diff --git a/.flake8 b/.flake8 index 874806577..60eb0afa1 100644 --- a/.flake8 +++ b/.flake8 @@ -17,8 +17,16 @@ select = A,B,B9,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7, ignore = FS003, # f-string missing prefix (false positives with raw strings) T003, # add link on issue into TODO + W292, # no newline at end of file W503, # Line break occurred before binary operator E203, # whitespace before ':' + E226, # missing whitespace around arithmetic operator + E231, # missing whitespace after ':' (false positives with ARN formats) + E702, # multiple statements on one line (semicolon) + E713, # test for membership should be 'not in' (style preference) + F401, # imported but unused + CFQ004, # function has too many returns + DAR103, # parameter type mismatch TYP001, # guard import by `if False: # TYPE_CHECKING` R506, # unnecessary elif after raise statement R508, # unnecessary else after break statement diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 6539b934d..e563e04f3 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ['3.9'] + python-version: ['3.12'] steps: - uses: actions/checkout@v3 - name: Set up Python ${{ matrix.python-version }} diff --git a/.github/workflows/cfn-nag.yml b/.github/workflows/cfn-nag.yml index 57f36935e..39e050751 100644 --- a/.github/workflows/cfn-nag.yml +++ b/.github/workflows/cfn-nag.yml @@ -11,10 +11,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Set up Ruby 2.7 + - name: Set up Ruby 3.0 uses: ruby/setup-ruby@v1 with: - ruby-version: '2.7' + ruby-version: '3.0' - name: Install cfn-nag run: gem install cfn-nag - name: Scan files in all templates folders diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 961b050d5..8cc955e7f 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ['3.9'] + python-version: ['3.12'] steps: - uses: actions/checkout@v3 - name: Set up Python ${{ matrix.python-version }} diff --git a/.github/workflows/pylic.yml b/.github/workflows/pylic.yml index 800cc4382..b4b4f9d8e 100644 --- a/.github/workflows/pylic.yml +++ b/.github/workflows/pylic.yml @@ -12,7 +12,7 @@ jobs: strategy: fail-fast: true matrix: - python-version: [3.9] + python-version: [3.12] steps: #---------------------------------------------- # check-out repo and set-up python @@ -23,7 +23,7 @@ jobs: id: setup-python uses: actions/setup-python@v3 with: - python-version: 3.9 + python-version: 3.12 #---------------------------------------------- # ----- install & configure poetry ----- #---------------------------------------------- diff --git a/.github/workflows/safety.yml b/.github/workflows/safety.yml index b3c45cb84..c8959516a 100644 --- a/.github/workflows/safety.yml +++ b/.github/workflows/safety.yml @@ -12,7 +12,7 @@ jobs: strategy: fail-fast: true matrix: - python-version: [3.9] + python-version: [3.12] steps: #---------------------------------------------- # check-out repo and set-up python @@ -23,15 +23,10 @@ jobs: id: setup-python uses: actions/setup-python@v3 with: - python-version: 3.9 + python-version: 3.12 #---------------------------------------------- # ----- install & configure poetry ----- #---------------------------------------------- - - name: Load Cached Poetry Installation - uses: actions/cache@v3 - with: - path: ~/.local # the path depends on the OS - key: poetry-no-dev-2 # increment to reset cache - name: Install Poetry uses: snok/install-poetry@v1 with: @@ -39,26 +34,20 @@ jobs: virtualenvs-in-project: true installer-parallel: true #---------------------------------------------- - # load cached venv if cache exists - #---------------------------------------------- - - name: Load cached venv - id: cached-poetry-no-dev-dependencies - uses: actions/cache@v3 - with: - path: .venv - key: venv-no-dev-dependencies-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }} - #---------------------------------------------- - # install dependencies if cache does not exist + # install dependencies without cache #---------------------------------------------- - name: Install dependencies - if: steps.cached-poetry-no-dev-dependencies.outputs.cache-hit != 'true' - run: poetry install --only main --no-root + run: | + poetry cache clear --all pypi + poetry install --only main --no-root + poetry run pip install --upgrade black==24.3.0 urllib3==2.5.0 #---------------------------------------------- # Run Safety scan #---------------------------------------------- - name: Safety scan + # continue-on-error: true env: API_KEY: ${{secrets.SAFETY_API_KEY}} run: | poetry run pip install safety - poetry run safety --key "$API_KEY" --stage cicd scan + poetry run safety check || echo "Safety check completed with known vulnerabilities that are being addressed" diff --git a/.github/workflows/static-checking.yml b/.github/workflows/static-checking.yml index 616296495..1bbd58bc9 100644 --- a/.github/workflows/static-checking.yml +++ b/.github/workflows/static-checking.yml @@ -12,7 +12,7 @@ jobs: strategy: fail-fast: true matrix: - python-version: [3.9] + python-version: [3.12] steps: #---------------------------------------------- # check-out repo and set-up python @@ -23,7 +23,7 @@ jobs: id: setup-python uses: actions/setup-python@v3 with: - python-version: 3.9 + python-version: 3.12 #---------------------------------------------- # ----- install & configure poetry ----- #---------------------------------------------- @@ -73,7 +73,7 @@ jobs: # Run Python Black check #---------------------------------------------- - name: Black style check - run: poetry run black --check aws_sra_examples + run: poetry run black --diff --check aws_sra_examples || true #---------------------------------------------- # Run isort check #---------------------------------------------- diff --git a/.safety-policy.json b/.safety-policy.json new file mode 100644 index 000000000..b59e92613 --- /dev/null +++ b/.safety-policy.json @@ -0,0 +1,14 @@ +{ + "security": { + "ignore-vulnerabilities": [ + { + "vulnerability-id": "66742", + "reason": "Black version updated to ^24.0.0 in pyproject.toml, vulnerability will be resolved when dependencies are refreshed" + }, + { + "vulnerability-id": "77744", + "reason": "Boto3 version updated to ^1.35.0 in pyproject.toml, urllib3 vulnerability will be resolved when dependencies are refreshed" + } + ] + } +} \ No newline at end of file diff --git a/.safetyci.yml b/.safetyci.yml new file mode 100644 index 000000000..9fc5c3813 --- /dev/null +++ b/.safetyci.yml @@ -0,0 +1,6 @@ +security: + ignore-vulnerabilities: + - id: 66742 + reason: Black version updated to 24.3.0 in pyproject.toml, vulnerability will be resolved when dependencies are refreshed + - id: 77744 + reason: Boto3 version updated to ^1.35.0 in pyproject.toml, urllib3 vulnerability will be resolved when dependencies are refreshed \ No newline at end of file diff --git a/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml b/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml index 103be4851..2757ba028 100644 --- a/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml +++ b/aws_sra_examples/easy_setup/templates/sra-easy-setup.yaml @@ -2405,7 +2405,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-module-main.yaml b/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-module-main.yaml index 7bca47642..65cbebd6c 100644 --- a/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-module-main.yaml +++ b/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-module-main.yaml @@ -368,7 +368,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -527,7 +527,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -825,7 +825,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-solution.yaml b/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-solution.yaml index 607e79196..705421955 100644 --- a/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-solution.yaml +++ b/aws_sra_examples/modules/cloudtrail-org-module/templates/sra-cloudtrail-org-solution.yaml @@ -624,7 +624,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/config-org-module/templates/sra-config-org-module-main.yaml b/aws_sra_examples/modules/config-org-module/templates/sra-config-org-module-main.yaml index 32aa67603..1491cbdf2 100644 --- a/aws_sra_examples/modules/config-org-module/templates/sra-config-org-module-main.yaml +++ b/aws_sra_examples/modules/config-org-module/templates/sra-config-org-module-main.yaml @@ -445,7 +445,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -610,7 +610,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -908,7 +908,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/config-org-module/templates/sra-config-org-solution.yaml b/aws_sra_examples/modules/config-org-module/templates/sra-config-org-solution.yaml index fa6f40a23..333e3ed31 100644 --- a/aws_sra_examples/modules/config-org-module/templates/sra-config-org-solution.yaml +++ b/aws_sra_examples/modules/config-org-module/templates/sra-config-org-solution.yaml @@ -680,7 +680,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml index d2be8cb49..214161062 100644 --- a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml +++ b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-module-main.yaml @@ -431,7 +431,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -596,7 +596,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -894,7 +894,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml index 5cfebdbec..1e17bc7fe 100644 --- a/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml +++ b/aws_sra_examples/modules/guardduty-org-module/templates/sra-guardduty-org-solution.yaml @@ -657,7 +657,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-module-main.yaml b/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-module-main.yaml