Initial commit for adding in an event bus

awslabs · Sep 8, 2022 · 3452301 · 3452301
1 parent a86296d
commit 3452301
Show file tree

Hide file tree

Showing 7 changed files with 83 additions and 2 deletions.
diff --git a/src/lambda_codebase/account_processing/configure_account_alias.py b/src/lambda_codebase/account_processing/configure_account_alias.py
@@ -6,15 +6,19 @@
 """
 
 import os
+import json
+import boto3
 from sts import STS
 from aws_xray_sdk.core import patch_all
 from logger import configure_logger
+from events import ADFEvents
 
 patch_all()
 
 LOGGER = configure_logger(__name__)
 ADF_ROLE_NAME = os.getenv("ADF_ROLE_NAME")
 AWS_PARTITION = os.getenv("AWS_PARTITION")
+EVENTS =  ADFEvents(boto3.client("events"), "AccountManagement.Alias")
 
 
 def delete_account_aliases(account, iam_client, current_aliases):
@@ -76,6 +80,7 @@ def lambda_handler(event, _):
             "adf_account_alias_config",
         )
         ensure_account_has_alias(event, role.client("iam"))
+        EVENTS.put_event(detail=json.dumps(event), detailType="ACCOUNT_ALIAS_CONFIGURED", resources=[account_id])
     else:
         LOGGER.info(
             "Account: %s does not need an alias",

diff --git a/src/lambda_codebase/account_processing/configure_account_tags.py b/src/lambda_codebase/account_processing/configure_account_tags.py
@@ -8,13 +8,18 @@
 in the config file.
 """
 
-from organizations import Organizations
 
+
+import json
 import boto3
+
+from organizations import Organizations
 from aws_xray_sdk.core import patch_all
 from logger import configure_logger
+from events import ADFEvents
 
 patch_all()
+EVENTS =  ADFEvents(boto3.client("events"), "AccountManagement.Tags")
 LOGGER = configure_logger(__name__)
 
 
@@ -35,6 +40,7 @@ def lambda_handler(event, _):
             event.get("tags"),
             organizations,
         )
+        EVENTS.put_event(detail=json.dumps(event), detailType="ACCOUNT_TAGS_CONFIGURED", resources=[event.get('account_id')])
     else:
         LOGGER.info(
             "Account: %s does not need tags configured",

diff --git a/src/lambda_codebase/account_processing/create_account.py b/src/lambda_codebase/account_processing/create_account.py
@@ -6,14 +6,20 @@
 """
 
 import os
+import json
 from aws_xray_sdk.core import patch_all
 import boto3
+
 from logger import configure_logger
+from events import ADFEvents
+
 
 patch_all()
 
 LOGGER = configure_logger(__name__)
 ADF_ROLE_NAME = os.getenv("ADF_ROLE_NAME")
+EVENTS =  ADFEvents(boto3.client("events"), "AccountManagement.AccountProvisioning")
+
 
 
 def create_account(account, adf_role_name, org_client):
@@ -42,4 +48,5 @@ def create_account(account, adf_role_name, org_client):
 
 def lambda_handler(event, _):
     org_client = boto3.client("organizations")
-    return create_account(event, ADF_ROLE_NAME, org_client)
+    details = create_account(event, ADF_ROLE_NAME, org_client)
+    EVENTS.put_event(detail=json.dumps(details), detailType="ACCOUNT_PROVISIONED", resources=[details.get("account_id")])
diff --git a/src/lambda_codebase/account_processing/delete_default_vpc.py b/src/lambda_codebase/account_processing/delete_default_vpc.py
@@ -5,15 +5,20 @@
 Deletes the default VPC in a particular region
 """
 import os
+import json
+import boto3
 from sts import STS
 from aws_xray_sdk.core import patch_all
 from logger import configure_logger
+from events import ADFEvents
 
 patch_all()
 
 LOGGER = configure_logger(__name__)
 ADF_ROLE_NAME = os.getenv("ADF_ROLE_NAME")
 AWS_PARTITION = os.getenv("AWS_PARTITION")
+EVENTS =  ADFEvents(boto3.client("events"), "AccountManagement.VPC")
+
 
 
 def assume_role(account_id):
@@ -62,6 +67,7 @@ def delete_default_vpc(ec2_resource, ec2_client, default_vpc_id):
 
 
 
