def lambda_handler(event, context):
sess = boto3.session.Session(
aws_access_key_id=event['Credentials']['AccessKeyId'],
aws_secret_access_key=decrypt(
event['Credentials']['SecretAccessKeyCiphertext']),
aws_session_token=event['Credentials']['SessionToken'],
region_name=event['Region'])
cfn = sess.client('cloudformation')
return cfn.create_stack(
TemplateURL=event['TemplateURL'],
StackName=event['Stack']['StackName'],
Capabilities=event.get('Capabilities', []),
Parameters=format_parameters(event['Parameters']),
OnFailure='DO_NOTHING')
python类client()的实例源码
def _render_write(self):
"""
Create an list of keyword parameters suitable for passing to
``boto3.client('ssm').put_parameter()``.
:rtype: dict
"""
d = {}
d['Name'] = "{}.{}.{}".format(self.cluster, self.service, self.key)
d['Value'] = self.value
d['Overwrite'] = True
if self.is_secure:
d['Type'] = 'SecureString'
if self.kms_key_id:
d['KeyId'] = self.kms_key_id
else:
d['Type'] = 'String'
return d
def lambda_handler(event, context):
sess = boto3.session.Session(
aws_access_key_id=event['Credentials']['AccessKeyId'],
aws_secret_access_key=decrypt(
event['Credentials']['SecretAccessKeyCiphertext']),
aws_session_token=event['Credentials']['SessionToken'],
region_name=event['Region'])
cfn = sess.client('cloudformation')
try:
resp = cfn.update_stack(
TemplateURL=event['TemplateURL'],
StackName=event['Stack']['StackName'],
Capabilities=event.get('Capabilities', []),
Parameters=format_parameters(event['Parameters']))
except botocore.exceptions.ClientError as e:
if e.message.endswith('No updates are to be performed.'):
return {'Warning': 'NOTHING_TO_UPDATE'}
raise e
resp['Warning'] = 'NONE' # Ew
return resp
def __init__(self, module):
self.module = module
try:
# self.ecs = boto3.client('ecs')
region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True)
if not region:
module.fail_json(msg="Region must be specified as a parameter, in EC2_REGION or AWS_REGION environment variables or in boto configuration file")
self.ecs = boto3_conn(module, conn_type='client', resource='ecs', region=region, endpoint=ec2_url, **aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
self.module.fail_json(msg="Can't authorize connection - "+str(e))
# def list_clusters(self):
# return self.client.list_clusters()
# {'failures=[],
# 'ResponseMetadata={'HTTPStatusCode=200, 'RequestId='ce7b5880-1c41-11e5-8a31-47a93a8a98eb'},
# 'clusters=[{'activeServicesCount=0, 'clusterArn='arn:aws:ecs:us-west-2:777110527155:cluster/default', 'status='ACTIVE', 'pendingTasksCount=0, 'runningTasksCount=0, 'registeredContainerInstancesCount=0, 'clusterName='default'}]}
# {'failures=[{'arn='arn:aws:ecs:us-west-2:777110527155:cluster/bogus', 'reason='MISSING'}],
# 'ResponseMetadata={'HTTPStatusCode=200, 'RequestId='0f66c219-1c42-11e5-8a31-47a93a8a98eb'},
# 'clusters=[]}
def _create_lambda(arn, func_name, func_desc, lambda_handler, lambda_main,
runtime):
func = dict()
lamb = boto3.client('lambda')
with open(temp_deploy_zip) as deploy:
func['ZipFile'] = deploy.read()
try:
resp = lamb.create_function(
FunctionName=func_name, Runtime=runtime, Publish=True,
Description=func_desc,
Role=arn, Code=func, Handler='{0}.{1}'.format(
lambda_main, lambda_handler
))
logging.info("Create Lambda Function resp:{0}".format(
json.dumps(resp, indent=4, sort_keys=True))
)
return resp
except ClientError as ce:
if ce.response['Error']['Code'] == 'ValidationException':
logging.warning("Validation Error {0} creating function '{1}'.".format(
ce, func_name))
else:
logging.error("Unexpected Error: {0}".format(ce))
def _create_function_alias(func_alias, func_name, func_version):
lamb = boto3.client('lambda')
try:
resp = lamb.create_alias(
Name=func_alias,
FunctionName=func_name,
FunctionVersion=func_version
)
logging.info("Create Lambda Alias resp:{0}".format(
json.dumps(resp, indent=4, sort_keys=True))
)
return resp
except ClientError as ce:
if ce.response['Error']['Code'] == 'ValidationException':
logging.warning("Validation Error {0} creating alias '{1}'.".format(
ce, func_alias))
else:
logging.error("Unexpected Error: {0}".format(ce))
def _update_lambda_function(zip_file, func_name):
lamb = boto3.client('lambda')
try:
resp = lamb.update_function_code(