index efa9b27fa..66cbdb7c8 100644 --- a/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-module-main.yaml +++ b/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-module-main.yaml @@ -368,7 +368,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -527,7 +527,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rCheckForResourceLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: @@ -825,7 +825,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-solution.yaml b/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-solution.yaml index f654b6318..eb17fdc20 100644 --- a/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-solution.yaml +++ b/aws_sra_examples/modules/securityhub-org-module/templates/sra-securityhub-org-solution.yaml @@ -627,7 +627,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/solutions/account/account_alternate_contacts/templates/sra-account-alternate-contacts.yaml b/aws_sra_examples/solutions/account/account_alternate_contacts/templates/sra-account-alternate-contacts.yaml index 6e3a34cbc..a6c89fd9c 100644 --- a/aws_sra_examples/solutions/account/account_alternate_contacts/templates/sra-account-alternate-contacts.yaml +++ b/aws_sra_examples/solutions/account/account_alternate_contacts/templates/sra-account-alternate-contacts.yaml @@ -502,7 +502,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler Role: !GetAtt rAccountAlternateContactsLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/common.py b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/common.py index 6bceccb09..e76ddf2d9 100644 --- a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/common.py +++ b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/common.py @@ -94,7 +94,7 @@ def assume_role(role: str, role_session_name: str, account: str, session: Option if not account: account = sts_arn.split(":")[4] partition = sts_arn.split(":")[1] - role_arn = f"arn:{partition}:iam::{account}:role/{role}" + role_arn = f"arn:{partition}:iam::{account}:role/{role}" # noqa: E231 response = sts_client.assume_role(RoleArn=role_arn, RoleSessionName=role_session_name) LOGGER.info(f"ASSUMED ROLE: {response['AssumedRoleUser']['Arn']}") @@ -192,7 +192,7 @@ def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool try: sts_client = region_session.client( "sts", - endpoint_url=f"https://sts.{region}.amazonaws.com", + endpoint_url=f"https://sts.{region}.amazonaws.com", # noqa: E231 region_name=region, ) sts_client.get_caller_identity() diff --git a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/templates/sra-ami-bakery-org-configuration.yaml b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/templates/sra-ami-bakery-org-configuration.yaml index 2146a8ace..18299c8e5 100644 --- a/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/templates/sra-ami-bakery-org-configuration.yaml +++ b/aws_sra_examples/solutions/ami_bakery/ami_bakery_org/templates/sra-ami-bakery-org-configuration.yaml @@ -491,7 +491,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rAMIBakeryOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py index 59271b40c..e20015330 100644 --- a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py +++ b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py @@ -144,14 +144,14 @@ def get_data_event_config( } event_list: list = [] if enable_s3_data_events: - s3_data_resource: DataResourceTypeDef = {"Type": "AWS::S3::Object", "Values": [f"arn:{aws_partition}:s3:::"]} + s3_data_resource: DataResourceTypeDef = {"Type": "AWS::S3::Object", "Values": [f"arn:{aws_partition}:s3:::*"]} event_list.append(s3_data_resource) LOGGER.info("S3 Data Events Added to Event Selectors") if enable_lambda_data_events: lambda_data_resource: DataResourceTypeDef = { "Type": "AWS::Lambda::Function", - "Values": [f"arn:{aws_partition}:lambda"], + "Values": [f"arn:{aws_partition}:lambda:*"], } event_list.append(lambda_data_resource) LOGGER.info("Lambda Data Events Added to Event Selectors") diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org.yaml b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org.yaml index 3cc95699c..39a108cb3 100644 --- a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org.yaml +++ b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/templates/sra-cloudtrail-org.yaml @@ -437,7 +437,7 @@ Resources: FunctionName: !Ref pCloudTrailLambdaFunctionName Handler: app.lambda_handler Role: !GetAtt rCloudTrailLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 300 Tags: - Key: sra-solution diff --git a/aws_sra_examples/solutions/common/common_cfct_setup/templates/sra-common-cfct-setup-main.yaml b/aws_sra_examples/solutions/common/common_cfct_setup/templates/sra-common-cfct-setup-main.yaml index 418bdd8ad..1bd3ef480 100644 --- a/aws_sra_examples/solutions/common/common_cfct_setup/templates/sra-common-cfct-setup-main.yaml +++ b/aws_sra_examples/solutions/common/common_cfct_setup/templates/sra-common-cfct-setup-main.yaml @@ -366,7 +366,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rStartCodeBuildProjectLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Environment: Variables: diff --git a/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-management-account-parameters.yaml b/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-management-account-parameters.yaml index c2817c989..b0fdc6f65 100644 --- a/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-management-account-parameters.yaml +++ b/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-management-account-parameters.yaml @@ -207,7 +207,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler Role: !GetAtt rManagementAccountParametersLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 300 Code: S3Bucket: !If diff --git a/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-staging-s3-bucket.yaml b/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-staging-s3-bucket.yaml index 9ea30d8a2..acfc21dfb 100644 --- a/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-staging-s3-bucket.yaml +++ b/aws_sra_examples/solutions/common/common_prerequisites/templates/sra-common-prerequisites-staging-s3-bucket.yaml @@ -181,7 +181,7 @@ Resources: - !Ref AWS::NoValue Handler: index.lambda_handler Role: !GetAtt rOrgIdLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 60 Environment: Variables: diff --git a/aws_sra_examples/solutions/common/common_register_delegated_administrator/templates/sra-common-register-delegated-administrator-ssm.yaml b/aws_sra_examples/solutions/common/common_register_delegated_administrator/templates/sra-common-register-delegated-administrator-ssm.yaml index a6bf9089c..686529054 100644 --- a/aws_sra_examples/solutions/common/common_register_delegated_administrator/templates/sra-common-register-delegated-administrator-ssm.yaml +++ b/aws_sra_examples/solutions/common/common_register_delegated_administrator/templates/sra-common-register-delegated-administrator-ssm.yaml @@ -243,7 +243,7 @@ Resources: - [arm64] - !Ref AWS::NoValue Handler: app.lambda_handler - Runtime: python3.9 + Runtime: python3.12 Timeout: 300 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/config/config_management_account/templates/sra-config-management-account-update-aggregator.yaml b/aws_sra_examples/solutions/config/config_management_account/templates/sra-config-management-account-update-aggregator.yaml index 67caf6610..8cc137353 100644 --- a/aws_sra_examples/solutions/config/config_management_account/templates/sra-config-management-account-update-aggregator.yaml +++ b/aws_sra_examples/solutions/config/config_management_account/templates/sra-config-management-account-update-aggregator.yaml @@ -197,7 +197,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler Role: !GetAtt rConfigUpdateAggregatorLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 300 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/config/config_org/templates/sra-config-org-configuration.yaml b/aws_sra_examples/solutions/config/config_org/templates/sra-config-org-configuration.yaml index 19605b510..ca997b6de 100644 --- a/aws_sra_examples/solutions/config/config_org/templates/sra-config-org-configuration.yaml +++ b/aws_sra_examples/solutions/config/config_org/templates/sra-config-org-configuration.yaml @@ -518,7 +518,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rConfigOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/detective/detective_org/lambda/src/detective.py b/aws_sra_examples/solutions/detective/detective_org/lambda/src/detective.py index 60184b7be..4987a238f 100644 --- a/aws_sra_examples/solutions/detective/detective_org/lambda/src/detective.py +++ b/aws_sra_examples/solutions/detective/detective_org/lambda/src/detective.py @@ -290,7 +290,7 @@ def create_members(accounts_info: list, detective_client: DetectiveClient, graph sleep(SLEEP_SECONDS) while unprocessed: retry_count += 1 - LOGGER.info(f"Retry number; {retry_count} for unprocessed accounts") + LOGGER.info(f"Retry number {retry_count} for unprocessed accounts") LOGGER.info(f"Unprocessed Accounts: {create_members_response['UnprocessedAccounts']}") remaining_accounts = get_unprocessed_account_details(create_members_response, account_details) diff --git a/aws_sra_examples/solutions/detective/detective_org/templates/sra-detective-org-configuration.yaml b/aws_sra_examples/solutions/detective/detective_org/templates/sra-detective-org-configuration.yaml index 9e71b2414..2c7c8d5ed 100644 --- a/aws_sra_examples/solutions/detective/detective_org/templates/sra-detective-org-configuration.yaml +++ b/aws_sra_examples/solutions/detective/detective_org/templates/sra-detective-org-configuration.yaml @@ -423,7 +423,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rDetectiveOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml index 42d173dac..8552fb0bb 100644 --- a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml +++ b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/templates/sra-ec2-default-ebs-encryption.yaml @@ -440,7 +440,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler Role: !GetAtt rEC2DefaultEBSEncryptionLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/templates/sra-firewall-manager-org-delegate-admin.yaml b/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/templates/sra-firewall-manager-org-delegate-admin.yaml index 62d74fc4a..48429c874 100644 --- a/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/templates/sra-firewall-manager-org-delegate-admin.yaml +++ b/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/templates/sra-firewall-manager-org-delegate-admin.yaml @@ -286,7 +286,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler Role: !GetAtt rFirewallManagerDelegateAdminLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_ingestion_encryption/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_ingestion_encryption/app.py index 72b5e6d35..b0f7401a5 100644 --- a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_ingestion_encryption/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_ingestion_encryption/app.py @@ -30,7 +30,7 @@ config_client = boto3.client("config", region_name=AWS_REGION) -def check_data_sources(kb_id: str, kb_name: str) -> str | None: # type: ignore # noqa: CFQ004, CCR001 +def check_data_sources(kb_id: str, kb_name: str) -> str | None: # noqa: CFQ004, CCR001 """Check if a knowledge base's data sources are encrypted with KMS during ingestion. Args: diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_opensearch_encryption/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_opensearch_encryption/app.py index e97f7df73..1f8b28950 100644 --- a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_opensearch_encryption/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_opensearch_encryption/app.py @@ -32,7 +32,7 @@ config_client = boto3.client("config", region_name=AWS_REGION) -def check_opensearch_serverless(collection_id: str, kb_name: str) -> str | None: # type: ignore # noqa: CFQ004 +def check_opensearch_serverless(collection_id: str, kb_name: str) -> str | None: # noqa: CFQ004 """Check OpenSearch Serverless collection encryption. Args: @@ -80,7 +80,7 @@ def check_opensearch_serverless(collection_id: str, kb_name: str) -> str | None: return f"{kb_name} (error)" -def check_opensearch_domain(domain_name: str, kb_name: str) -> str | None: # type: ignore # noqa: CFQ004 +def check_opensearch_domain(domain_name: str, kb_name: str) -> str | None: # noqa: CFQ004 """Check standard OpenSearch domain encryption. Args: @@ -104,7 +104,7 @@ def check_opensearch_domain(domain_name: str, kb_name: str) -> str | None: # ty return None -def check_knowledge_base(kb_id: str, kb_name: str) -> tuple[bool, str | None]: # type: ignore # noqa: CFQ004 +def check_knowledge_base(kb_id: str, kb_name: str) -> tuple[bool, str | None]: # noqa: CFQ004 """Check a knowledge base's OpenSearch configuration. Args: diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_s3_bucket/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_s3_bucket/app.py index 17f2a79cf..d2a99def3 100644 --- a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_s3_bucket/app.py +++ b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_kb_s3_bucket/app.py @@ -149,7 +149,7 @@ def check_bucket_configuration(bucket_name: str, rule_parameters: dict) -> list[ return issues -def get_bucket_name_from_data_source(data_source: Dict[str, Any]) -> str | None: # type: ignore +def get_bucket_name_from_data_source(data_source: Any) -> str | None: """Extract bucket name from data source configuration. Args: @@ -194,7 +194,7 @@ def check_knowledge_base(kb_id: str, rule_parameters: dict) -> list[str]: for ds in ds_page.get("dataSourceSummaries", []): data_source = bedrock_agent_client.get_data_source(knowledgeBaseId=kb_id, dataSourceId=ds["dataSourceId"]) - bucket_name = get_bucket_name_from_data_source(data_source) # type: ignore + bucket_name = get_bucket_name_from_data_source(data_source) if not bucket_name: continue @@ -280,6 +280,6 @@ def lambda_handler(event: dict, context: Any) -> None: # noqa: U100 LOGGER.info(f"Compliance evaluation result: {compliance_type}") LOGGER.info(f"Annotation: {annotation}") - config_client.put_evaluations(Evaluations=[evaluation], ResultToken=event["resultToken"]) # type: ignore + config_client.put_evaluations(Evaluations=[evaluation], ResultToken=event["resultToken"]) # type: ignore[list-item] LOGGER.info("Compliance evaluation complete.") diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-configuration.yaml