Suggested changes (#8)

* I think it works now * Added new updates, removed cfn template deployment as a change set will deploy a template if that template doesn't exist * Update README.rst * Lambda role name (#7) * Added Flag for lambda role name * Added lambda role generation Co-authored-by: Jarrett Andrulis <[email protected]> Co-authored-by: Jarrett Andrulis <[email protected]>
awslabs · Oct 21, 2021 · f5f56e5 · f5f56e5
1 parent 0423a1d
commit f5f56e5
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 11 deletions.
diff --git a/rdk/rdk.py b/rdk/rdk.py
@@ -326,6 +326,7 @@ def get_deployment_parser(ForceArgument=False, Command="deploy"):
     parser.add_argument('--custom-code-bucket', required=False, help="[optional] Provide the custom code S3 bucket name, which is not created with rdk init, for generated cloudformation template storage.")
     parser.add_argument('--rdklib-layer-arn', required=False, help="[optional] Lambda Layer ARN that contains the desired rdklib.  Note that Lambda Layers are region-specific.")
     parser.add_argument('--lambda-role-arn', required=False, help="[optional] Assign existing iam role to lambda functions. If omitted, \"rdkLambdaRole\" will be created.")
+    parser.add_argument('--lambda-role-name', required=False, help="[optional] Assign existing iam role to lambda functions. If added, will look for a lambda role in the current account with the given name")
     parser.add_argument('--lambda-layers', required=False, help="[optional] Comma-separated list of Lambda Layer ARNs to deploy with your Lambda function(s).")
     parser.add_argument('--lambda-subnets', required=False, help="[optional] Comma-separated list of Subnets to deploy your Lambda function(s).")
     parser.add_argument('--lambda-security-groups', required=False, help="[optional] Comma-separated list of Security Groups to deploy with your Lambda function(s).")
@@ -355,6 +356,7 @@ def get_deployment_organization_parser(ForceArgument=False, Command="deploy-orga
     parser.add_argument('--custom-code-bucket', required=False, help="[optional] Provide the custom code S3 bucket name, which is not created with rdk init, for generated cloudformation template storage.")
     parser.add_argument('--rdklib-layer-arn', required=False, help="[optional] Lambda Layer ARN that contains the desired rdklib.  Note that Lambda Layers are region-specific.")
     parser.add_argument('--lambda-role-arn', required=False, help="[optional] Assign existing iam role to lambda functions. If omitted, \"rdkLambdaRole\" will be created.")
+    parser.add_argument('--lambda-role-name', required=False, help="[optional] Assign existing iam role to lambda functions. If added, will look for a lambda role in the current account with the given name")
     parser.add_argument('--lambda-layers', required=False, help="[optional] Comma-separated list of Lambda Layer ARNs to deploy with your Lambda function(s).")
     parser.add_argument('--lambda-subnets', required=False, help="[optional] Comma-separated list of Subnets to deploy your Lambda function(s).")
     parser.add_argument('--lambda-security-groups', required=False, help="[optional] Comma-separated list of Security Groups to deploy with your Lambda function(s).")
@@ -380,6 +382,7 @@ def get_export_parser(ForceArgument=False, Command="export"):
     parser.add_argument('--lambda-timeout', required=False, default=60, help="[optional] Timeout (in seconds) for the lambda function", type=str)
     parser.add_argument('--lambda-role-arn', required=False,
                         help="[optional] Assign existing iam role to lambda functions. If omitted, new lambda role will be created.")
+    parser.add_argument('--lambda-role-name', required=False, help="[optional] Assign existing iam role to lambda functions. If added, will look for a lambda role in the current account with the given name")
     parser.add_argument('--rdklib-layer-arn', required=False,
                         help="[optional] Lambda Layer ARN that contains the desired rdklib.  Note that Lambda Layers are region-specific.")
     parser.add_argument('-v', '--version', required=True, help='Terraform version', choices=['0.11', '0.12'])
@@ -1406,6 +1409,10 @@ def deploy(self):
             if self.args.lambda_role_arn:
                 print (f"[{my_session.region_name}]: Existing IAM Role provided: " + self.args.lambda_role_arn)
                 lambdaRoleArn = self.args.lambda_role_arn
+            elif self.args.lambda_role_name:
+                print (f"[{my_session.region_name}]: Finding IAM Role: " + self.args.lambda_role_name)
+                arn = f"arn:{partition}:iam::{account_id}:role/Rdk-Lambda-Role"
+                lambdaRoleArn = arn
 
             if self.args.boundary_policy_arn:
                 print (f"[{my_session.region_name}]: Boundary Policy provided: " + self.args.boundary_policy_arn)
@@ -1758,6 +1765,11 @@ def deploy_organization(self):
             if self.args.lambda_role_arn:
                 print ("Existing IAM Role provided: " + self.args.lambda_role_arn)
                 lambdaRoleArn = self.args.lambda_role_arn
+            elif self.args.lambda_role_name:
+                print (f"[{my_session.region_name}]: Finding IAM Role: " + self.args.lambda_role_name)
+                arn = f"arn:{partition}:iam::{account_id}:role/Rdk-Lambda-Role"
+                lambdaRoleArn = arn
+
 
             if self.args.boundary_policy_arn:
                 print ("Boundary Policy provided: " + self.args.boundary_policy_arn)
@@ -3456,7 +3468,7 @@ def __create_function_cloudformation_template(self):
 
         resources = {}
 
-        if self.args.lambda_role_arn:
+        if self.args.lambda_role_arn or self.args.lambda_role_name:
             print ("Existing IAM role provided: " + self.args.lambda_role_arn)
         else:
             print ("No IAM role provided, creating a new IAM role for lambda function")
@@ -3560,7 +3572,7 @@ def __create_function_cloudformation_template(self):
             properties["Description"] = "Function for AWS Config Rule " + rule_name
             properties["Handler"] = self.__get_handler(rule_name, params)
             properties["MemorySize"] = "256"
-            if self.args.lambda_role_arn:
+            if self.args.lambda_role_arn or self.args.lambda_role_name:
                 properties["Role"] = self.args.lambda_role_arn
             else:
                 lambda_function["DependsOn"] = "rdkLambdaRole"
@@ -3650,7 +3662,6 @@ def __create_new_lambda_layer(self, session, layer_name="rdklib-layer"):
                 print(f"[{session.region_name}]: Custom name layer not supported with Serverless Application Repository deployment, attempting manual deployment")
             self.__create_new_lambda_layer_locally(session, layer_name)
 
-
     def __create_new_lambda_layer_serverless_repo(self, session):
         try:
             cfn_client = session.client("cloudformation")

diff --git a/test-region.yaml b/test-region.yaml
@@ -1,13 +1,28 @@
-
 default:
+  - af-south-1
   - ap-east-1
-  - us-west-2
-  - us-east-2
-  - us-east-1
+  - ap-northeast-1
+  - ap-northeast-2
+  - ap-northeast-3
+  - ap-south-1
+  - ap-southeast-1
+  - ap-southeast-2
+  - ca-central-1
+  - eu-central-1
   - eu-north-1
-test-commercial:
-  - ap-east-1
+  - eu-south-1
+  - eu-west-1
+  - eu-west-2
+  - eu-west-3
+  - me-south-1
+  - sa-east-1
+  - us-east-1
+  - us-east-2
   - us-west-1
   - us-west-2
-  - us-east-1
-  - eu-north-1
+set-china:
+  - cn-north-1
+  - cn-northwest-1
+set-gov:
+  - us-gov-east-1
+  - us-gov-west-1