FunctionName=func_name,
ZipFile=zip_file.read(),
Publish=True
)
return resp['Version']
except ClientError as ce:
if ce.response['Error']['Code'] == 'ValidationException':
logging.warning(
"Validation Error {0} updating function '{1}'.".format(
ce, func_name))
else:
logging.error("Unexpected Error: {0}".format(ce))
def add_ip(current_ip, sg_id, port, protocol):
"""Add current IP to the security group"""
# setup client for ec2
client = boto3.client("ec2")
# execute security group ingress Boto3 commands
# TODO: Add in try for graceful error handling
response = client.authorize_security_group_ingress(
GroupId=sg_id,
IpProtocol=protocol,
FromPort=port,
ToPort=port,
CidrIp=current_ip
)
print response
def remove_ip(current_ip, sg_id, port, protocol):
"""remove current IP from the security group"""
# setup client for ec2
client = boto3.client("ec2")
# execute security group revoke ingress Boto3 commands
response = client.revoke_security_group_ingress(
GroupId=sg_id,
IpProtocol=protocol,
FromPort=port,
ToPort=port,
CidrIp=current_ip
)
print response
# Define the usage of the app
ebs-backup-cleanup-lambda.py 文件源码
项目:sm-engine-ansible
作者: METASPACE2020
项目源码
文件源码
阅读 31
收藏 0
点赞 0
评论 0
def send_to_sns(subject, message):
if aws_sns_arn is None:
return
print("Sending notification to: %s" % aws_sns_arn)
client = boto3.client('sns')
response = client.publish(
TargetArn=aws_sns_arn,
Message=message,
Subject=subject)
if 'MessageId' in response:
print("Notification sent with message id: %s" % response['MessageId'])
else:
print("Sending notification failed with response: %s" % str(response))
def send_to_sns(subject, message):
if aws_sns_arn is None:
return
print("Sending notification to: %s" % aws_sns_arn)
client = boto3.client('sns')
response = client.publish(
TargetArn=aws_sns_arn,
Message=message,
Subject=subject)
if 'MessageId' in response:
print("Notification sent with message id: %s" % response['MessageId'])
else:
print("Sending notification failed with response: %s" % str(response))
def __init__(self, clusterName, yml={}):
"""
:param clusterName: the name of the cluster in which we'll run our
helper tasks
:type clusterName: string
:param yml: the task definition information for the task from our
deployfish.yml file
:type yml: dict
"""
self.clusterName = clusterName
self.ecs = boto3.client('ecs')
self.commands = {}
self.from_yaml(yml)
self.desired_task_definition = TaskDefinition(yml=yml)
self.active_task_definition = None
def new(service, cluster, yml=None):
"""
Returns a list of parameters.
:param service:
:param cluster:
:param yml:
:return: list
"""
if yml:
m = ParameterFactory.WILDCARE_RE.search(yml)
if m:
parameter_list = []
ssm = boto3.client('ssm')
response = ssm.describe_parameters(Filters=[{'Key': 'Name', 'Values': [m.group('key')]}], MaxResults=50)
parms = response['Parameters']
for parm in parms:
if parm['Type'] == 'SecureString':
line = "{}:external:secure:{}".format(parm['Name'], parm['KeyId'])
else:
line = "{}:external".format(parm['Name'])
parameter_list.append(Parameter(service, cluster, yml=line))
return parameter_list
return [Parameter(service, cluster, yml=yml)]
def cleanup_resources(la_credentials, regions):
# Clean up resources
try:
for region in regions:
laCloudtrail = boto3.client(
'cloudtrail',
region_name=region,
aws_access_key_id=la_credentials[0],
aws_secret_access_key=la_credentials[1],
aws_session_token=la_credentials[2],
)
describeTrail = laCloudtrail.describe_trails()
for trail in describeTrail['trailList']:
deleteTrail = laCloudtrail.delete_trail(
Name=trail['TrailARN']
)
print(deleteTrail)
except Exception as e:
print(e)
print("No trails to delete")
return
def check_trails(la_credentials, s3_bucket):
laCloudtrail = boto3.client(
'cloudtrail',
region_name='us-east-1',
aws_access_key_id=la_credentials[0],
aws_secret_access_key=la_credentials[1],
aws_session_token=la_credentials[2],
)
checkTrail = laCloudtrail.describe_trails(
trailNameList=['default'],
)
if len(checkTrail['trailList']) == 1 \
and checkTrail['trailList'][0]['IsMultiRegionTrail'] is True \
and checkTrail['trailList'][0]['S3BucketName'] == s3_bucket:
return True
else:
return False
def get_la_vpc_id(la_credentials, region):
# Lookup vpcid
laCfn = boto3.client(
