使用Python和Boto3的Lambda在列表虚拟mfa设备上出现关键错误

2024-09-30 18:32:56 发布

您现在位置:Python中文网/ 问答频道 /正文
9792 3

我很难看出这是一个关键错误。我已经在一个AWS帐户上运行了它,它成功地报告了所有没有MFA的用户。将Lambda移动到子帐户,现在承担在没有MFA的情况下检索用户的角色,但在一个关键错误上失败

{
  "errorMessage": "'User'",
  "errorType": "KeyError",
  "stackTrace": [
    [
      "/var/task/lambda_mfa_function.py",
      28,
      "lambda_handler",
      "virtualEnabled.append(virtual['User']['UserName'])"
    ]
  ]
}

检查boto3文档中的VirtualFaDevices,我看不出为什么现在不起作用,返回到单个AWS帐户,它成功运行,移动到子帐户会导致密钥失败

import boto3

sts_client = boto3.client('sts')
assumed_role_object=sts_client.assume_role(
    RoleArn="arn:aws:iam::99999999:role/role",
    RoleSessionName="AssumedRoleSession2"
)
credentials=assumed_role_object['Credentials']
client=boto3.client(
    'iam',
    aws_access_key_id=credentials['AccessKeyId'],
    aws_secret_access_key=credentials['SecretAccessKey'],
    aws_session_token=credentials['SessionToken'],
)

def lambda_handler(context,event):

#    client                  = boto3.client('iam')
    sns                     = boto3.client('sns')
    response                = client.list_users()
    userVirtualMfa          = client.list_virtual_mfa_devices()
    mfaNotEnabled           = []
    virtualEnabled          = []
    physicalString          = ''

    # loop through virtual mfa to find users that actually have it
    for virtual in userVirtualMfa['VirtualMFADevices']:
        virtualEnabled.append(virtual['User']['UserName'])

    # loop through users to find physical MFA
    for user in response['Users']:
        userMfa  = client.list_mfa_devices(UserName=user['UserName'])

        if len(userMfa['MFADevices']) == 0:
            if user['UserName'] not in virtualEnabled:
                mfaNotEnabled.append(user['UserName']) 


    if len(mfaNotEnabled) > 0:
        physicalString = 'Physical & Virtual MFA is not enabled for the following users: \n\n' + '\n'.join(mfaNotEnabled)
    else:
        physicalString = 'All Users have Physical and Virtual MFA enabled'

    response = sns.publish(
        TopicArn='arn:aws:sns:eu-west-2:1111111:sns',
        Message= physicalString,
        Subject='Enable MFA',
    )

    return mfaNotEnabled

如果有任何帮助,我将不胜感激 谢谢 尼克

编辑, 谢谢回复,我添加了一些调试

{
  "stackTrace": [
    [
      "/var/task/lambda_mfa_function.py",
      27,
      "lambda_handler",
      "raise Exception(\"Invalid virtual %s\" % virtual)"
    ]
  ],
  "errorType": "Exception",
  "errorMessage": "Invalid virtual {u'SerialNumber': 'arn:aws:iam::11111111:mfa/jimmy.dave4@foobar.com'}"
}

Get

我现在正在某处闲逛。为那些回答的人干杯


Tags: lambdaclientmfaawsvirtualusername帐户boto3
2条回答
网友
1楼 · 编辑于 2024-09-30 18:32:56

您没有得到非常有用的输出;只是“用户”不在您要查找的目录中。可能需要添加一些错误检查:

    # untested
    for virtual in userVirtualMfa['VirtualMFADevices']:
        if 'User' not in virtual or 'UserName' not in virtual['User']:
           raise Exception("Invalid virtual %s" % virtual)

        virtualEnabled.append(virtual['User']['UserName'])

或者进行一些异常处理

    # untested
    for virtual in userVirtualMfa['VirtualMFADevices']:
        try:
             virtualEnabled.append(virtual['User']['UserName']) 
        except KeyError as kerr:
            raise KeyError('Key %s not found in %s', kerr, virtual)
网友
2楼 · 编辑于 2024-09-30 18:32:56

开始调试lambda处理程序中的dictionary对象:

def lambda_handler(context,event):
    userVirtualMfa = client.list_virtual_mfa_devices()

    print(f"{'VirtualMFADevices' in userVirtualMfa.keys() = }")
    print(f"{'UserName' in userVirtualMfa['VirtualMFADevices'].keys() = }")

    try:
        for virtual in userVirtualMfa['VirtualMFADevices']:
            virtualEnabled.append(virtual['User']['UserName'])
    except:
        print("'UserName' is not a valid key")

相关问题 更多 >

    编程相关推荐