3. Private Class and Function Reference

3.1. lambdahelper-bunder cli tool

class awslambdahelper.cli.BundlerArgumentParser[source]

Parses command line arguments, and validates the integrity of the file paths and directories provided.

Add the cli argument schema

static _full_path(dir_)[source]

Expand any ‘~’, ‘../’, or ‘./’ in the dir_ path.

Parameters:dir – A relative, home relative, or absolute path.
Returns:Fully Qualified path
Return type:str
_parse_known_args(arg_strings, namespace)[source]

Parse as the parent does, and then optionally raise an ArgumentException is --send-to-cfn is missing --owner.

Parameters:
  • arg_strings (list) – List of cli argument strings passed to the arg parser.
  • namespace (argparse.Namespace) – Namespace object, created by super argparse.ArgumentParser namespace object.
Returns:

namespace(argparse.Namespace)

is the super argparse.ArgumentParser namespace object, with the with the addition of the arguments parse in this class.

unparsed_args(list[str])

are args which were not parsed by this ArgumentParser.

static _test_missing_directory(target_directory)[source]

If the specified directory is missing, return an error message

Parameters:target_directory (str) – Fully qualified path to test
Returns:An error message, or False if the requirements file exists.
Return type:Union[str,bool]
static _test_missing_requirements(requirements_path)[source]

If the requirements path does not exist, return an error method

Parameters:requirements_path (str) – Fully qualified path to test.
Returns:An error message, or False if the requirements file exists.
Return type:Union[str,bool]
static _test_not_a_directory(target_directory)[source]

If the specified path is not a directory, return an error message

Parameters:target_directory (str) – Fully qualified path to test
Returns:An error message, or False if the requirements file exists.
Return type:Union[str,bool]
class awslambdahelper.cli.LambdahelperBundler[source]

Handler for the cli tool to archive code up for Lambda

copy_lambda_package_files()[source]

Copy lambda files to working directory.

Returns:
static parse_args(args=None)[source]

Parse the args :param args: :return:

run(args=None)[source]

Entrypoint for our bundler cli tool

Parameters:args – defaults to sys.argv[1:]
Returns:
class awslambdahelper.cli.SetupCfgFile(setup_cfg, temp_setup_cfg)[source]

Make sure we have a setup.cfg file with an empty install.prefix for uploading to lambda.

Parameters:
  • setup_cfg (str) – Location of expected path to existing setpu.cfg
  • temp_setup_cfg (str) – Location of temporary setup.cfg file for use during packaging
load()[source]

If the existing setup.cfg exists, load it.

Returns:
Return type:awslmabdahelper.cli.SetupCfgFile
write()[source]

Make sure we have an ‘install’ section, and that the ‘prefix’ is set to ‘’.

Returns:
class awslambdahelper.cli.DirectoryZipFile(target)[source]

Handles the zipping of an entire directory

create_archive()[source]

Given a target_directory to compress, and a working_directory to place the files in, compress them in a zip archive.

Returns:
zipdir(path, zip_path_prefix)[source]

Recursively walk our directory path, and add files to the zip archive.

Parameters:
  • path – Path to walk which contains our files to be added to the zip archive.
  • zip_path_prefix
Returns:

3.2. AWS Config resources

class awslambdahelper.AWSConfigRule(applicable_resources=None)[source]

Defines the business logic for processing either scheduled or config change AWS Config rules

If this rule is for handling ConfigurationChange events, then the “Applicable Resources” attribute must be set. If this is for handling Scheduled events, then no item is required.

Parameters:applicable_resources (Union[List,Tuple]) – A list of AWS resources which this rule evaluates. Only applicable for Configuration Change rules, and not Scheduled rules. See Evaluating Additional Resource Types, and Supported AWS Resource Types.
APPLICABLE_RESOURCES = []

List of resources which this rule can evaluate. Only application for ConfigurationChange rules.

CALL_TYPE_CONFIGURATION_CHANGE = 'ConfigurationItemChangeNotification'

Specifies an AWS Config Rule which is triggered by a resource configuration

CALL_TYPE_SCHEDULED = 'ScheduledNotification'

Specifies an AWS Config Rule which is triggered on a scheduled basis

evaluate_compliance(rule_parameters, event, config=None)[source]

A facade to delegate the event to either the find_violation_config_change(), or find_violation_scheduled().

Parameters:
  • rule_parameters – A list of key/pairs which are to be provided to the rule.
  • event
  • config
Type:

dict

Returns:

find_violation_config_change(rule_parameters, config)[source]

Place holder function for configuration change rules. Needs to be overriden by super class.

Raises:

NotImplementedError

Parameters:
  • rule_parameters
  • config
Returns:

None

find_violation_scheduled(rule_parameters, accountid)[source]

Place holder function for configuration change rules. Needs to be overriden by super class.

Parameters:
  • rule_parameters
  • accountid
Returns:

None

classmethod handler(event, context)[source]

Allow a single entrypoint without extra boilerplate code.

