I am working on AWS Lambda function for my python function. I have a python function that calls an IAM policy form a file and populates it using the function. This is my function, name of the file is template_utils.py”:
JavaScript
x
26
26
1
import sys2
import json3
import time 4
import meta_templates5
from jinja2 import Template6
def lambda_handler(event,context):7
template_data = {}8
template_data["region"] = event.get('region')9
template_data["instance_types"] = event.get('instance_type')10
template_data["ebs_volume_size"] = event.get('ebs_volume_size')11
template_data["meta_template_name"] = event.get('meta_template_name')12
13
meta_template_dict = getattr(meta_templates, template_data["meta_template_name"])14
meta_template_json = json.dumps(meta_template_dict)15
template_json = Template(meta_template_json).render(template_data)16
return template_json 17
18
template_json = lambda_handler(19
region="us-east-2",20
instance_type="t2.micro",21
ebs_volume_size="20",22
meta_template_name="ec2_policy_meta_template"23
)24
25
print(template_json)26
This is my policy file named “meta_templates.py”
JavaScript
1
67
67
1
import json2
from jinja2 import Template3
ec2_policy_meta_template = { 4
"Version": "2012-10-17",5
"Statement": [6
{7
"Sid": "VisualEditor0",8
"Effect": "Allow",9
"Action": "ec2:RunInstances",10
"Resource": [11
"arn:aws:ec2:{{region}}::instance/*",12
"arn:aws:ec2:{{region}}::network-interface/*",13
"arn:aws:ec2:{{region}}::key-pair/*",14
"arn:aws:ec2:{{region}}::security-group/*",15
"arn:aws:ec2:{{region}}::subnet/*",16
"arn:aws:ec2:{{region}}::volume/*",17
"arn:aws:ec2:{{region}}::image/ami-*"18
],19
"Condition": {20
"ForAllValues:NumericLessThanEquals": {21
"ec2:VolumeSize": "{{ebs_volume_size}}"22
},23
"ForAllValues:StringEquals": {24
"ec2:InstanceType": "{{instance_type}}"25
}26
}27
},28
{29
"Sid": "VisualEditor1",30
"Effect": "Allow",31
"Action": [32
"ec2:TerminateInstances",33
"ec2:StartInstances",34
"ec2:StopInstances"35
],36
"Resource": "arn:aws:ec2:{{region}}::instance/*",37
"Condition": {38
"ForAllValues:StringEquals": {39
"ec2:InstanceType": "{{instance_type}}"40
}41
}42
},43
{44
"Sid": "VisualEditor2",45
"Effect": "Allow",46
"Action": [47
"ec2:Describe*",48
"ec2:GetConsole*",49
"cloudwatch:DescribeAlarms",50
"iam:ListInstanceProfiles",51
"cloudwatch:GetMetricStatistics",52
"ec2:DescribeKeyPairs",53
"ec2:CreateKeyPair"54
],55
"Resource": "*",56
"Condition": {57
"DateGreaterThan": {58
"aws:CurrentTime": "{{start_time}}"59
},60
"DateLessThanEquals": {61
"aws:CurrentTime": "{{end_time}}"62
}63
}64
}65
]66
}67
I want to create a lambda handler that does the same thing with the function “template_utils.py”.I’m new to this not sure how to proceed with it.I am getting this error:
JavaScript
1
5
1
Traceback (most recent call last):2
File "/home/pranay/Desktop/work/lambda_handler.py", line 18, in <module>3
template_json = lambda_handler(4
TypeError: lambda_handler() got an unexpected keyword argument 'region'5
Advertisement
Answer
This should work, providing that you are passing the correct data in the event.
JavaScript
1
87
87
1
import json2
3
4
def lambda_handler(event, context):5
template_data = {}6
region = event.get('region')7
instance_type = event.get('instance_type')8
ebs_volume_size = event.get('ebs_volume_size')9
start_time = event.get('start_time')10
end_time = event.get('end_time')11
12
ec2_policy_meta_template = { 13
"Version": "2012-10-17",14
"Statement": [15
{16
"Sid": "VisualEditor0",17
"Effect": "Allow",18
"Action": "ec2:RunInstances",19
"Resource": [20
"arn:aws:ec2:{{region}}::instance/*",21
"arn:aws:ec2:{{region}}::network-interface/*",22
"arn:aws:ec2:{{region}}::key-pair/*",23
"arn:aws:ec2:{{region}}::security-group/*",24
"arn:aws:ec2:{{region}}::subnet/*",25
"arn:aws:ec2:{{region}}::volume/*",26
"arn:aws:ec2:{{region}}::image/ami-*"27
],28
"Condition": {29
"ForAllValues:NumericLessThanEquals": {30
"ec2:VolumeSize": "{{ebs_volume_size}}"31
},32
"ForAllValues:StringEquals": {33
"ec2:InstanceType": "{{instance_type}}"34
}35
}36
},37
{38
"Sid": "VisualEditor1",39
"Effect": "Allow",40
"Action": [41
"ec2:TerminateInstances",42
"ec2:StartInstances",43
"ec2:StopInstances"44
],45
"Resource": "arn:aws:ec2:{{region}}::instance/*",46
"Condition": {47
"ForAllValues:StringEquals": {48
"ec2:InstanceType": "{{instance_type}}"49
}50
}51
},52
{53
"Sid": "VisualEditor2",54
"Effect": "Allow",55
"Action": [56
"ec2:Describe*",57
"ec2:GetConsole*",58
"cloudwatch:DescribeAlarms",59
"iam:ListInstanceProfiles",60
"cloudwatch:GetMetricStatistics",61
"ec2:DescribeKeyPairs",62
"ec2:CreateKeyPair"63
],64
"Resource": "*",65
"Condition": {66
"DateGreaterThan": {67
"aws:CurrentTime": "{{start_time}}"68
},69
"DateLessThanEquals": {70
"aws:CurrentTime": "{{end_time}}"71
}72
}73
}74
]75
}76
77
json_data = json.dumps(ec2_policy_meta_template)78
79
# Update resources with a string replacement80
json_data = json_data.replace("{{region}}", region)81
json_data = json_data.replace("{{instance_type}}", instance_type)82
json_data = json_data.replace("{{ebs_volume_size}}", ebs_volume_size)83
json_data = json_data.replace("{{start_time}}", start_time)84
json_data = json_data.replace("{{end_time}}", end_time)85
86
return json_data87
This example uses only Python (no third party libraries) it’s not the most elegant solution but its simple. If you want to create additional replacements, just add some additional tags “{{some_text}}” and replace it as shown below.
Here is a test event that works from the lambda console.
And here is an example of a working invocation