'cloudformation',
region_name=region,
aws_access_key_id=la_credentials[0],
aws_secret_access_key=la_credentials[1],
aws_session_token=la_credentials[2],
)
# Look up CFN stack Outputs
getStack = laCfn.describe_stacks(
StackName='core'
)
# Extract vpc id
laVpcId = None
cfnOutput = getStack['Stacks'][0]['Outputs']
for i in cfnOutput:
if i['OutputKey'] == "VPC":
laVpcId = i['OutputValue']
else:
continue
return laVpcId
def test_kms(self):
if "CFPP_RUN_KMS_TESTS" not in os.environ:
return
import boto3
import botocore
output = subprocess.check_output(["cfpp", "-s", "tests",
"tests/kms_test.template"])
parsed = json.loads(output)["Parameters"]
without_context = parsed["EncryptedValue"]["Default"]
with_context = parsed["EncryptedValueWithContext"]["Default"]
kms = boto3.client('kms')
kms.decrypt(CiphertextBlob=base64.b64decode(without_context))
try:
kms.decrypt(CiphertextBlob=with_context)
self.fail("expected KMS to fail due to lack of context")
except botocore.exceptions.ClientError:
pass
kms.decrypt(CiphertextBlob=base64.b64decode(with_context),
EncryptionContext={"ContextKey": "ContextValue"})
def set_mapper_number(manifest_file):
fastq_counts = 0
if manifest_file.startswith("s3://"):
s3 = boto3.resource("s3")
bucket_name, key_prefix = manifest_file.strip().strip("/")[5:].split("/", 1)
with tempfile.TemporaryDirectory() as tmpdirname:
s3.meta.client.download_file(bucket_name, key_prefix, tmpdirname + "/manifest")
for line in open(tmpdirname+"/manifest"):
fastq_counts += 1
else:
for line in open(manifest_file):
fastq_counts += 1
return fastq_counts
def upload_files_to_s3(file_list, dry_run=False):
"""
uploads files to an AWS S3 bucket
:param file_list: list of files to be uploaded
:param dry_run: a boolean flag for dry-run; no upload if set to False
:return: a comma separated list of upload files
"""
s3_client = boto3.client("s3")
uploaded_files = []
for name, local_dir, s3_dest in file_list:
file_location = local_dir.rstrip("/") + "/" + name
bucket_name, key_prefix = s3_dest.strip().strip("/")[5:].split("/", 1)
if not dry_run:
s3_client.upload_file(file_location, bucket_name, key_prefix + "/" + name)
uploaded_files.append(s3_dest.rstrip("/") + "/" + name)
return ",".join(uploaded_files)
def is_valid_s3_bucket(s3_string):
"""
Determine if the input string starts with a valid s3 bucket name
:param s3_string: an aws s3 address (e.g. s3://mybucket/other...)
:return: True if the s3_string contains a valid bucket name
"""
client = boto3.client('s3')
# only applies to s3 - so ignore otherwise
if s3_string[0:5] != 's3://':
return False
# get the bucket name
bucket = s3_string[5:].strip('/').split('/')[0]
if not bucket:
return False
# see if bucket exists
try:
client.list_objects(Bucket=bucket)
except:
return False
return True
def check_s3_file_exists(s3_path, file_name):
"""
Determine if a s3 key exists
:param s3_path: an s3 "directory" path (e.g. s3://mybucket/name/)
:param file_name: a pathless file name (e.g. myfile.txt)
:return: True if key exists; False otherwise
"""
full_path = s3_path.rstrip('/') + '/' + file_name
bucket_name, key_prefix = full_path[5:].split("/", 1)
client = boto3.client('s3')
# see if file exists
try:
client.get_object(Bucket=bucket_name, Key=key_prefix)
except:
return False
return True
def waf_get_ip_set(ip_set_id):
response = None
waf = boto3.client('waf')
for attempt in range(API_CALL_NUM_RETRIES):
try:
response = waf.get_ip_set(IPSetId=ip_set_id)
except Exception, e:
print(e)
delay = math.pow(2, attempt)
print("[waf_get_ip_set] Retrying in %d seconds..." % (delay))
time.sleep(delay)
else:
break
else:
print("[waf_get_ip_set] Failed ALL attempts to call API")
return response
def waf_update_ip_set(ip_set_id, updates_list):
response = None
if updates_list != []:
waf = boto3.client('waf')
for attempt in range(API_CALL_NUM_RETRIES):
try:
response = waf.update_ip_set(IPSetId=ip_set_id,
ChangeToken=waf.get_change_token()['ChangeToken'],
Updates=updates_list)
except Exception, e:
delay = math.pow(2, attempt)
print("[waf_update_ip_set] Retrying in %d seconds..." % (delay))
time.sleep(delay)
else:
break
else:
print("[waf_update_ip_set] Failed ALL attempts to call API")
return response
def waf_update_ip_set(ip_set_id, source_ip):
