contacts(account_client, aws_account, params) -def process_event_organizations(event: dict) -> None: +def process_event_organizations(event: dict) -> None: # noqa: U100 """Process Event from AWS Organizations. Args: @@ -414,7 +414,7 @@ def process_event_organizations(event: dict) -> None: LOGGER.info("Organization event does not match expected values.") -def process_event_lifecycle(event: dict) -> None: +def process_event_lifecycle(event: dict) -> None: # noqa: U100 """Process Lifecycle Event from AWS Control Tower. Args: @@ -449,7 +449,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - if event["RequestType"] in ["Create", "Update"]: params = get_validated_parameters({"RequestType": event["RequestType"]}) process_accounts(event, params) @@ -580,7 +579,7 @@ def get_validated_parameters(event: dict) -> dict: return params -def orchestrator(event: dict, context: Any) -> None: +def orchestrator(event: dict, context: Any) -> None: # noqa: U100 """Orchestration of Events. Args: @@ -599,7 +598,7 @@ def orchestrator(event: dict, context: Any) -> None: process_event(event) -def lambda_handler(event: dict, context: Any) -> None: +def lambda_handler(event: dict, context: Any) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/app.py b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/app.py index 506ece29..0933f3f1 100644 --- a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/app.py @@ -299,7 +299,7 @@ def delete(event: Dict[str, Any], context: Context) -> None: # noqa: U100 iam.delete_role(session, params["CODEPIPELINE_ROLE_NAME"]) -def lambda_handler(event: Dict[str, Any], context: Context) -> None: +def lambda_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py index 57102dbd..41cd9a54 100644 --- a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py @@ -313,7 +313,7 @@ def process_create_update(params: dict) -> None: @helper.create @helper.update @helper.delete -def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: +def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100 """Process CloudFormation Event. Creates, updates, and deletes a CloudTrail with the provided parameters. Args: @@ -340,7 +340,7 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> return f"{params['CLOUDTRAIL_NAME']}-CloudTrail" -def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: +def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100 """Lambda Handler. Args: @@ -358,7 +358,7 @@ def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) - raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs '{context.log_group_name}' for details.") from None -def terraform_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: +def terraform_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py b/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py index d5252d07..bfe90775 100644 --- a/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py +++ b/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py @@ -475,7 +475,7 @@ def delete_event(event: CloudFormationCustomResourceEvent, context: Context) -> # delete_ssm_parameters_in_regions(get_enabled_regions()) # noqa: E800 -def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: +def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py b/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py index 1f532542..7057f8e0 100644 --- a/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py +++ b/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py @@ -265,7 +265,7 @@ def lambda_handler( raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs '{context.log_group_name}' for details.") from None -def terraform_handler(event: dict, context: Context) -> None: +def terraform_handler(event: dict, context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py b/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py index 6953da16..a43c2137 100644 --- a/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py +++ b/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py @@ -161,7 +161,7 @@ def get_validated_parameters(event: CloudFormationCustomResourceEvent) -> dict: @helper.create @helper.update @helper.delete -def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: +def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100 """Process Event from AWS CloudFormation. Args: @@ -187,7 +187,7 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> return f"{params['AUDIT_ACCOUNT_ID']}-{params['AGGREGATOR_NAME']}" -def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: +def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/config/config_org/lambda/src/app.py b/aws_sra_examples/solutions/config/config_org/lambda/src/app.py index 75452367..19677d2c 100644 --- a/aws_sra_examples/solutions/config/config_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/config/config_org/lambda/src/app.py @@ -68,7 +68,7 @@ def process_add_update_event(params: dict, regions: list, accounts: list) -> Non LOGGER.info("...ADD_UPDATE_NO_EVENT") -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -109,7 +109,7 @@ def process_account(aws_account_id: str, params: dict) -> None: config.set_delivery_channel(aws_account_id, region, params["CONFIGURATION_ROLE_NAME"], delivery_channel) -def process_event_organizations(event: dict) -> None: +def process_event_organizations(event: dict) -> None: # noqa: U100 """Process Event from AWS Organizations. Args: @@ -428,7 +428,7 @@ def process_sns_message_batches(sns_messages: list, sns_topic_arn_fanout: str) - publish_sns_message_batch(batch, sns_topic_arn_fanout) -def process_event_sns(event: dict) -> None: +def process_event_sns(event: dict) -> None: # noqa: U100 """Process SNS event to complete the setup process. Args: @@ -477,7 +477,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - params = get_validated_parameters({"RequestType": event["RequestType"]}) accounts = common.get_active_organization_accounts() regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true") @@ -496,7 +495,7 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte return "SRA-CONFIG-ORG" -def orchestrator(event: Dict[str, Any], context: Any) -> None: +def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Orchestration. Args: @@ -514,7 +513,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None: process_event(event) -def lambda_handler(event: Dict[str, Any], context: Any) -> None: +def lambda_handler(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py b/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py index 903a10b7..d18f0100 100644 --- a/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py @@ -66,7 +66,7 @@ def process_add_update_event(params: dict, regions: list, accounts: list) -> Non LOGGER.info("...ADD_UPDATE_NO_EVENT") -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -364,7 +364,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - params = get_validated_parameters({"RequestType": event["RequestType"]}) excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] accounts = common.get_active_organization_accounts(excluded_accounts) @@ -380,7 +379,7 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte return f"sra-detective-org-{params['DELEGATED_ADMIN_ACCOUNT_ID']}" -def orchestrator(event: Dict[str, Any], context: Any) -> None: +def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Orchestration. Args: @@ -395,7 +394,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None: process_event(event) -def lambda_handler(event: Dict[str, Any], context: Any) -> None: +def lambda_handler(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py index fef544fb..5a273a3b 100644 --- a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py +++ b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py @@ -297,7 +297,7 @@ def local_testing(aws_account: AccountTypeDef, params: dict) -> None: process_enable_ebs_encryption_by_default(account_session, aws_account["Id"], regions) -def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None: +def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None: # noqa: U100 """Process Accounts and Create SNS Messages for each account for solution deployment. Args: @@ -319,7 +319,7 @@ def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], para process_sns_message_batches(sns_messages, params["SNS_TOPIC_ARN"]) -def process_account(event: dict, aws_account_id: str, params: dict) -> None: +def process_account(event: dict, aws_account_id: str, params: dict) -> None: # noqa: U100 """Process Account and Create SNS Message for solution deployment. Args: @@ -339,7 +339,7 @@ def process_account(event: dict, aws_account_id: str, params: dict) -> None: publish_sns_message(sns_message, "EC2 Default EBS Encryption", params["SNS_TOPIC_ARN"]) -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -350,7 +350,7 @@ def process_event(event: dict) -> None: process_accounts(event, params) -def process_event_sns(event: dict) -> None: +def process_event_sns(event: dict) -> None: # noqa: U100 """Process SNS event. Args: @@ -371,7 +371,7 @@ def process_event_sns(event: dict) -> None: process_enable_ebs_encryption_by_default(account_session, aws_account["Id"], regions) -def process_event_organizations(event: dict) -> None: +def process_event_organizations(event: dict) -> None: # noqa: U100 """Process Event from AWS Organizations. Args: @@ -395,7 +395,7 @@ def process_event_organizations(event: dict) -> None: LOGGER.info("Organization event does not match expected values.") -def process_event_lifecycle(event: dict) -> None: +def process_event_lifecycle(event: dict) -> None: # noqa: U100 """Process Lifecycle Event from AWS Control Tower. Args: @@ -430,7 +430,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - if event["RequestType"] in ["Create", "Update"]: params = get_validated_parameters({"RequestType": event["RequestType"]}) process_accounts(event, params) @@ -543,7 +542,7 @@ def get_validated_parameters(event: dict) -> dict: return params -def orchestrator(event: dict, context: Any) -> None: +def orchestrator(event: dict, context: Any) -> None: # noqa: U100 """Orchestration of Events. Args: @@ -562,7 +561,7 @@ def orchestrator(event: dict, context: Any) -> None: process_event(event) -def lambda_handler(event: dict, context: Any) -> None: +def lambda_handler(event: dict, context: Any) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py b/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py index 8602c963..15c89a09 100644 --- a/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py @@ -169,7 +169,7 @@ def load_kms_key_policies() -> dict: sqs = sra_sqs.SRASQS() -def get_resource_parameters(event: dict) -> None: +def get_resource_parameters(event: dict) -> None: # noqa: U100 """Get resource parameters from event. Args: @@ -820,7 +820,7 @@ def delete_guardrails(account: str, region: str, guardrail_name: str) -> None: DRY_RUN_DATA[f"Bedrock-guardrail-{account}_{region}"] = f"DRY_RUN: Delete Bedrock guardrail {guardrail_name}" -def create_event(event: dict, context: Any) -> str: +def create_event(event: dict, context: Any) -> str: # noqa: U100 """Create event. Args: @@ -902,7 +902,7 @@ def create_event(event: dict, context: Any) -> str: return CFN_RESOURCE_ID -def update_event(event: dict, context: Any) -> str: +def update_event(event: dict, context: Any) -> str: # noqa: U100 """Update event. Args: diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_eval_job_bucket/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_eval_job_bucket/app.py index aed334a0..1641e4fa 100644 --- a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_eval_job_bucket/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_eval_job_bucket/app.py @@ -165,7 +165,7 @@ def build_evaluation(compliance_type: str, annotation: str) -> Any: return {"ComplianceType": compliance_type, "Annotation": annotation, "OrderingTimestamp": datetime.now().isoformat()} -def lambda_handler(event: dict, context: Any) -> None: +def lambda_handler(event: dict, context: Any) -> None: # noqa: U100 """Lambda handler. Args: diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py index 8273bc1f..d7bb30bc 100644 --- a/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py @@ -232,7 +232,7 @@ def load_sra_cloudwatch_dashboard() -> dict: cloudwatch.SOLUTION_NAME = SOLUTION_NAME -def get_resource_parameters(event: dict) -> None: +def get_resource_parameters(event: dict) -> None: # noqa: U100 """Get resource parameters from event. Args: @@ -1313,7 +1313,7 @@ def deploy_central_cloudwatch_observability(event: dict) -> None: # noqa: CCR00 add_state_table_record("oam", "implemented", "oam link", "link", oam_link_arn, bedrock_account, bedrock_region, "oam_link") -def deploy_cloudwatch_dashboard(event: dict) -> None: +def deploy_cloudwatch_dashboard(event: dict) -> None: # noqa: U100 """Deploy CloudWatch dashboard. Args: @@ -1395,7 +1395,7 @@ def remove_cloudwatch_dashboard() -> None: remove_state_table_record(f"arn:aws:cloudwatch::{ssm_params.SRA_SECURITY_ACCT}:dashboard/{SOLUTION_NAME}") -def create_event(event: dict, context: Any) -> str: +def create_event(event: dict, context: Any) -> str: # noqa: U100 """Create event. Args: @@ -1485,7 +1485,7 @@ def create_event(event: dict, context: Any) -> str: return CFN_RESOURCE_ID -def update_event(event: dict, context: Any) -> str: +def update_event(event: dict, context: Any) -> str: # noqa: U100 """Update event. Args: @@ -1941,7 +1941,7 @@ def create_sns_messages( DRY_RUN_DATA["SNSFanout"] = "DRY_RUN: Published SNS messages for regional fanout configuration. More dry run data in subsequent log streams." -def process_sns_records(event: dict) -> None: +def process_sns_records(event: dict) -> None: # noqa: U100 """Process SNS records. Args: diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py b/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py index 9177778f..5c32b2f4 100644 --- a/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py @@ -260,7 +260,7 @@ def process_sns_records(records: list) -> None: @helper.create @helper.update @helper.delete -def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: +def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100 """Process Event from AWS CloudFormation. Args: @@ -289,7 +289,7 @@ def process_cloudformation_event(event: CloudFormationCustomResourceEvent, conte return f"sra-guardduty-{params['DELEGATED_ADMIN_ACCOUNT_ID']}" -def lambda_handler(event: Dict[str, Any], context: Context) -> None: +def lambda_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100 """Lambda Handler. Args: @@ -314,7 +314,7 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None: raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs '{context.log_group_name}' for details.") from None -def terraform_handler(event: Dict[str, Any], context: Context) -> None: +def terraform_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py b/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py index 3f3420c7..4afb5a5d 100644 --- a/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py +++ b/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py @@ -106,7 +106,7 @@ def get_validated_parameters(event: CloudFormationCustomResourceEvent) -> dict: @helper.create @helper.update @helper.delete -def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: +def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100 """Process CloudFormation Event. Creates and updates the password policy with the provided parameters. Args: @@ -139,7 +139,7 @@ def process_cloudformation_event(event: CloudFormationCustomResourceEvent, conte ) -def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: +def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py index 5cb0618e..1a30d751 100644 --- a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py @@ -75,7 +75,7 @@ def process_add_update_event(params: dict, regions: list, accounts: list) -> Non LOGGER.info("...ADD_UPDATE_NO_EVENT") -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -441,7 +441,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - params = get_validated_parameters({"RequestType": event["RequestType"]}) excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]] accounts = common.get_active_organization_accounts(excluded_accounts) @@ -513,7 +512,7 @@ def process_sns_message_batches(sns_messages: list, sns_topic_arn: str) -> None: publish_sns_message_batch(batch, sns_topic_arn) -def process_event_sns(event: dict) -> None: +def process_event_sns(event: dict) -> None: # noqa: U100 """Process SNS event to complete the setup process. Args: @@ -539,7 +538,7 @@ def process_event_sns(event: dict) -> None: ) -def orchestrator(event: Dict[str, Any], context: Any) -> None: +def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Orchestration. Args: @@ -561,7 +560,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None: process_event(event) -def lambda_handler(event: Dict[str, Any], context: Any) -> None: +def lambda_handler(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py b/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py index 828fc8c7..71d210a4 100644 --- a/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py @@ -169,7 +169,7 @@ def process_sns_records(records: list) -> None: @helper.create @helper.update @helper.delete -def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: +def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100 """Process Event from AWS CloudFormation. Args: @@ -195,7 +195,7 @@ def process_cloudformation_event(event: CloudFormationCustomResourceEvent, conte return f"sra-macie-{params['DELEGATED_ADMIN_ACCOUNT_ID']}" -def lambda_handler(event: Dict[str, Any], context: Context) -> None: +def lambda_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100 """Lambda Handler. Args: @@ -220,7 +220,7 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None: raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs '{context.log_group_name}' for details.") from None -def terraform_handler(event: Dict[str, Any], context: Context) -> None: +def terraform_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py b/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py index 9b59361f..5e4a41c1 100644 --- a/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py @@ -796,7 +796,7 @@ def get_validated_parameters(event: Dict[str, Any]) -> dict: # noqa: CCR001, CF @helper.create @helper.update -def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: +def process_cloudformation_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100 """Process Event from AWS CloudFormation. Args: @@ -836,7 +836,7 @@ def process_cloudformation_event(event: CloudFormationCustomResourceEvent, conte @helper.delete -def process_cloudformation_delete_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: +def process_cloudformation_delete_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100 """Process delete event from AWS CloudFormation. Args: @@ -860,7 +860,7 @@ def process_cloudformation_delete_event(event: CloudFormationCustomResourceEvent return f"sra-patch_mgmt-{account_id}" -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -874,7 +874,7 @@ def process_event(event: dict) -> None: check_and_update_maintenance_window(params, regions, account) -def process_event_organizations(event: dict) -> None: +def process_event_organizations(event: dict) -> None: # noqa: U100 """Process Event from AWS Organizations. Args: @@ -896,7 +896,7 @@ def process_event_organizations(event: dict) -> None: LOGGER.info("Organization event does not match expected values.") -def orchestrator(event: Dict[str, Any], context: Any) -> None: +def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Orchestration. Args: @@ -913,7 +913,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None: process_event(event) -def lambda_handler(event: Dict[str, Any], context: Context) -> None: +def lambda_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py b/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py index 6f2a4fa3..565282ba 100644 --- a/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py +++ b/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py @@ -284,7 +284,7 @@ def local_testing(aws_account: AccountTypeDef, params: dict) -> None: process_put_account_public_access_block(s3_client, aws_account, params) -def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None: +def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None: # noqa: U100 """Process Accounts and Create SNS Messages for each account for solution deployment. Args: @@ -307,7 +307,7 @@ def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], para process_sns_message_batches(sns_messages, params["SNS_TOPIC_ARN"]) -def process_account(event: dict, aws_account_id: str, params: dict) -> None: +def process_account(event: dict, aws_account_id: str, params: dict) -> None: # noqa: U100 """Process Account and Create SNS Message for solution deployment. Args: @@ -327,7 +327,7 @@ def process_account(event: dict, aws_account_id: str, params: dict) -> None: publish_sns_message(sns_message, "S3 Block Account Public Access", params["SNS_TOPIC_ARN"]) -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -338,7 +338,7 @@ def process_event(event: dict) -> None: process_accounts(event, params) -def process_event_sns(event: dict) -> None: +def process_event_sns(event: dict) -> None: # noqa: U100 """Process SNS event. Args: @@ -358,7 +358,7 @@ def process_event_sns(event: dict) -> None: process_put_account_public_access_block(s3_client, aws_account, params) -def process_event_organizations(event: dict) -> None: +def process_event_organizations(event: dict) -> None: # noqa: U100 """Process Event from AWS Organizations. Args: @@ -382,7 +382,7 @@ def process_event_organizations(event: dict) -> None: LOGGER.info("Organization event does not match expected values.") -def process_event_lifecycle(event: dict) -> None: +def process_event_lifecycle(event: dict) -> None: # noqa: U100 """Process Lifecycle Event from AWS Control Tower. Args: @@ -417,7 +417,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - if event["RequestType"] in ["Create", "Update"]: params = get_validated_parameters({"RequestType": event["RequestType"]}) process_accounts(event, params) @@ -537,7 +536,7 @@ def get_validated_parameters(event: dict) -> dict: return params -def orchestrator(event: dict, context: Any) -> None: +def orchestrator(event: dict, context: Any) -> None: # noqa: U100 """Orchestration of Events. Args: @@ -556,7 +555,7 @@ def orchestrator(event: dict, context: Any) -> None: process_event(event) -def lambda_handler(event: dict, context: Any) -> None: +def lambda_handler(event: dict, context: Any) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py index 57735b70..a795fd96 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py @@ -139,7 +139,7 @@ def process_delete_event(params: dict, regions: list, accounts: dict) -> None: LOGGER.info("...DELETE_NO_EVENT") -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -630,7 +630,7 @@ def disable_security_lake(params: dict, regions: list, accounts: dict) -> None: security_lake.delete_aws_log_source(sl_client, regions, source, all_accounts, params["SOURCE_VERSION"]) -def orchestrator(event: dict[str, Any], context: Any) -> None: +def orchestrator(event: dict[str, Any], context: Any) -> None: # noqa: U100 """Orchestration. Args: @@ -645,7 +645,7 @@ def orchestrator(event: dict[str, Any], context: Any) -> None: process_event(event) -def lambda_handler(event: dict[str, Any], context: Any) -> None: +def lambda_handler(event: dict[str, Any], context: Any) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py b/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py index df75e71f..2ff2dfe2 100644 --- a/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py @@ -123,7 +123,7 @@ def process_sns_message_batches(sns_messages: list, sns_topic_arn: str) -> None: publish_sns_message_batch(batch, sns_topic_arn) -def process_event_sns(event: dict) -> None: +def process_event_sns(event: dict) -> None: # noqa: U100 """Process SNS event. Args: @@ -145,7 +145,7 @@ def process_event_sns(event: dict) -> None: securityhub.disable_securityhub(message["AccountId"], params["CONFIGURATION_ROLE_NAME"], message["Regions"]) -def process_event_lifecycle(event: Dict[str, Any]) -> str: +def process_event_lifecycle(event: Dict[str, Any]) -> str: # noqa: U100 """Process Lifecycle Event. Args: @@ -235,7 +235,7 @@ def process_add_update_event(params: dict) -> str: return "ADD_UPDATE_COMPLETE" -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -338,7 +338,7 @@ def deregister_delegated_administrator(delegated_admin_account_id: str, service_ LOGGER.info(f"Account ({delegated_admin_account_id}) is not a registered delegated administrator: {error}") -def process_event_organizations(event: dict) -> None: +def process_event_organizations(event: dict) -> None: # noqa: U100 """Process Event from AWS Organizations. Args: @@ -378,7 +378,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - params = get_validated_parameters({"RequestType": event["RequestType"]}) if params["action"] in ["Add", "Update"]: @@ -393,7 +392,7 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte return f"sra-securityhub-org-{params['DELEGATED_ADMIN_ACCOUNT_ID']}" -def orchestrator(event: Dict[str, Any], context: Any) -> None: +def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Orchestration. Args: @@ -412,7 +411,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None: process_event(event) -def lambda_handler(event: Dict[str, Any], context: Any) -> None: +def lambda_handler(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Lambda Handler. Args: @@ -430,7 +429,7 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None: raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs '{context.log_group_name}' for details.") from None -def terraform_handler(event: Dict[str, Any], context: Context) -> None: +def terraform_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100 """Lambda Handler. Args: diff --git a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py index c0bbffe8..34eccd85 100644 --- a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py +++ b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py @@ -69,7 +69,7 @@ def process_add_update_event(params: dict, accounts: list) -> None: LOGGER.info("...ADD_UPDATE_NO_EVENT") -def process_event(event: dict) -> None: +def process_event(event: dict) -> None: # noqa: U100 """Process Event. Args: @@ -603,7 +603,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte Returns: AWS CloudFormation physical resource id """ - params = get_validated_parameters({"RequestType": event["RequestType"]}) excluded_accounts: list = [] accounts = common.get_active_organization_accounts(excluded_accounts) @@ -618,7 +617,7 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte return f"sra-shield-advanced-{params['DELEGATED_ADMIN_ACCOUNT_ID']}" -def orchestrator(event: Dict[str, Any], context: Any) -> None: +def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Orchestration. Args: @@ -633,7 +632,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None: process_event(event) -def lambda_handler(event: Dict[str, Any], context: Any) -> None: +def lambda_handler(event: Dict[str, Any], context: Any) -> None: # noqa: U100 """Lambda Handler. Args: