diff --git a/.gitignore b/.gitignore index 661dec7a..eea651d5 100644 --- a/.gitignore +++ b/.gitignore @@ -258,6 +258,7 @@ $RECYCLE.BIN/ .idea/**/usage.statistics.xml .idea/**/dictionaries .idea/**/shelf +.vscode # AWS User-specific .idea/**/aws.xml @@ -345,4 +346,4 @@ typings/ .idea/sonarlint # zip archives -*.zip \ No newline at end of file +*.zip diff --git a/VERSION b/VERSION index 59e9e604..bb83058e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.11 +1.0.12 diff --git a/modules/aft-feature-options/lambda/aft-enable-cloudtrail/aft_enable_cloudtrail.py b/modules/aft-feature-options/lambda/aft-enable-cloudtrail/aft_enable_cloudtrail.py index 7f50fb4e..ff674ed9 100644 --- a/modules/aft-feature-options/lambda/aft-enable-cloudtrail/aft_enable_cloudtrail.py +++ b/modules/aft-feature-options/lambda/aft-enable-cloudtrail/aft_enable_cloudtrail.py @@ -1,21 +1,30 @@ import inspect -from typing import Any, Dict, List, Union +from typing import TYPE_CHECKING, Any, Dict, List, Union import aft_common.aft_utils as utils import boto3 from boto3.session import Session +if TYPE_CHECKING: + from mypy_boto3_cloudtrail import CloudTrailClient +else: + CloudTrailClient = object + logger = utils.get_logger() CLOUDTRAIL_TRAIL_NAME = "aws-aft-CustomizationsCloudTrail" def trail_exists(session: Session) -> bool: - client = session.client("cloudtrail") + client: CloudTrailClient = session.client("cloudtrail") logger.info("Checking for trail " + CLOUDTRAIL_TRAIL_NAME) - response = client.get_trail(Name=CLOUDTRAIL_TRAIL_NAME) - logger.info("Trail already exists") - return True + try: + client.get_trail(Name=CLOUDTRAIL_TRAIL_NAME) + logger.info("Trail already exists") + return True + except client.exceptions.TrailNotFoundException: + logger.info("Trail does not exist") + return False def event_selectors_exists(session: Session) -> bool: diff --git a/sources/aft-customizations-repos/aft-account-customizations/README.md b/sources/aft-customizations-repos/aft-account-customizations/README.md index bb391436..9ea1b528 100644 --- a/sources/aft-customizations-repos/aft-account-customizations/README.md +++ b/sources/aft-customizations-repos/aft-account-customizations/README.md @@ -1,9 +1,6 @@ # Introduction This repo stores the Terraform and API helpers for the Account Customizations. Account Customizations are used to customize all provisioned accounts with customer defined resources. The resources can be created through Terraform or through Python, leveraging the API helpers. The customization run is parameterized at runtime. -# Usage -To create an account specific baseline, copy the ACCOUNT_TEMPLATE folder into a new folder. The new folder name should be the account ID you wish to baseline. - # Usage To leverage Account Customizations, start by copying the ACCOUNT_TEMPLATE folder into a new folder. The new folder name should match the ```account_customizations_name``` provided in the account request for the accounts you would like to baseline. Then, populate the target folder as per the instructions below. @@ -40,4 +37,4 @@ account = $(aws sts get-caller-identity --query Account --output text) region = $(aws ec2 describe-availability-zones --query 'AvailabilityZones[0].[RegionName]' --output text) cidr = $(python ./python/source/get_cidr_range.py) aws ssm put-parameter --name /$account/$region/vpc/cidr --value $cidr -``` \ No newline at end of file +``` diff --git a/sources/aft-lambda-layer/setup.py b/sources/aft-lambda-layer/setup.py index 2f4e2c03..0f0d603f 100644 --- a/sources/aft-lambda-layer/setup.py +++ b/sources/aft-lambda-layer/setup.py @@ -73,7 +73,7 @@ "pre-commit == 2.16.0", "pycodestyle == 2.8.0", "mypy == 0.930", - "boto3-stubs[support, stepfunctions, ec2, organizations, servicecatalog, sqs, lambda, sns, sts] == 1.20.26", + "boto3-stubs[support, stepfunctions, ec2, organizations, servicecatalog, sqs, lambda, sns, sts, cloudtrail] == 1.20.26", "mypy_boto3_builder == 5.5.0", ] }, diff --git a/sources/scripts/terraform_client.py b/sources/scripts/terraform_client.py index 495cfcd6..ae9a9b2f 100755 --- a/sources/scripts/terraform_client.py +++ b/sources/scripts/terraform_client.py @@ -1,5 +1,5 @@ #!/usr/bin/python - +import os import time import requests @@ -24,7 +24,8 @@ def check_workspace_exists(organization_name, workspace_name, api_token): TERRAFORM_API_ENDPOINT, organization_name, workspace_name ) headers = __build_standard_headers(api_token) - response = requests.get(endpoint, headers=headers) + tf_dist = os.environ.get("TF_DISTRIBUTION") + response = requests.get(endpoint, headers=headers, verify=tf_dist != "tfe") data = response.json() if "data" in data.keys(): @@ -75,7 +76,8 @@ def create_configuration_version(workspace_id, api_token): def upload_configuration_content(data, upload_url): headers = {"Content-Type": "application/octet-stream", "Accept": "application/json"} - requests.put(upload_url, data=data, headers=headers) + tf_dist = os.environ.get("TF_DISTRIBUTION") + requests.put(upload_url, data=data, headers=headers, verify=tf_dist != "tfe") def set_environment_variable( @@ -203,25 +205,29 @@ def __build_standard_headers(api_token): def __post(endpoint, headers, payload): - response = requests.post(endpoint, headers=headers, json=payload) + tf_dist = os.environ.get("TF_DISTRIBUTION") + response = requests.post(endpoint, headers=headers, json=payload, verify=tf_dist != "tfe") __handle_errors(response) return response.json() def __patch(endpoint, headers, payload): - response = requests.patch(endpoint, headers=headers, json=payload) + tf_dist = os.environ.get("TF_DISTRIBUTION") + response = requests.patch(endpoint, headers=headers, json=payload, verify=tf_dist != "tfe") __handle_errors(response) return response.json() def __get(endpoint, headers): - response = requests.get(endpoint, headers=headers) + tf_dist = os.environ.get("TF_DISTRIBUTION") + response = requests.get(endpoint, headers=headers, verify=tf_dist != "tfe") __handle_errors(response) return response.json() def __delete(endpoint, headers): - response = requests.delete(endpoint, headers=headers) + tf_dist = os.environ.get("TF_DISTRIBUTION") + response = requests.delete(endpoint, headers=headers, verify=tf_dist != "tfe") # __handle_errors(response) return response.json()