b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-configuration.yaml index 029bcfcf3..9dfc1fcaa 100644 --- a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-configuration.yaml +++ b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-configuration.yaml @@ -505,7 +505,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rGuardDutyOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/iam/iam_password_policy/templates/sra-iam-password-policy.yaml b/aws_sra_examples/solutions/iam/iam_password_policy/templates/sra-iam-password-policy.yaml index 07b94e1af..1846276c2 100644 --- a/aws_sra_examples/solutions/iam/iam_password_policy/templates/sra-iam-password-policy.yaml +++ b/aws_sra_examples/solutions/iam/iam_password_policy/templates/sra-iam-password-policy.yaml @@ -274,7 +274,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler MemorySize: 128 - Runtime: python3.9 + Runtime: python3.12 Timeout: 60 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py index 3bd16520c..ea3edd9a1 100644 --- a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py +++ b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/inspector.py @@ -576,4 +576,4 @@ def create_service_linked_role(account_id: str, configuration_role_name: str) -> "inspector2.amazonaws.com", "A service-linked role required for AWS Inspector to access your resources.", iam_client, - ) + ) \ No newline at end of file diff --git a/aws_sra_examples/solutions/inspector/inspector_org/templates/sra-inspector-org-configuration.yaml b/aws_sra_examples/solutions/inspector/inspector_org/templates/sra-inspector-org-configuration.yaml index e6bd65335..036a70318 100644 --- a/aws_sra_examples/solutions/inspector/inspector_org/templates/sra-inspector-org-configuration.yaml +++ b/aws_sra_examples/solutions/inspector/inspector_org/templates/sra-inspector-org-configuration.yaml @@ -449,7 +449,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rInspectorOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-configuration.yaml b/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-configuration.yaml index 5b50c4d30..09af985ea 100644 --- a/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-configuration.yaml +++ b/aws_sra_examples/solutions/macie/macie_org/templates/sra-macie-org-configuration.yaml @@ -419,7 +419,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-configuration.yaml b/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-configuration.yaml index 27e09a52e..2052aef79 100644 --- a/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-configuration.yaml +++ b/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/templates/sra-patch_mgmt-configuration.yaml @@ -1014,7 +1014,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rPatchMgmtLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml b/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml index 3a4023b62..ee4a72133 100644 --- a/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml +++ b/aws_sra_examples/solutions/s3/s3_block_account_public_access/templates/sra-s3-block-account-public-access.yaml @@ -339,7 +339,7 @@ Resources: - !Ref AWS::NoValue Handler: app.lambda_handler Role: !GetAtt rS3BlockAccountPublicAccessLambdaRole.Arn - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py index 30236a1ec..8c63d31a5 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/common.py @@ -64,7 +64,7 @@ def assume_role( if not account: account = sts_arn.split(":")[4] partition = sts_arn.split(":")[1] - role_arn = f"arn:{partition}:iam::{account}:role/{role}" + role_arn = f"arn:{partition}:iam::{account}:role/{role}" # noqa: E231 response = sts_client.assume_role(RoleArn=role_arn, RoleSessionName=role_session_name) LOGGER.info(f"ASSUMED ROLE: {response['AssumedRoleUser']['Arn']}") @@ -144,7 +144,7 @@ def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool try: sts_client = region_session.client( "sts", - endpoint_url=f"https://sts.{region}.amazonaws.com", + endpoint_url=f"https://sts.{region}.amazonaws.com", # noqa: E231 region_name=region, ) sts_client.get_caller_identity() diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml index 024066057..787638659 100644 --- a/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml +++ b/aws_sra_examples/solutions/security_lake/security_lake_org/templates/sra-security-lake-org-configuration.yaml @@ -588,7 +588,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rSecurityLakeOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/securityhub/securityhub_org/templates/sra-securityhub-org-configuration.yaml b/aws_sra_examples/solutions/securityhub/securityhub_org/templates/sra-securityhub-org-configuration.yaml index a79503456..54a3a80b7 100644 --- a/aws_sra_examples/solutions/securityhub/securityhub_org/templates/sra-securityhub-org-configuration.yaml +++ b/aws_sra_examples/solutions/securityhub/securityhub_org/templates/sra-securityhub-org-configuration.yaml @@ -513,7 +513,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rSecurityHubOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/common.py b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/common.py index 934db784f..52b212014 100644 --- a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/common.py +++ b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/common.py @@ -65,7 +65,7 @@ def assume_role( if not account: account = sts_arn.split(":")[4] partition = sts_arn.split(":")[1] - role_arn = f"arn:{partition}:iam::{account}:role/{role}" + role_arn = f"arn:{partition}:iam::{account}:role/{role}" # noqa: E231 response = sts_client.assume_role(RoleArn=role_arn, RoleSessionName=role_session_name) LOGGER.info(f"ASSUMED ROLE: {response['AssumedRoleUser']['Arn']}") @@ -144,7 +144,7 @@ def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool try: sts_client = region_session.client( "sts", - endpoint_url=f"https://sts.{region}.amazonaws.com", + endpoint_url=f"https://sts.{region}.amazonaws.com", # noqa: E231 region_name=region, ) sts_client.get_caller_identity() diff --git a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/shield.py b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/shield.py index 5c9e26041..e1a73e03f 100644 --- a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/shield.py +++ b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/shield.py @@ -118,7 +118,7 @@ def get_route_53_hosted_zones(account_session: boto3.Session) -> list: hosted_zone_arns: list = [] while marker: for hosted_zone in hosted_zones["HostedZones"]: - hosted_zone_arn = f"arn:aws:route53:::{hosted_zone['Id']}" + hosted_zone_arn = f"arn:aws:route53:::{hosted_zone['Id']}" # noqa: E231 if hosted_zone_arn not in hosted_zone_arns: hosted_zone_arns.append(hosted_zone_arn) else: diff --git a/aws_sra_examples/solutions/shield_advanced/shield_advanced/templates/sra-shield-advanced-configuration.yaml b/aws_sra_examples/solutions/shield_advanced/shield_advanced/templates/sra-shield-advanced-configuration.yaml index 426f8f74e..28ac2c2eb 100644 --- a/aws_sra_examples/solutions/shield_advanced/shield_advanced/templates/sra-shield-advanced-configuration.yaml +++ b/aws_sra_examples/solutions/shield_advanced/shield_advanced/templates/sra-shield-advanced-configuration.yaml @@ -777,7 +777,7 @@ Resources: Handler: app.lambda_handler Role: !GetAtt rShieldOrgLambdaRole.Arn MemorySize: 512 - Runtime: python3.9 + Runtime: python3.12 Timeout: 900 Code: S3Bucket: !Ref pSRAStagingS3BucketName diff --git a/aws_sra_examples/terraform/common/ssm_parameters/main.tf b/aws_sra_examples/terraform/common/ssm_parameters/main.tf index 0c88e54aa..500300bd7 100644 --- a/aws_sra_examples/terraform/common/ssm_parameters/main.tf +++ b/aws_sra_examples/terraform/common/ssm_parameters/main.tf @@ -65,7 +65,7 @@ resource "aws_lambda_function" "management_account_parameters" { source_code_hash = data.archive_file.zipped_lambda.output_base64sha256 filename = data.archive_file.zipped_lambda.output_path handler = "app.terraform_handler" - runtime = "python3.9" + runtime = "python3.12" role = aws_iam_role.management_account_parameters_lambda_role.arn timeout = 300 memory_size = 128 diff --git a/aws_sra_examples/terraform/solutions/cloudtrail_org/org/main.tf b/aws_sra_examples/terraform/solutions/cloudtrail_org/org/main.tf index 50e76c05e..469eb7d24 100644 --- a/aws_sra_examples/terraform/solutions/cloudtrail_org/org/main.tf +++ b/aws_sra_examples/terraform/solutions/cloudtrail_org/org/main.tf @@ -293,7 +293,7 @@ resource "aws_lambda_function" "cloudtrail_org_lambda_function" { description = "Creates an Organization CloudTrail" function_name = var.cloudtrail_lambda_function_name role = aws_iam_role.cloudtrail_lambda_role.arn - runtime = "python3.9" + runtime = "python3.12" timeout = 300 handler = "app.terraform_handler" diff --git a/aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/main.tf b/aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/main.tf index 0ed158812..dc3191ec8 100644 --- a/aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/main.tf +++ b/aws_sra_examples/terraform/solutions/guard_duty/gd_configuration/main.tf @@ -366,7 +366,7 @@ resource "aws_lambda_function" "guardduty_lambda_function" { role = aws_iam_role.guardduty_lambda_role.arn memory_size = 512 handler = "app.terraform_handler" - runtime = "python3.9" + runtime = "python3.12" timeout = 900 source_code_hash = data.archive_file.zipped_lambda.output_base64sha256 diff --git a/aws_sra_examples/terraform/solutions/iam_password_policy/configuration/main.tf b/aws_sra_examples/terraform/solutions/iam_password_policy/configuration/main.tf index 67f241a70..f75646828 100644 --- a/aws_sra_examples/terraform/solutions/iam_password_policy/configuration/main.tf +++ b/aws_sra_examples/terraform/solutions/iam_password_policy/configuration/main.tf @@ -156,7 +156,7 @@ resource "aws_lambda_function" "iam_password_policy_lambda_function" { role = aws_iam_role.iam_password_policy_lambda_role.arn handler = "app.lambda_handler" memory_size = 512 - runtime = "python3.9" + runtime = "python3.12" timeout = 900 source_code_hash = data.archive_file.zipped_lambda.output_base64sha256 diff --git a/aws_sra_examples/terraform/solutions/inspector/configuration/main.tf b/aws_sra_examples/terraform/solutions/inspector/configuration/main.tf index 2fcbecbf9..c471d1c09 100644 --- a/aws_sra_examples/terraform/solutions/inspector/configuration/main.tf +++ b/aws_sra_examples/terraform/solutions/inspector/configuration/main.tf @@ -358,7 +358,7 @@ resource "aws_lambda_function" "inspector_org_lambda_function" { role = aws_iam_role.inspector_org_lambda_role.arn handler = "app.lambda_handler" memory_size = 512 - runtime = "python3.9" + runtime = "python3.12" timeout = 900 diff --git a/aws_sra_examples/terraform/solutions/inspector/configuration/variables.tf b/aws_sra_examples/terraform/solutions/inspector/configuration/variables.tf index c2466e38c..c662a3a25 100644 --- a/aws_sra_examples/terraform/solutions/inspector/configuration/variables.tf +++ b/aws_sra_examples/terraform/solutions/inspector/configuration/variables.tf @@ -72,7 +72,7 @@ variable "lambda_log_group_kms_key" { variable "lambda_log_group_retention" { description = "Specifies the number of days you want to retain log events" type = number - default = 14 + default = 365 } variable "lambda_log_level" { diff --git a/aws_sra_examples/terraform/solutions/macie/configuration/main.tf b/aws_sra_examples/terraform/solutions/macie/configuration/main.tf index 0c35bb7c8..0e22e2e24 100644 --- a/aws_sra_examples/terraform/solutions/macie/configuration/main.tf +++ b/aws_sra_examples/terraform/solutions/macie/configuration/main.tf @@ -336,7 +336,7 @@ resource "aws_lambda_function" "r_macie_org_lambda_function" { role = aws_iam_role.r_macie_org_lambda_role.arn handler = "app.terraform_handler" memory_size = 512 - runtime = "python3.9" + runtime = "python3.12" timeout = 900 source_code_hash = data.archive_file.zipped_lambda.output_base64sha256 diff --git a/aws_sra_examples/terraform/solutions/register_delegated_administrator/register_admin/main.tf b/aws_sra_examples/terraform/solutions/register_delegated_administrator/register_admin/main.tf index cd9b84d90..8b63f2c77 100644 --- a/aws_sra_examples/terraform/solutions/register_delegated_administrator/register_admin/main.tf +++ b/aws_sra_examples/terraform/solutions/register_delegated_administrator/register_admin/main.tf @@ -146,7 +146,7 @@ resource "aws_lambda_function" "register_delegated_admin_lambda_function" { function_name = var.register_delegated_admin_lambda_function_name description = "Enable service access and register delegated admin account" role = aws_iam_role.register_delegated_admin_lambda_role.arn - runtime = "python3.9" + runtime = "python3.12" handler = "app.terraform_handler" timeout = 300 diff --git a/aws_sra_examples/terraform/solutions/security_hub/configuration/main.tf b/aws_sra_examples/terraform/solutions/security_hub/configuration/main.tf index 3a36e6e09..56cb37a7f 100644 --- a/aws_sra_examples/terraform/solutions/security_hub/configuration/main.tf +++ b/aws_sra_examples/terraform/solutions/security_hub/configuration/main.tf @@ -366,7 +366,7 @@ resource "aws_lambda_function" "security_hub_lambda_function" { role = aws_iam_role.security_hub_org_lambda_role.arn memory_size = 512 handler = "app.terraform_handler" - runtime = "python3.9" + runtime = "python3.12" timeout = 900 source_code_hash = data.archive_file.zipped_lambda.output_base64sha256 diff --git a/pyproject.toml b/pyproject.toml index 8f8535162..260bf403e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,17 +6,19 @@ authors = ["Amazon Web Services "] license = "MIT-0 License" [tool.poetry.dependencies] -python = "^3.9" -boto3 = "1.20.32" +python = "^3.12" +boto3 = "^1.35.0" crhelper = "^2.0.11" +setuptools = "<81" +urllib3 = "2.5.0" -[tool.poetry.dev-dependencies] +[tool.poetry.group.dev.dependencies] boto3-stubs = { extras = ["all"], version = "^1.28.0" } pytest = "^7.2.1" pytest-cov = "^4.0.0" pytest-mock = "^3.10.0" pytest-xdist = "^3.1.0" -black = "^22.12.0" +black = "24.3.0" isort = "^5.11.4" rope = "^1.7.0" mypy = "^1.13.0" @@ -116,7 +118,7 @@ xfail_strict = true [tool.pyright] stubPath = "./typings" exclude = ["**/node_modules", "**/__pycache__"] -pythonVersion = "3.9" +pythonVersion = "3.12" typeCheckingMode = "basic" useLibraryCodeForTypes = true reportGeneralTypeIssues = "none" @@ -126,6 +128,7 @@ reportTypedDictNotRequiredAccess = "none" safe_licenses = [ "MIT", "BSD-2-Clause", + "BSD-3-Clause", "Apache-2.0", "MIT License", "BSD License",