/
get_ssm_value.py
64 lines (52 loc) 路 2.24 KB
/
get_ssm_value.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import cfnresponse, logging, traceback, boto3, datetime, json
from dateutil.tz import tzlocal
def parameter_exist(name):
response = boto3.client('ssm').describe_parameters(
ParameterFilters=[{
'Key': 'Name',
'Values': [
name
]
}]
)
return len(response["Parameters"]) > 0
def date_2_string(o):
if isinstance(o, datetime.datetime):
return o.__str__()
def handler(event, context):
logger = logging.getLogger("crypto_cfn")
logger.setLevel(logging.DEBUG)
ch = logging.StreamHandler()
logger.addHandler(ch)
name = event["ResourceProperties"]["Name"]
try:
if event["RequestType"] in ["Create", "Update"]:
if not parameter_exist(name):
raise NameError("A Parameter named {} does not exists".format(name))
response = boto3.client('ssm').get_parameter_history(
Name=name,
WithDecryption=True,
)
ret_value = None
if event["ResourceProperties"].get("Version") is not None:
for param in response["Parameters"]:
if param["Version"] == int(event["ResourceProperties"].get("Version")):
ret_value = param
break
else:
ret_value = response["Parameters"][-1]
if ret_value is None:
raise LookupError("Parameter not found")
logger.info("Successfully retrieved parameter {}".format(name))
cfnresponse.send(event, context, cfnresponse.SUCCESS,
json.loads(json.dumps(ret_value, default=date_2_string)),
name + str(ret_value["Version"]), noEcho=True)
else:
cfnresponse.send(event, context, cfnresponse.SUCCESS, None, name, noEcho=True)
except Exception as ex:
logger.error("Faild get parameter value: %s", name)
logger.debug("Stack trace %s", traceback.format_exc())
if event["RequestType"] in ["Create", "Update"]:
cfnresponse.send(event, context, cfnresponse.FAILED, None, "0", noEcho=True)
else:
cfnresponse.send(event, context, cfnresponse.SUCCESS, None, "0", noEcho=True)