Merge pull request #105 from aws-samples/v2.3

publish AHA v2.3

Author: andrewcr7

ExcludeAccountIDs(sample).csv

@@ -0,0 +1,2 @@
+000000000000
+111111111111

README.md

@@ -46,8 +46,7 @@ AWS Health Aware (AHA) is an automated notification tool for sending well-format
 
 # What's New
 
-Release 2.2 introduces an updated schema for Health events delivered to an EventBridge bus. This allows simplified matching of events which you can then consume with other AWS services or SaaS solutions.
-Read more about the [new feature and how to filter events using EventBridge](https://github.com/aws-samples/aws-health-aware/blob/main/new_aha_event_schema.md).  
+Release 2.3 introduces runtime performance improvements, terraform updates, allows use of Slack Workflow 2.0 webhooks (triggers), general fixes and documentation updates.
 
 # Architecture
 
@@ -447,6 +446,8 @@ $ terraform apply
 **If for some reason, you still have issues after updating, you can easily just delete the stack and redeploy. The infrastructure can be destroyed and rebuilt within minutes through Terraform.**
 
 # New Features
+*Release 2.2*
+
 We are happy to announce the launch of new enhancements to AHA. Please try them out and keep sending us your feedback!
 1. A revised schema for AHA events sent to EventBridge which enables new filtering and routing options. See the [new AHA event schema readme](new_aha_event_schema.md) for more detail. 
 2. Multi-region deployment option
@@ -462,6 +463,8 @@ We are happy to announce the launch of new enhancements to AHA. Please try them
 * If for whatever reason you need to update the Webhook URL; just update the CloudFormation or terraform Template with the new Webhook URL.
 * If you are expecting an event and it did not show up it may be an oddly formed event. Take a look at *CloudWatch > Log groups* and search for the name of your Lambda function.  See what the error is and reach out to us [email](mailto:aha-builders@amazon.com) for help.
 * If for any errors related to duplicate secrets during deployment, try deleting manually and redeploy the solution. Example command to delete SlackChannelID secret in us-east-1 region.
-```
-$ aws secretsmanager delete-secret --secret-id SlackChannelID --force-delete-without-recovery --region us-east-1
-```
+    ```
+    $ aws secretsmanager delete-secret --secret-id SlackChannelID --force-delete-without-recovery --region us-east-1
+    ```
+* If you want to Exclude certain accounts from notifications, confirm your exlcusions file matches the format of the [sample ExcludeAccountIDs.csv file](ExcludeAccountIDs(sample).csv) with one account ID per line with no trailing commas (trailing commas indicate a null cell).
+  * If your accounts listed in the CSV file are not excluded, check the CloudWatch log group for the AHA Lambda function for the message "Key filename is not a .csv file" as an indicator of any issues with your file.

handler.py

@@ -1,18 +1,15 @@
 import json
+import logging
+from functools import lru_cache
+
 import boto3
 import os
-import re
-import time
-import decimal
 import socket
-import configparser
 from dateutil import parser
 from datetime import datetime, timedelta
-from urllib.parse import urlencode
 from urllib.request import Request, urlopen, URLError, HTTPError
 from botocore.config import Config
 from botocore.exceptions import ClientError
-from boto3.dynamodb.conditions import Key, Attr
 from messagegenerator import (
     get_message_for_slack,
     get_org_message_for_slack,
@@ -25,6 +22,40 @@
     get_detail_for_eventbridge,
 )
 
+logger = logging.getLogger()
+logger.setLevel(os.environ.get("LOG_LEVEL", "INFO").upper())
+
+class CachedSecrets:
+    def __init__(self, client):
+        self.client = client
+
+    @lru_cache
+    def get_secret_value(self, *args, **kwargs):
+        logger.debug(f"Getting secret {kwargs}")
+        return self.client.get_secret_value(*args, **kwargs)
+
+
+class AWSApi:
+    @lru_cache
+    def client(self, *args, **kwargs):
+        logger.debug(f"Returning new boto3 client for: {args}")
+        return boto3.client(*args, **kwargs)
+
+    @lru_cache
+    def resource(self, resource_name):
+        logger.debug(f"Returning new boto3 resource for: {resource_name}")
+        return boto3.resource(resource_name)
+
+    def cache_clear(self):
+        self.client.cache_clear()
+        self.resource.cache_clear()
+
+    @lru_cache
+    def secretsmanager(self, **kwargs):
+        client = boto3.client("secretsmanager", **kwargs)
+        return CachedSecrets(client)
+
+
 print("boto3 version: ", boto3.__version__)
 
 # query active health API endpoint
@@ -44,6 +75,8 @@
     ),
 )
 
+aws_api = AWSApi()
+
 
 # TODO decide if account_name should be blank on error
 # Get Account Name
@@ -85,42 +118,31 @@ def send_alert(event_details, affected_accounts, affected_entities, event_type):
         except URLError as e:
             print("Server connection failed: ", e.reason)
             pass
-    if "hooks.slack.com/services" in slack_url:
-        try:
-            print("Sending the alert to Slack Webhook Channel")
-            send_to_slack(
-                get_message_for_slack(
-                    event_details,
-                    event_type,
-                    affected_accounts,
-                    resources,
-                    slack_webhook="webhook",
-                ),
-                slack_url,
-            )
-        except HTTPError as e:
-            print("Got an error while sending message to Slack: ", e.code, e.reason)
-        except URLError as e:
-            print("Server connection failed: ", e.reason)
-            pass
-    if "hooks.slack.com/workflows" in slack_url:
-        try:
-            print("Sending the alert to Slack Workflows Channel")
-            send_to_slack(
-                get_message_for_slack(
-                    event_details,
-                    event_type,
-                    affected_accounts,
-                    resources,
-                    slack_webhook="workflow",
-                ),
-                slack_url,
-            )
-        except HTTPError as e:
-            print("Got an error while sending message to Slack: ", e.code, e.reason)
-        except URLError as e:
-            print("Server connection failed: ", e.reason)
-            pass
+    #Slack Notification Handling
+    if slack_url != "None":
+        for slack_webhook_type in ["services", "triggers", "workflows"]:
+            if ("hooks.slack.com/" + slack_webhook_type) in slack_url:
+                print("Sending the alert to Slack Webhook Channel")
+                try:
+                    send_to_slack(
+                        get_message_for_slack(
+                            event_details,
+                            event_type,
+                            affected_accounts,
+                            resources,
+                            slack_webhook_type,
+                        ),
+                        slack_url,
+                    )
+                    break
+                except HTTPError as e:
+                    print("Got an error while sending message to Slack: ", e.code, e.reason)
+                except URLError as e:
+                    print("Server connection failed: ", e.reason)
+                    pass
+        else:
+            print("Unsupported format in Slack Webhook")
+
     if "office.com/webhook" in teams_url:
         try:
             print("Sending the alert to Teams")
@@ -190,42 +212,31 @@ def send_org_alert(
         except URLError as e:
             print("Server connection failed: ", e.reason)
             pass
-    if "hooks.slack.com/services" in slack_url:
-        try:
-            print("Sending the alert to Slack Webhook Channel")
-            send_to_slack(
-                get_org_message_for_slack(
-                    event_details,
-                    event_type,
-                    affected_org_accounts,
-                    resources,
-                    slack_webhook="webhook",
-                ),
-                slack_url,
-            )
-        except HTTPError as e:
-            print("Got an error while sending message to Slack: ", e.code, e.reason)
-        except URLError as e:
-            print("Server connection failed: ", e.reason)
-            pass
-    if "hooks.slack.com/workflows" in slack_url:
-        try:
-            print("Sending the alert to Slack Workflow Channel")
-            send_to_slack(
-                get_org_message_for_slack(
-                    event_details,
-                    event_type,
-                    affected_org_accounts,
-                    resources,
-                    slack_webhook="workflow",
-                ),
-                slack_url,
-            )
-        except HTTPError as e:
-            print("Got an error while sending message to Slack: ", e.code, e.reason)
-        except URLError as e:
-            print("Server connection failed: ", e.reason)
-            pass
+    #Slack Notification Handling
+    if slack_url != "None":
+        for slack_webhook_type in ["services", "triggers", "workflows"]:
+            if ("hooks.slack.com/" + slack_webhook_type) in slack_url:
+                print("Sending the alert to Slack Webhook Channel")
+                try:
+                    send_to_slack(
+                        get_message_for_slack(
+                            event_details,
+                            event_type,
+                            affected_org_accounts,
+                            resources,
+                            slack_webhook_type,
+                        ),
+                        slack_url,
+                    )
+                    break
+                except HTTPError as e:
+                    print("Got an error while sending message to Slack: ", e.code, e.reason)
+                except URLError as e:
+                    print("Server connection failed: ", e.reason)
+                    pass
+        else:
+            print("Unsupported format in Slack Webhook")
+
     if "office.com/webhook" in teams_url:
         try:
             print("Sending the alert to Teams")
@@ -323,7 +334,7 @@ def send_email(event_details, eventType, affected_accounts, affected_entities):
     BODY_HTML = get_message_for_email(
         event_details, eventType, affected_accounts, affected_entities
     )
-    client = boto3.client("ses", region_name=AWS_REGION)
+    client = aws_api.client("ses", AWS_REGION)
     response = client.send_email(
         Source=SENDER,
         Destination={"ToAddresses": RECIPIENT},
@@ -350,7 +361,7 @@ def send_org_email(
     BODY_HTML = get_org_message_for_email(
         event_details, eventType, affected_org_accounts, affected_org_entities
     )
-    client = boto3.client("ses", region_name=AWS_REGION)
+    client = aws_api.client("ses", AWS_REGION)
     response = client.send_email(
         Source=SENDER,
         Destination={"ToAddresses": RECIPIENT},
@@ -469,7 +480,7 @@ def update_org_ddb(
     affected_org_entities,
 ):
     # open dynamoDB
-    dynamodb = boto3.resource("dynamodb")
+    dynamodb = aws_api.resource("dynamodb")
     ddb_table = os.environ["DYNAMODB_TABLE"]
     aha_ddb_table = dynamodb.Table(ddb_table)
     event_latestDescription = event_details["successfulSet"][0]["eventDescription"][
@@ -584,7 +595,7 @@ def update_ddb(
     affected_entities,
 ):
     # open dynamoDB
-    dynamodb = boto3.resource("dynamodb")
+    dynamodb = aws_api.resource("dynamodb")
     ddb_table = os.environ["DYNAMODB_TABLE"]
     aha_ddb_table = dynamodb.Table(ddb_table)
     event_latestDescription = event_details["successfulSet"][0]["eventDescription"][
@@ -698,8 +709,7 @@ def get_secrets():
     secrets = {}
 
     # create a Secrets Manager client
-    session = boto3.session.Session()
-    client = session.client(service_name="secretsmanager", region_name=region_name)
+    client = aws_api.secretsmanager(region_name=region_name)
     # Iteration through the configured AWS Secrets
     secrets["teams"] = (
         get_secret(secret_teams_name, client) if "Teams" in os.environ else "None"
@@ -965,7 +975,7 @@ def send_to_eventbridge(message, event_type, resources, event_bus):
     print(
         "Sending response to Eventbridge - event_type, event_bus", event_type, event_bus
     )
-    client = boto3.client("events")
+    client = aws_api.client("events")
 
     entries = eventbridge_generate_entries(message, resources, event_bus)
 
@@ -980,7 +990,7 @@ def getAccountIDs():
     key_file_name = os.environ["ACCOUNT_IDS"]
     print("Key filename is - ", key_file_name)
     if os.path.splitext(os.path.basename(key_file_name))[1] == ".csv":
-        s3 = boto3.client("s3")
+        s3 = aws_api.client("s3")
         data = s3.get_object(Bucket=os.environ["S3_BUCKET"], Key=key_file_name)
         account_ids = [account.decode("utf-8") for account in data["Body"].iter_lines()]
     else:
@@ -998,7 +1008,7 @@ def get_sts_token(service):
         SECRET_KEY = []
         SESSION_TOKEN = []
 
-        sts_connection = boto3.client("sts")
+        sts_connection = aws_api.client("sts")
 
         ct = datetime.now()
         role_session_name = "cross_acct_aha_session"
@@ -1014,7 +1024,7 @@ def get_sts_token(service):
         SESSION_TOKEN = acct_b["Credentials"]["SessionToken"]
 
         # create service client using the assumed role credentials, e.g. S3
-        boto3_client = boto3.client(
+        boto3_client = aws_api.client(
             service,
             config=config,
             aws_access_key_id=ACCESS_KEY,
@@ -1023,13 +1033,14 @@ def get_sts_token(service):
         )
         print("Running in member account deployment mode")
     else:
-        boto3_client = boto3.client(service, config=config)
+        boto3_client = aws_api.client(service, config=config)
         print("Running in management account deployment mode")
 
     return boto3_client
 
 
 def main(event, context):
+    aws_api.cache_clear()
     print("THANK YOU FOR CHOOSING AWS HEALTH AWARE!")
     health_client = get_sts_token("health")
     org_status = os.environ["ORG_STATUS"]