pmh_only/bp-check
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change lambda_function_settings_check behavior

Browse Source
This commit is contained in:
skyuecx0630 2024-08-07 17:20:32 +09:00
parent ba3f4f0951
commit 47b3f9b180
1 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
services/_lambda.py
View File

@ -13,8 +13,7 @@ def lambda_dlq_check():
functions = client.list_functions()["Functions"] functions = client.list_functions()["Functions"]
for function in functions: for function in functions:
response = client.get_function(FunctionName=function["FunctionName"])["Configuration"] if "DeadLetterConfig" in function:
if "DeadLetterConfig" in response:
compliant_resource.append(function["FunctionArn"]) compliant_resource.append(function["FunctionArn"])
else: else:
non_compliant_resources.append(function["FunctionArn"]) non_compliant_resources.append(function["FunctionArn"])
@ -58,15 +57,14 @@ def lambda_function_settings_check():
non_compliant_resources = [] non_compliant_resources = []
functions = client.list_functions()["Functions"] functions = client.list_functions()["Functions"]
runtime = [] # python3.7 | nodejs10.x ... default_timeout = 3
default_memory_size = 128
for function in functions: for function in functions:
configuration = client.get_function(FunctionName=function["FunctionName"])["Configuration"] if function["Timeout"] == default_timeout or function["MemorySize"] == default_memory_size:
if configuration["Runtime"] in runtime:
compliant_resource.append(function["FunctionArn"])
else:
non_compliant_resources.append(function["FunctionArn"]) non_compliant_resources.append(function["FunctionArn"])
else:
compliant_resource.append(function["FunctionArn"])
return RuleCheckResult( return RuleCheckResult(
passed=not non_compliant_resources, passed=not non_compliant_resources,
@ -81,12 +79,10 @@ def lambda_inside_vpc():
functions = client.list_functions()["Functions"] functions = client.list_functions()["Functions"]
for function in functions: for function in functions:
response = client.get_function(FunctionName=function["FunctionName"])["Configuration"] if "VpcConfig" in function:
compliant_resource.append(function["FunctionArn"])
if "VpcConfig" in response:
compliant_resource.append(function["FunctionName"])
else: else:
non_compliant_resources.append(function["FunctionName"]) non_compliant_resources.append(function["FunctionArn"])
return RuleCheckResult( return RuleCheckResult(
passed=not non_compliant_resources, passed=not non_compliant_resources,