added new instructions to README, and improve error handling on WA In…

…tegration
aws-samples · Oct 24, 2024 · ba84bb3 · ba84bb3
1 parent d17e8f9
commit ba84bb3
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 32 deletions.
diff --git a/README.md b/README.md
@@ -59,9 +59,14 @@ When running Service Screener, you will need to specify the regions and services
 
 We recommend running it in all regions where you have deployed workloads in. Adjust the code samples below to suit your needs then copy and paste it into Cloudshell to run Service Screener. 
 
-**Example 1: Run in the Singapore region, check all services**
+**Example 1: (Recommended) Run in the Singapore region, check all services with beta features enabled**
 ```
-screener --regions ap-southeast-1 
+screener --regions ap-southeast-1 --beta 1
+```
+
+**Example 1a: Run in the Singapore region, check all services on stable releases**
+```
+screener --regions ap-southeast-1
 ```
 
 **Example 2: Run in the Singapore region, check only Amazon S3**
@@ -89,6 +94,7 @@ screener --regions ap-southeast-1 --tags env=prod%department=hr,coe
 screener --regions ALL
 ```
 
+
 ### Other parameters
 ```bash
 ##mode
@@ -97,6 +103,16 @@ screener --regions ALL
 # api-full: give full results in JSON format
 # api-raw: raw findings
 # report: generate default web html
+
+##others
+# AWS Partner used, migration evaluation id
+--others '{"mpe": {"id": "aaaa-1111-cccc"}}'
+
+# To override default Well Architected Tools integration parameter
+--others '{"WA": {"region": "ap-southeast-1", "reportName":"SS_Report", "newMileStone":0}}'
+
+# you can combine both
+--others '{"WA": {"region": "ap-southeast-1", "reportName":"SS_Report", "newMileStone":0}, "mpe": {"id": "aaaa-1111-cccc"}}'
 ```
 <details>
 <summary>Get Report Walkthrough</summary>

diff --git a/frameworks/WAFS/WAFS.py b/frameworks/WAFS/WAFS.py
@@ -27,7 +27,7 @@ def __init__(self, data):
 
             if 'WA' in cfg:
                 tmpParams = cfg['WA']
-        
+
         if waTools.preCheck(tmpParams): 
             self.WATools = waTools
             self.WATools.init(tmpParams)

diff --git a/frameworks/helper/WATools.py b/frameworks/helper/WATools.py
@@ -1,9 +1,10 @@
-import boto3, json
+import boto3, json, botocore
 from botocore.exceptions import BotoCoreError
 from botocore.config import Config as bConfig
 from utils.Config import Config
 from datetime import datetime
 from utils.Tools import _warn
+import time
 
 ## --others '{"WA": {"region": "ap-southeast-1", "reportName":"SS_Report", "newMileStone":0}}'
 
@@ -31,6 +32,8 @@ def preCheck(self, params):
 
         if not 'region' in params:
             params['region'] = Config.get('REGIONS_SELECTED')[0]
+
+        print("*** [WATool] Attempting to deploy WA Tools in this region: {}".format(params['region']))
 
         return True
 
@@ -172,6 +175,26 @@ def listAnswers(self):
             'MaxResults': 50
         }
 
+        isSuccess = False
+        maxRetry = 3
+        currAttempt = 0
+        while True:
+            currAttempt = currAttempt + 1
+            try:
+                resp = self.waClient.list_answers(**ansArgs)
+                isSuccess = True
+                break
+            except botocore.errorfactory.ResourceNotFoundException:
+                # wait for 3 seconds before retrying
+                print("*** [WATools] ListAnswer failed, waiting workload to be generated, retry in 3 seconds")
+                if currAttempt >= maxRetry:
+                    break
+                time.sleep(3)
+
+        if isSuccess == False:
+            print("*** [WATools] Unable to retrieve list of checklists, skipped WATool integration")
+            return None
+
         answers = []
         try:
             while True:

diff --git a/main.py b/main.py
@@ -266,7 +266,7 @@ def number_format(num, places=2):
                 hasGlobal = True
 
     if testmode == True:
-        exit("Test mode enable, script halted")
+       exit("Test mode enable, script halted")
 
     timespent = round(time.time() - overallTimeStart, 3)
     scanned['timespent'] = timespent

diff --git a/services/Evaluator.py b/services/Evaluator.py
@@ -23,7 +23,6 @@ def runSingleCheck(tmp_obj, method_name):
             if timeSpent >= 0.2:
                 _warn("Long running checks {}s".format(timeSpent))
 
-        getattr(obj, method_name)()
         return 'OK'
     except botocore.exceptions.ClientError as e:
         code = e.response['Error']['Code']
@@ -184,7 +183,7 @@ def __del__(self):
             if name == None:
                 return
 
-            scanned.append(';'.join([Config.get(classPrefix), driver, name, hasError]))
+            scanned.append(';'.join([Config.get(classPrefix, ""), driver, name, hasError]))
             Config.set(ConfigKey, scanned)
 
 

diff --git a/services/lambda_/drivers/LambdaCommon.py b/services/lambda_/drivers/LambdaCommon.py
@@ -77,12 +77,21 @@ def _check_architectures_is_arm(self):
 
         self.results['UseArmArchitecture'] = [-1, ', '.join(self.lambda_['Architectures'])]
 
-    def _check_function_url_in_used(self):
-        url_config = self.lambda_client.list_function_url_configs(
-            FunctionName=self.function_name
-        )
-        if url_config['FunctionUrlConfigs']:
-            self.results['lambdaURLInUsed'] = [-1, "Enabled"]
+    def _check_function_url_in_used_and_auth(self):
+        try:
+            url_config = self.lambda_client.list_function_url_configs(
+                FunctionName=self.function_name
+            )
+            if url_config['FunctionUrlConfigs']:
+                self.results['lambdaURLInUsed'] = [-1, "Enabled"]
+
+                for config in url_config['FunctionUrlConfigs']:
+                    if config['AuthType'] == 'NONE':
+                        self.results['lambdaURLWithoutAuth'] = [-1, config['AuthType']]
+                        return
+
+        except botocore.exceptions.ClientError as e:
+            print("No permission to access lambda:list_function_url_configs")
         return
 
     def _check_missing_role(self):
@@ -100,28 +109,17 @@ def _check_missing_role(self):
                 raise e
         return
 
-    def _check_url_without_auth(self):
-        url_configs = self.lambda_client.list_function_url_configs(
-            FunctionName=self.function_name
-        )
-
-        if url_configs['FunctionUrlConfigs']:
-            for config in url_configs['FunctionUrlConfigs']:
-                if config['AuthType'] == 'NONE':
-                    self.results['lambdaURLWithoutAuth'] = [-1, config['AuthType']]
-                    return
-
-        return
-
     def _check_code_signing_disabled(self):
         if self.lambda_['PackageType'] != 'Zip':
             return
-
-        code_sign = self.lambda_client.get_function_code_signing_config(
-            FunctionName=self.function_name
-        )
-        if not code_sign.get('CodeSigningConfigArn'):
-            self.results['lambdaCodeSigningDisabled'] = [-1, 'Disabled']
+        try:
+            code_sign = self.lambda_client.get_function_code_signing_config(
+                FunctionName=self.function_name
+            )
+            if not code_sign.get('CodeSigningConfigArn'):
+                self.results['lambdaCodeSigningDisabled'] = [-1, 'Disabled']
+        except botocore.exceptions.ClientError as e:
+            print("No permission to access get_function_code_signing_config")
 
         return