Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handle_update_notification pulls account_id from CID instead of AccountId #26

Open
bsweeney-gingerio opened this issue May 19, 2022 · 0 comments
Open

handle_update_notification pulls account_id from CID instead of AccountId #26

bsweeney-gingerio opened this issue May 19, 2022 · 0 comments

Comments

@bsweeney-gingerio
Copy link

mdr_control_tower_automation/src/register/ct_al_register.py

Lines 244 to 250 in d043f38

account_id = sns_event['ResourceProperties']['CID']
deployments_client = al_session.client('deployments')
deployment = get_deployment(
deployments_client,
auth['ALCID'],
account_id
)

In the code above, account_id = sns_event['ResourceProperties']['CID'] causes the get_deployment function to check the deployment status of the Alert Logic customer ID, rather than the status of the target AWS account ID, which is found in sns_event['ResourceProperties']['AccountId']. This means that the check will always return None, indicating that there is no deployment in the account, which could result in double-deployment if the register Lambda function is ever run more than once on the same target account.

-        account_id = sns_event['ResourceProperties']['CID']
+        account_id = sns_event['ResourceProperties']['AccountId']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bsweeney-gingerio