waf = boto3.client('waf')
for attempt in range(API_CALL_NUM_RETRIES):
try:
response = waf.update_ip_set(IPSetId=ip_set_id,
ChangeToken=waf.get_change_token()['ChangeToken'],
Updates=[{
'Action': 'INSERT',
'IPSetDescriptor': {
'Type': 'IPV4',
'Value': "%s/32"%source_ip
}
}]
)
except Exception, e:
delay = math.pow(2, attempt)
print "[waf_update_ip_set] Retrying in %d seconds..." % (delay)
time.sleep(delay)
else:
break
else:
print "[waf_update_ip_set] Failed ALL attempts to call API"
def remove_s3_bucket_lambda_event(bucket_name, lambda_function_arn):
s3 = boto3.resource('s3')
s3_client = boto3.client('s3')
try:
new_conf = {}
notification_conf = s3_client.get_bucket_notification_configuration(Bucket=bucket_name)
if 'TopicConfigurations' in notification_conf:
new_conf['TopicConfigurations'] = notification_conf['TopicConfigurations']
if 'QueueConfigurations' in notification_conf:
new_conf['QueueConfigurations'] = notification_conf['QueueConfigurations']
if 'LambdaFunctionConfigurations' in notification_conf:
new_conf['LambdaFunctionConfigurations'] = []
for lfc in notification_conf['LambdaFunctionConfigurations']:
if lfc['LambdaFunctionArn'] == lambda_function_arn:
continue #remove all references for Log Parser event
else:
new_conf['LambdaFunctionConfigurations'].append(lfc)
response = s3_client.put_bucket_notification_configuration(Bucket=bucket_name, NotificationConfiguration=new_conf)
except Exception, e:
print(e)
print("[ERROR] Error to remove S3 Bucket lambda event")
def can_delete_rule(stack_name, rule_id):
result = False
for attempt in range(API_CALL_NUM_RETRIES):
try:
waf = boto3.client('waf')
rule_detail = waf.get_rule(RuleId=rule_id)
result = (stack_name == None or (rule_detail['Rule']['Name'].startswith(stack_name + " - ") and rule_detail['Rule']['Name'] != (stack_name + " - Whitelist Rule") ))
except Exception, e:
print(e)
delay = math.pow(2, attempt)
print("[can_delete_rule] Retrying in %d seconds..." % (delay))
time.sleep(delay)
else:
break
else:
print("[can_delete_rule] Failed ALL attempts to call API")
return result
def group(name, project, device):
"""
Create a device group / pool.
:param name: group name
:param project: project id
:param device: device id
"""
device_str = '['
for pos, item in enumerate(device):
device_str += '"{item}"'.format(item=item)
if pos == len(device) - 1:
device_str += ']'
else:
device_str += ', '
rules = [{'attribute': 'ARN', 'operator': 'IN', 'value': device_str}]
res = client.create_device_pool(name=name, projectArn=project, rules=rules)
print(res.get('devicePool').get('arn'))
def get_confidence(self, file):
confidence = 0.0
response = self.client.detect_labels(
Image={
'Bytes': self.get_bytes(self.uploads_dir + file)
},
MaxLabels=self.max_labels,
MinConfidence=self.min_conf
)
labels = response['Labels']
for label in labels:
if label['Name'] == self.hd_label:
confidence = label['Confidence']
confidence = "%.2f" % float(confidence)
break
return confidence
def __init__(self, stream_name, back_off_limit=60, send_window=13):
self.stream_name = stream_name
self.back_off_limit = back_off_limit
self.last_send = 0
self._kinesis = boto3.client('kinesis')
self._sequence_number_for_ordering = '0'
self._record_agg = aws_kinesis_agg.aggregator.RecordAggregator()
self._send_window = send_window
try:
self._kinesis.create_stream(StreamName=stream_name, ShardCount=1)
except ClientError as e:
# ResourceInUseException is raised when the stream already exists
if e.response['Error']['Code'] != 'ResourceInUseException':
logger.error(e)
raise
waiter = self._kinesis.get_waiter('stream_exists')
# waits up to 180 seconds for stream to exist
waiter.wait(StreamName=self.stream_name)
def __update__(self):
"""
Update function code and properties
:return:
"""
self.__details__()
self.__zip_function__()
response = self.client.update_function_code(
FunctionName=self.function_name,
ZipFile=self.__read_zip__()
)
if self.debug:
PrintMsg.out(response)
PrintMsg.cmd('Sha256: {}'.format(
response['CodeSha256']), 'UPDATED CODE')
self.__delete_zip__()
if not self.dry:
response = self.client.update_function_configuration(
**self.config)
if self.debug:
PrintMsg.out(response)
PrintMsg.cmd('Sha256: {}'.format(
response['CodeSha256']), 'UPDATED CONFIG')
