cisagov · jsf9k · Sep 5, 2024 · Aug 29, 2024 · Aug 30, 2024 · Aug 30, 2024
@@ -19,9 +19,9 @@ updates:
       - dependency-name: hashicorp/setup-terraform
       - dependency-name: mxschmitt/action-tmate
       - dependency-name: step-security/harden-runner
-      # # Managed by cisagov/disable-inactive-iam-users-lambda
-      # - dependency-name: actions/upload-artifact
-      # - dependency-name: github/codeql-action
+      # Managed by cisagov/skeleton-aws-lambda-python
+      - dependency-name: actions/upload-artifact
+      - dependency-name: github/codeql-action
     package-ecosystem: github-actions
     schedule:
       interval: weekly

@@ -219,9 +219,7 @@ jobs:
       matrix:
         # Python runtime versions supported by AWS
         python-version:
-          - "3.7"
-          - "3.8"
-          - "3.9"
+          - "3.10"
     steps:
       - id: harden-runner
         name: Harden the runner

@@ -25,12 +25,12 @@ one.
 ## Pull requests ##
 
 If you choose to [submit a pull
-request](https://github.com/cisagov/disable-inactive-iam-users-lambda/pulls), you will
-notice that our continuous integration (CI) system runs a fairly
-extensive set of linters and syntax checkers.  Your pull request may
-fail these checks, and that's OK.  If you want you can stop there and
-wait for us to make the necessary corrections to ensure your code
-passes the CI checks.
+request](https://github.com/cisagov/disable-inactive-iam-users-lambda/pulls),
+you will notice that our continuous integration (CI) system runs a
+fairly extensive set of linters and syntax checkers.  Your pull
+request may fail these checks, and that's OK.  If you want you can
+stop there and wait for us to make the necessary corrections to ensure
+your code passes the CI checks.
 
 If you want to make the changes yourself, or if you want to become a
 regular contributor, then you will want to set up

@@ -1,9 +1,9 @@
-ARG PY_VERSION=3.9
+ARG PY_VERSION=3.10
 
 FROM amazon/aws-lambda-python:$PY_VERSION as install-stage
 
 # Declare it a second time so it's brought into this scope.
-ARG PY_VERSION=3.9
+ARG PY_VERSION=3.10
 
 # Install the Python packages necessary to install the Lambda dependencies.
 RUN python3 -m pip install --no-cache-dir \
@@ -31,17 +31,11 @@ FROM amazon/aws-lambda-python:$PY_VERSION as build-stage
 # For a list of pre-defined annotation keys and value types see:
 # https://github.com/opencontainers/image-spec/blob/master/annotations.md
 ###
-# github@cisa.dhs.gov is a very generic email distribution, and it is
-# unlikely that anyone on that distribution is familiar with the
-# particulars of your repository.  It is therefore *strongly*
-# suggested that you use an email address here that is specific to the
-# person or group that maintains this repository; for example:
-# LABEL org.opencontainers.image.authors="vm-fusion-dev-group@trio.dhs.gov"
-LABEL org.opencontainers.image.authors="github@cisa.dhs.gov"
+LABEL org.opencontainers.image.authors="vm-dev@gwe.cisa.dhs.gov"
 LABEL org.opencontainers.image.vendor="Cybersecurity and Infrastructure Security Agency"
 
 # Declare it a third time so it's brought into this scope.
-ARG PY_VERSION=3.9
+ARG PY_VERSION=3.10
 
 # This must be present in the image to generate a deployment artifact.
 ENV BUILD_PY_VERSION=$PY_VERSION

@@ -2,13 +2,9 @@
 
 [![GitHub Build Status](https://github.com/cisagov/disable-inactive-iam-users-lambda/workflows/build/badge.svg)](https://github.com/cisagov/disable-inactive-iam-users-lambda/actions)
 
-This is a generic skeleton project that can be used to quickly get a
-new [cisagov](https://github.com/cisagov) GitHub
-[AWS Lambda](https://aws.amazon.com/lambda/) project using the Python runtimes
-started. This skeleton project contains [licensing information](LICENSE), as
-well as [pre-commit hooks](https://pre-commit.com) and
-[GitHub Actions](https://github.com/features/actions) configurations
-appropriate for the major languages that we use.
+This repository contains the code for an AWS Lambda function that
+disables access for users who have not used said access sufficiently
+recently.
 
 ## Building the base Lambda image ##
 
@@ -57,6 +53,13 @@ Once you are finished you can stop the detached container with the following com
 docker compose down
 ```
 
+To customize the name of the deployment file, you can override the
+`BUILD_FILE_NAME` environment variable.  For example:
+
+```console
+BUILD_FILE_NAME="disable_inactive_iam_users_lambda.zip" docker compose up build_deployment_package
+```
+
 ## How to update Python dependencies ##
 
 The Python dependencies are maintained using a [Pipenv](https://github.com/pypa/pipenv)
@@ -72,12 +75,30 @@ cd src/py3.9
 pipenv lock
 ```
 
-## New Repositories from a Skeleton ##
+## Lambda inputs ##
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| expiration_days | A strictly positive integer denoting the number of days after which an IAM user's access is considered inactive if unused. | `number` | n/a | yes |
+
+## Example Lambda input ##
+
+The following is an example of the JSON input event that is expected by the
+Lambda:
+
+```json
+{
+    "expiration_days": 45
+}
+```
+
+## Deploying the Lambda ##
 
-Please see our [Project Setup guide](https://github.com/cisagov/development-guide/tree/develop/project_setup)
-for step-by-step instructions on how to start a new repository from
-a skeleton. This will save you time and effort when configuring a
-new repository!
+The easiest way to deploy the Lambda and related resources is to use
+the
+[cisagov/disable-inactive-iam-users-tf-module](https://github.com/cisagov/disable-inactive-iam-users-tf-module)
+repository.  Refer to the documentation in that project for more
+information.
 
 ## Contributing ##
 

@@ -6,7 +6,7 @@ services:
     build: .
     # This uses the value of the LAMBDA_TAG environment variable from
     # the invoking environment but falls back to a default value.
-    image: cisagov/example_lambda:${LAMBDA_TAG:-latest}
+    image: cisagov/disable_inactive_iam_users_lambda:${LAMBDA_TAG:-latest}
     entrypoint: /opt/build_artifact.sh
     environment:
       # This uses the value of the BUILD_FILE_NAME environment variable
@@ -15,10 +15,3 @@ services:
     volumes:
       - ./src/build_artifact.sh:/opt/build_artifact.sh
       - .:/var/task/output
-  run_lambda_locally:
-    build: .
-    # This uses the value of the LAMBDA_TAG environment variable from
-    # the invoking environment but falls back to a default value.
-    image: cisagov/example_lambda:${LAMBDA_TAG:-latest}
-    ports:
-      - "9000:8080"
@@ -1,4 +1,8 @@
 --requirement requirements-test.txt
+# boto3 is not strictly required, but it can be useful for some local
+# development testing activities, so we include it here as a
+# convenience.
+boto3
 ipython
 pipenv
 semver