Python lambda in AWS if str in list contains

0
votes

I have a lambda I'm writing that will send SNS based on non-whitelisted accounts doing disallowed functions in IAM. The cloudtrail event contains a JSON policyDocument with ARNs like so: \"AWS\": [\r\n \"arn:aws:iam::999900000000:root\",\r\n \"arn:aws:iam::777700000000:root\"\r\n ]\r\n },\r\n \"Action\": \"sts:AssumeRole\",\r\n \"Condition\": {}\r\n }\r\n ]\r\n}

I will create a whitelist in python with just the account numbers:

accountWhitelist = ["999900000000","1234567891011"]

With this event I need to do something like an if str(policyDocAwsAcctArn) contains accountWhitelist account number do nothing else send SNS. Will I need to use something like regex on the arn to remove the arn:aws:iam:: :root after the account number? I need to be sure to have the account numbers parsed out individually as there might be 2+ arns in the AWS json. Thanks for any ideas.

1
python-3.xaws-lambda

1 Answers

0
votes

I used this regex: regex = r'arn:(?P[^:\n]):(?P[^:\n]):(?P[^:\n]):(?P[^:\n]):(?P(?P[^:/\n]*)[:/])?(?P.[^\s|\,]+)'

and pulled the account number for item in awsAccountIdList: awsRegexAccountIds = re.search(regex, item).group("AccountID")

compared the list to the whitelist: nonWhitelistedList = [item for item in listOfAccountIds if item not in accountWhitelist]

Then if the list contained a value sent the SNS with the value: if len(nonWhitelistedList) == 0: SendSNS(Value)