From 49a7501946eb9c3011e3ba9dcf0ee07938e582d3 Mon Sep 17 00:00:00 2001 From: Kanika Bathla Date: Mon, 9 Aug 2021 14:08:05 +0530 Subject: [PATCH 1/2] uploaded yaml and code files --- aws-setup/LambdaCode.py | 119 ++++++++++++ aws-setup/yaml/RoleTemplateProduction.yaml | 80 ++++++++ aws-setup/yaml/snsandlambdaProduction.yaml | 215 +++++++++++++++++++++ 3 files changed, 414 insertions(+) create mode 100644 aws-setup/LambdaCode.py create mode 100644 aws-setup/yaml/RoleTemplateProduction.yaml create mode 100644 aws-setup/yaml/snsandlambdaProduction.yaml diff --git a/aws-setup/LambdaCode.py b/aws-setup/LambdaCode.py new file mode 100644 index 0000000..f28ee2c --- /dev/null +++ b/aws-setup/LambdaCode.py @@ -0,0 +1,119 @@ +import os +import boto3 +import json +from botocore.vendored import requests + +def handler(event, context): + message = event['Records'][0]['Sns']['Message'] + res = {} + for sub in message.split('\n'): + if '=' in sub: + #removing single quote from our input + g1 = [x.strip("'") for x in sub.split('=',1)] + res[g1[0]]=g1[1]; + + name=res['StackName']; + resource_status= res['ResourceStatus']; + namespace=res['Namespace']; + resourceType=res['ResourceType'] + + if resource_status == 'CREATE_COMPLETE' and resourceType=='AWS::IAM::Role': + print('getting stack information'); + client = boto3.client('cloudformation'); + response = client.describe_stacks(StackName = name); + # parse + parameter_array=response['Stacks'][0]['Parameters']; + #iterate list for set of parameters + bucketName=""; + rolearn=""; + prefix=""; + accountid=""; + region=""; + externalid=""; + namespaces=""; + secretname=""; + hostname=""; + for item in parameter_array: + if item['ParameterKey']=='BucketName': + bucketName=item['ParameterValue']; + elif item['ParameterKey']=='ExternalId': + externalid=item['ParameterValue']; + elif item['ParameterKey']=='Prefix': + prefix=item['ParameterValue']; + elif item['ParameterKey']=='IAMRoleName': + rolearn=item['ParameterValue']; + elif item['ParameterKey']=='WavefrontAWSAccountId': + accountid=item['ParameterValue']; + elif item['ParameterKey']=='Region': + region=item['ParameterValue']; + elif item['ParameterKey']=='Namespace': + namespaces=item['ParameterValue']; + elif item['ParameterKey']=='SecretName': + secretname=item['ParameterValue']; + elif item['ParameterKey']=='Hostname': + hostname=item['ParameterValue']; + + roleARN= "arn:aws:iam::"+namespace+":role/"+rolearn; + print('Sending request to cluster'); + #make http call to cluster + + data={"roleArn":roleARN,"externalId":externalid} + + headers = { + "Authorization": getSecret(secretname), + "Content-Type": "application/json" + } + #send req to create awsmetric+ and cloudwatch + url_all= hostname+"/api/external/all?name=AWS"; + resp_all= requests.post(url_all,headers=headers, data=json.dumps(data)); + print("output for Cloudwatch and AWSmetric+ creation"); + print(resp_all); + id=getId(hostname,headers,roleARN, secretname); + + + #if bucket non empty, create cloudtrail also + if bucketName!="" and prefix=="": + cloudtrail_data= {"name": "cloudtrail integration","service": "cloudTrail","cloudTrail": {"prefix":"","region": "us-west-2","baseCredentials": {"externalId": externalid,"roleArn": roleARN},"bucketName":bucketName}} + elif bucketName!="" and prefix!="": + cloudtrail_data= {"name": "cloudtrail integration","service": "cloudTrail","cloudTrail": {"prefix":prefix,"region": "us-west-2","baseCredentials": {"externalId": externalid,"roleArn": roleARN},"bucketName":bucketName}} + + if bucketName!="": + API_URL=hostname+"/api/v2/cloudintegration"; + r = requests.post(API_URL, headers=headers, data=json.dumps(cloudtrail_data)); + print(r.content); + + #UPDATE based on namespaces + if namespaces!="": + #make call for put request in AWS cloudwatch + print("calling namespace update"); + url_namespace= hostname+"/api/v2/cloudintegration/"+id; + cloudwatchNamespaceData= {"name": "cloudwatch integration","service": "CLOUDWATCH","cloudWatch": {"baseCredentials": {"externalId": externalid ,"roleArn": roleARN},"namespaces": []}} + splitstring=namespaces.split(","); + for val in splitstring: + if val=='Backup' or val== 'Glue' or val=='WAF': + cloudwatchNamespaceData['cloudWatch']['namespaces'].append(val) + else: + value='AWS/'+val; + cloudwatchNamespaceData['cloudWatch']['namespaces'].append(value); + responseNamespace= requests.put(url_namespace,headers=headers,data=json.dumps(cloudwatchNamespaceData)); + +def getId(hostname, headers,roleArn, secretname): + url_to_get_id= hostname+ "/api/v2/cloudintegration"; + response= requests.get(url_to_get_id,headers=headers); + jsonResponse = response.json(); + jsonArray=jsonResponse['response']['items'] + id=""; + for jsons in jsonArray: + if jsons['service'].lower()=='cloudwatch': + cred=jsons['cloudWatch']['baseCredentials']; + if cred['roleArn']==roleArn: + id=jsons['id']; + break; + return id; + +def getSecret(secretname): + secrets = boto3.client("secretsmanager"); + apiToken = secrets.get_secret_value(SecretId=secretname); + print("getting secret"); + tokenJson=json.loads(apiToken['SecretString']); + return tokenJson['token']; diff --git a/aws-setup/yaml/RoleTemplateProduction.yaml b/aws-setup/yaml/RoleTemplateProduction.yaml new file mode 100644 index 0000000..ad6db2a --- /dev/null +++ b/aws-setup/yaml/RoleTemplateProduction.yaml @@ -0,0 +1,80 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: IAM role for Wavefront AWS Integration +Parameters: + ExternalId: + Description: >- + External ID for the Wavefront role + Type: String + IAMRoleName: + Description: Customize the name of IAM role for Wavefront AWS integration + Type: String + Default: WavefrontIntegrationRole + WavefrontAWSAccountId: + Description: >- + Wavefront AWS account ID allowed to assume the integration IAM role. DO NOT CHANGE! + Type: String + Default: "301213811993" + WavefrontPolicy: + Description: >- + policy requirement + Type: String + Default: "arn:aws:iam::aws:policy/ReadOnlyAccess" + BucketName: + Description: bucket name for Wavefront AWS integration + Type: String + Default: "" + Prefix: + Description: bucket prefix for Wavefront AWS integration + Type: String + Default: "" + Region: + Description: bucket region for Wavefront AWS integration + Type: String + Default: "us-west-2" + Namespace: + Description: comma separated services for Wavefront AWS integration + Type: String + Default: "" + SecretName: + Description: name of the secret manager for storing API token for Wavefront AWS integration + Type: String + Default: "wftoken" + Hostname: + Description: hostname for Wavefront AWS integration + Type: String + Default: "https://nimba.wavefront.com" +Resources: + WavefrontIntegrationRole: + Type: 'AWS::IAM::Role' + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + AWS: !Sub + - 'arn:aws:iam::${WavefrontAWSAccountId}:root' + - { WavefrontAWSAccountId: !Ref WavefrontAWSAccountId} + Action: + - 'sts:AssumeRole' + Condition: + StringEquals: + 'sts:ExternalId': !Ref ExternalId + Path: / + RoleName: !Ref IAMRoleName + ManagedPolicyArns: + - !Ref WavefrontPolicy +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Required + Parameters: + - ExternalId + - IAMRoleName +Outputs: + IAMRoleName: + Description: AWS IAM Role name to be used with the Wavefront AWS Integration + Value: !Ref WavefrontIntegrationRole + Export: + Name: "Wavefront-IAMRoleName" \ No newline at end of file diff --git a/aws-setup/yaml/snsandlambdaProduction.yaml b/aws-setup/yaml/snsandlambdaProduction.yaml new file mode 100644 index 0000000..0912eb0 --- /dev/null +++ b/aws-setup/yaml/snsandlambdaProduction.yaml @@ -0,0 +1,215 @@ +--- +# Stack name: cloudformation-notifications +AWSTemplateFormatVersion: "2010-09-09" +Description: "Configure SNS topics to subscribe to specific CloudFormation notifications and forward them to users" + +Resources: + # IAM role and inline policy for Lambda function + LambdaRole: + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - + Effect: "Allow" + Principal: + Service: + - "lambda.amazonaws.com" + Action: + - "sts:AssumeRole" + Path: "/" + Policies: + - + PolicyName: "cloudformation-notifications-lambda-role-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - + Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + Resource: "arn:aws:logs:*:*:*" + - + Effect: "Allow" + Action: + - "xray:PutTelemetryRecords" + - "xray:PutTraceSegments" + Resource: "*" + - + Effect: "Allow" + Action: + - "cloudformation:*" + Resource: "*" + - + Effect: "Allow" + Action: + - "secretsmanager:*" + Resource: "*" + # Lambda function to catch CloudFormation events (forwarded by SNS) and create new SNS notifications from them + LambdaFunction: + Type: "AWS::Lambda::Function" + Properties: + FunctionName: "cloudformation-notify-lambda" + Description: "Forward CloudFormation notifications to SNS topic" + Handler: "index.handler" + Role: !GetAtt "LambdaRole.Arn" + Environment: + