From d7d23e98d7ea994ac5b3ac368f146323d8a4f601 Mon Sep 17 00:00:00 2001 From: joan Date: Tue, 14 Dec 2021 10:42:36 -0800 Subject: [PATCH] updates for #227 and #230 --- source/events/msam-events-release.template | 16 +++++ .../msam/build/msam-dynamodb-release.template | 8 +++ source/msam/chalicelib/connections.py | 3 +- source/msam/merge_template.json | 64 +++++++++++++++++++ .../msam-browser-app-release.template | 16 +++++ 5 files changed, 106 insertions(+), 1 deletion(-) diff --git a/source/events/msam-events-release.template b/source/events/msam-events-release.template index 11006e3a..0456f63c 100644 --- a/source/events/msam-events-release.template +++ b/source/events/msam-events-release.template @@ -77,6 +77,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } @@ -138,6 +146,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } diff --git a/source/msam/build/msam-dynamodb-release.template b/source/msam/build/msam-dynamodb-release.template index e296e8c0..c7d7699b 100644 --- a/source/msam/build/msam-dynamodb-release.template +++ b/source/msam/build/msam-dynamodb-release.template @@ -33,6 +33,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } diff --git a/source/msam/chalicelib/connections.py b/source/msam/chalicelib/connections.py index b076a18d..e9a358fe 100644 --- a/source/msam/chalicelib/connections.py +++ b/source/msam/chalicelib/connections.py @@ -496,7 +496,8 @@ def s3_bucket_medialive_input_ddb_items(): re.compile(r"http.?\:\/\/s3\-\S+\.amazonaws\.com\/([^\/]+)\/.+"), re.compile(r"http.?\:\/\/(\S+)\.s3\.amazonaws\.com\/.+"), re.compile(r"http.?\:\/\/(\S+)\.s3\-(\S+)\.amazonaws\.com"), - re.compile(r"s3\:\/\/([^\/]+)") + re.compile(r"s3\:\/\/([^\/]+)"), + re.compile(r"s3ssl\:\/\/([^\/]+)") ] try: # get S3 buckets diff --git a/source/msam/merge_template.json b/source/msam/merge_template.json index 9305e3a5..7bc9ea28 100644 --- a/source/msam/merge_template.json +++ b/source/msam/merge_template.json @@ -54,6 +54,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." }] } } @@ -112,6 +120,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } @@ -170,6 +186,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } @@ -228,6 +252,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } @@ -286,6 +318,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." }] } } @@ -344,6 +384,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } @@ -402,6 +450,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } @@ -460,6 +516,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with CloudWatch Logs permissions defined in different template." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." }] } } diff --git a/source/web-cloudformation/msam-browser-app-release.template b/source/web-cloudformation/msam-browser-app-release.template index bc385ef0..a941361f 100644 --- a/source/web-cloudformation/msam-browser-app-release.template +++ b/source/web-cloudformation/msam-browser-app-release.template @@ -265,6 +265,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with AWSLambdaBasicExecutionRole defined in different template." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." }] } } @@ -323,6 +331,14 @@ "rules_to_suppress": [{ "id": "W58", "reason": "Role with AWSLambdaBasicExecutionRole defined in different template." + }, + { + "id": "W89", + "reason": "Lambda does not need to be in a VPC." + }, + { + "id": "W92", + "reason": "Lambda does not need ReservedConcurrentExecutions." }] } }