public override void Invoke(AWSCredentials creds, RegionEndpoint region, int maxItems)
{
AmazonConfigServiceConfig config = new AmazonConfigServiceConfig();
config.RegionEndpoint = region;
ConfigureClient(config);
AmazonConfigServiceClient client = new AmazonConfigServiceClient(creds, config);
ListStoredQueriesResponse resp = new ListStoredQueriesResponse();
do
{
ListStoredQueriesRequest req = new ListStoredQueriesRequest
{
NextToken = resp.NextToken
,
MaxResults = maxItems
};
resp = client.ListStoredQueries(req);
CheckError(resp.HttpStatusCode, "200");
foreach (var obj in resp.StoredQueryMetadata)
{
AddObject(obj);
}
}while (!string.IsNullOrEmpty(resp.NextToken));
}
/// <summary>
/// This method is called for every Lambda invocation. This method takes in an Config event object and can be used
/// to respond to Config notifications.
/// </summary>
/// <param name="evnt"></param>
/// <param name="context"></param>
/// <returns>Nothing</returns>
public async Task FunctionHandler(ConfigEvent evnt, ILambdaContext context)
{
Console.WriteLine("inside function handler...");
Amazon.RegionEndpoint region = Amazon.RegionEndpoint.GetBySystemName(System.Environment.GetEnvironmentVariable(AWS_REGION_PROPERTY));
AmazonConfigServiceClient configServiceClient = new AmazonConfigServiceClient(region);
await DoHandle(evnt, context, configServiceClient);
}
protected IAmazonConfigService CreateClient(AWSCredentials credentials, RegionEndpoint region)
{
var config = new AmazonConfigServiceConfig {
RegionEndpoint = region
};
Amazon.PowerShell.Utils.Common.PopulateConfig(this, config);
this.CustomizeClientConfig(config);
var client = new AmazonConfigServiceClient(credentials, config);
client.BeforeRequestEvent += RequestEventHandler;
client.AfterResponseEvent += ResponseEventHandler;
return(client);
}
private async Task DoHandle(ConfigEvent configEvent, ILambdaContext context, AmazonConfigServiceClient configServiceClient)
{
JObject ruleParamsObj;
JObject configItem;
if (configEvent.RuleParameters != null)
{
ruleParamsObj = JObject.Parse(configEvent.RuleParameters.ToString());
}
else
{
ruleParamsObj = new JObject();
}
JObject invokingEventObj = JObject.Parse(configEvent.InvokingEvent.ToString());
if (invokingEventObj["configurationItem"] != null)
{
configItem = JObject.Parse(invokingEventObj[CONFIGURATION_ITEM].ToString());
}
else
{
configItem = new JObject();
}
FailForIncompatibleEventTypes(invokingEventObj);
ComplianceType myCompliance = ComplianceType.NOT_APPLICABLE;
if (!IsEventNotApplicable(configItem, configEvent.EventLeftScope))
{
myCompliance = RuleCode.EvaluateCompliance(invokingEventObj, ruleParamsObj, context);
}
// Associates the evaluation result with the AWS account published in the event.
Evaluation evaluation = new Evaluation {
ComplianceResourceId = GetResourceId(configItem),
ComplianceResourceType = GetResourceType(configItem),
OrderingTimestamp = GetCiCapturedTime(configItem),
ComplianceType = myCompliance
};
await DoPutEvaluations(configServiceClient, configEvent, evaluation);
}
// Sends the evaluation results to AWS Config.
private async Task DoPutEvaluations(AmazonConfigServiceClient configClient, ConfigEvent configEvent, Evaluation evaluation)
{
Console.WriteLine("inside DoPutEvaluations...");
PutEvaluationsRequest req = new PutEvaluationsRequest();
req.Evaluations.Add(evaluation);
req.ResultToken = configEvent.ResultToken;
Task <PutEvaluationsResponse> taskResp = configClient.PutEvaluationsAsync(req);
PutEvaluationsResponse response = await taskResp;
// Ends the function execution if any evaluation results are not successfully reported.
if (response.FailedEvaluations.Count > 0)
{
throw new Exception(String.Format(
"The following evaluations were not successfully reported to AWS Config: %s",
response.FailedEvaluations));
}
}