>>> from awslambdahelper import AWSConfigRule,InsufficientDataEvaluation
>>> class MyAwesomeRule(AWSConfigRule):
...     APPLICABLE_RESOURCES = ["AWS::EC2::Instance"]
...     def find_violation_config_change(self, rule_parameters, config):
...         return [InsufficientDataEvaluation()]
>>>
>>> # The entrypoint for lambda would be set as "file_name.MyAwesomeRule.handler"
Parameters:
Returns:

lambda_handler(event, context)[source]

Deprecated since version 1.1.4: Use handler()

class awslambdahelper.evaluation.AWSConfigEvaluation(Type, Annotation, ResourceType=None, ResourceId=None, OrderingTimestamp=None)[source]

Represents a response payload to an evaluation event

Parameters:
  • Type – One of TYPE_COMPLIANT, TYPE_NON_COMPLIANT, TYPE_NOT_APPLICABLE, or TYPE_INSUFFICIENT_DATA.
  • Annotation (str) – An explanation to attach to the evaluation result. Shown in the AWS Config Console.
  • ResourceType (str) –
  • ResourceId (str) – The id (eg, id-000000) or the ARN (eg, arn:aws:iam:01234567890:eu-west-1:..) for the resource
  • OrderingTimestamp – The time of the event in AWS Config that triggered the evaluation.
TYPE_COMPLIANT = 'COMPLIANT'

Define an evaluation of a resource as compliant to a rule. See Evaluation.ComplianceType. # noqa

TYPE_INSUFFICIENT_DATA = 'INSUFFICIENT_DATA'

Define a rule as not having enough insufficient data for evaluate a resource. See Evaluation.ComplianceType. # noqa

TYPE_NON_COMPLIANT = 'NON_COMPLIANT'

Define an evaluation of a resource as not being compliant to a rule. See Evaluation.ComplianceType. # noqa

TYPE_NOT_APPLICABLE = 'NOT_APPLICABLE'

Define a rule as not being applicable to a specific resource. See Evaluation.ComplianceType. # noqa

set(ResourceType=None, ResourceId=None, OrderingTimestamp=None)[source]

Sets variables for the evaluation, after creation. See the Evaluation resource for details.

Parameters:
  • ResourceType
  • ResourceId – The id (eg, id-000000) or the ARN (eg, arn:aws:iam:01234567890:eu-west-1:..) for the resource
  • OrderingTimestamp – The time of the event in AWS Config that triggered the evaluation.
Returns:

This evaluation object

Return type:

AWSConfigEvaluation

to_dict()[source]

Convert the AWSConfigEvaluation object to an Evaluation payload. If the timestamp is not set, we create one.

Returns:an AWS Config Evaluation resource
Return type:dict
class awslambdahelper.CompliantEvaluation(Annotation='This resource is compliant with the rule.', ResourceType=None, ResourceId=None, OrderingTimestamp=None)[source]

A rule is compliant if all of the resources that the rule evaluates comply with it,

Parameters:
  • Annotation (str) – An explanation to attach to the evaluation result. Shown in the AWS Config Console.
  • ResourceType (str) –

    A list of AWS resources which this rule evaluates. See Evaluating Additional Resource Types, and Supported AWS Resource Types.

  • ResourceId – The id (eg, id-000000) or the ARN (eg, arn:aws:iam:01234567890:eu-west-1:..) for the resource
  • OrderingTimestamp – The time of the event in AWS Config that triggered the evaluation.
class awslambdahelper.NonCompliantEvaluation(Annotation, ResourceType=None, ResourceId=None, OrderingTimestamp=None)[source]

A rule is noncompliant if any of these resources do not comply.

Parameters:
  • Annotation (str) – An explanation to attach to the evaluation result. Shown in the AWS Config Console.
  • ResourceType (str) –

    A list of AWS resources which this rule evaluates. See Evaluating Additional Resource Types, and Supported AWS Resource Types.

  • ResourceId – The id (eg, id-000000) or the ARN (eg, arn:aws:iam:01234567890:eu-west-1:..) for the resource
  • OrderingTimestamp – The time of the event in AWS Config that triggered the evaluation.
class awslambdahelper.NotApplicableEvaluation(ResourceType, ResourceId=None, OrderingTimestamp=None)[source]

This resource is not applicable for this rule.

Parameters:
  • ResourceType (str) –

    A list of AWS resources which this rule evaluates. See Evaluating Additional Resource Types, and Supported AWS Resource Types.

  • ResourceId – The id (eg, id-000000) or the ARN (eg, arn:aws:iam:01234567890:eu-west-1:..) for the resource
  • OrderingTimestamp – The time of the event in AWS Config that triggered the evaluation.
class awslambdahelper.InsufficientDataEvaluation(Annotation, ResourceType=None, ResourceId=None, OrderingTimestamp=None)[source]

AWS Config returns the INSUFFICIENT_DATA value when no evaluation results are available for the AWS resource or Config rule.

Parameters:
  • Annotation (str) – An explanation to attach to the evaluation result. Shown in the AWS Config Console.
  • ResourceType (str) –

    A list of AWS resources which this rule evaluates. See Evaluating Additional Resource Types, and Supported AWS Resource Types.

  • ResourceId (str) – The id (eg, id-000000) or the ARN (eg, arn:aws:iam:01234567890:eu-west-1:..) for the resource
  • OrderingTimestamp – The time of the event in AWS Config that triggered the evaluation.