+
 def lambda_handler(event, _):
     event = event.get("Payload")
     LOGGER.info("Checking for default VPC: %s", event.get('account_full_name'))
@@ -78,5 +84,7 @@ def lambda_handler(event, _):
         )
         ec2_resource = role.resource("ec2", region_name=event.get("region"))
         delete_default_vpc(ec2_resource, ec2_client, default_vpc_id)
+        EVENTS.put_event(detail=json.dumps(event), detailType="DEFAULT_VPC_DELETED", resources=[event.get("account_id"), default_vpc_id])
+
 
     return {"Payload": event}
diff --git a/src/lambda_codebase/account_processing/register_account_for_support.py b/src/lambda_codebase/account_processing/register_account_for_support.py
@@ -8,14 +8,17 @@
 """
 
 from enum import Enum
+import json
 import boto3
 from botocore.exceptions import ClientError, BotoCoreError
 from botocore.config import Config
 from logger import configure_logger
+from events import ADFEvents
 from aws_xray_sdk.core import patch_all
 
 
 LOGGER = configure_logger(__name__)
+EVENTS =  ADFEvents(boto3.client("events"), "AccountManagement.Support")
 patch_all()
 
 
@@ -191,6 +194,8 @@ def _enable_support_for_account(
                 account_id,
                 account.get("email"),
             )
+            EVENTS.put_event(detail=json.dumps(account), detailType="ENTERPRISE_SUPPORT_REQUESTED", resources=[account.get("account_id")])
+
 
         except (ClientError, BotoCoreError):
             LOGGER.error(

diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/events.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/events.py
@@ -0,0 +1,41 @@
+"""
+Standardised class for pushing events from within the ADF Namespace
+"""
+
+
+import os
+import boto3
+
+
+class ADFEvents:
+    def __init__(
+        self, client: boto3.client, service, namespace="ADF", eventbus_arn=None
+    ) -> None:
+        """
+        Client: Any Boto3 EventBridge client
+        Service: The name of the Service e.g AccountManagement.EnableSupport
+        namespace: Defaults to ADF
+        eventbus_arn: Optionally specify a custom EventBridge ARN. If no ARN is specified, and no ENV variable set, will default to ADF-Event-Bus
+
+        """
+        self.events = client
+        self.source = f"{namespace}.{service}"
+        self.eventbus_arn = (
+            os.environ.get("ADF_EVENTBUS_ARN", "ADF-Event-Bus")
+            if eventbus_arn is None
+            else eventbus_arn
+        )
+
+    # This dict isn't mutated. So it's safe to default to this
+    def put_event(self, detailType, detail, resources=[]): # pylint: disable=W0102
+        payload = {
+            "Source": self.source,
+            "Resources": resources,
+            "DetailType": detailType,
+            "Detail": detail,
+            "EventBusName": self.eventbus_arn,
+        }
+        trace_id = os.getenv("_X_AMZN_TRACE_ID")
+        if trace_id:
+            payload["TraceHeader"] = trace_id
+        self.events.put_events(Entries=[payload])
diff --git a/src/template.yml b/src/template.yml
@@ -233,6 +233,9 @@ Resources:
               - "xray:PutTelemetryRecords"
               - "xray:PutTraceSegments"
             Resource: "*"
+          - Effect: "Allow"
+            Action: "events:PutEvents"
+            Resource: !GetAtt ADFEventBus.Arn
       Roles:
         - !Ref AccountProcessingLambdaRole
         - !Ref GetAccountRegionsFunctionRole
@@ -363,6 +366,7 @@ Resources:
           ADF_VERSION: !FindInMap ['Metadata', 'ADF', 'Version']
           ADF_LOG_LEVEL: !Ref LogLevel
           ADF_ROLE_NAME: !Ref CrossAccountAccessRoleName
+          ADF_EVENTBUS_ARN: !GetAtt ADFEventBus.Arn
       FunctionName: AccountAliasConfigurationFunction
       Role: !GetAtt AccountAliasConfigFunctionRole.Arn
 
@@ -1881,6 +1885,11 @@ Resources:
           RoleArn: !GetAtt PipelineCloudWatchEventRole.Arn
           Id: adf-codepipeline-trigger-bootstrap
 
+  ADFEventBus:
+    Type: AWS::Events::EventBus
+    Properties:
+      Name: ADF-Event-Bus
+
 Outputs:
   ADFVersionNumber:
     Value: !FindInMap ["Metadata", "ADF", "Version"]