我很难看出这是一个关键错误。我已经在一个AWS帐户上运行了它,它成功地报告了所有没有MFA的用户。将Lambda移动到子帐户,现在承担在没有MFA的情况下检索用户的角色,但在一个关键错误上失败
{
"errorMessage": "'User'",
"errorType": "KeyError",
"stackTrace": [
[
"/var/task/lambda_mfa_function.py",
28,
"lambda_handler",
"virtualEnabled.append(virtual['User']['UserName'])"
]
]
}
检查boto3文档中的VirtualFaDevices,我看不出为什么现在不起作用,返回到单个AWS帐户,它成功运行,移动到子帐户会导致密钥失败
import boto3
sts_client = boto3.client('sts')
assumed_role_object=sts_client.assume_role(
RoleArn="arn:aws:iam::99999999:role/role",
RoleSessionName="AssumedRoleSession2"
)
credentials=assumed_role_object['Credentials']
client=boto3.client(
'iam',
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'],
)
def lambda_handler(context,event):
# client = boto3.client('iam')
sns = boto3.client('sns')
response = client.list_users()
userVirtualMfa = client.list_virtual_mfa_devices()
mfaNotEnabled = []
virtualEnabled = []
physicalString = ''
# loop through virtual mfa to find users that actually have it
for virtual in userVirtualMfa['VirtualMFADevices']:
virtualEnabled.append(virtual['User']['UserName'])
# loop through users to find physical MFA
for user in response['Users']:
userMfa = client.list_mfa_devices(UserName=user['UserName'])
if len(userMfa['MFADevices']) == 0:
if user['UserName'] not in virtualEnabled:
mfaNotEnabled.append(user['UserName'])
if len(mfaNotEnabled) > 0:
physicalString = 'Physical & Virtual MFA is not enabled for the following users: \n\n' + '\n'.join(mfaNotEnabled)
else:
physicalString = 'All Users have Physical and Virtual MFA enabled'
response = sns.publish(
TopicArn='arn:aws:sns:eu-west-2:1111111:sns',
Message= physicalString,
Subject='Enable MFA',
)
return mfaNotEnabled
如果有任何帮助,我将不胜感激 谢谢 尼克
编辑, 谢谢回复,我添加了一些调试
{
"stackTrace": [
[
"/var/task/lambda_mfa_function.py",
27,
"lambda_handler",
"raise Exception(\"Invalid virtual %s\" % virtual)"
]
],
"errorType": "Exception",
"errorMessage": "Invalid virtual {u'SerialNumber': 'arn:aws:iam::11111111:mfa/jimmy.dave4@foobar.com'}"
}
Get
我现在正在某处闲逛。为那些回答的人干杯
您没有得到非常有用的输出;只是“用户”不在您要查找的目录中。可能需要添加一些错误检查:
或者进行一些异常处理
开始调试lambda处理程序中的dictionary对象:
相关问题 更多 >
编程相关推荐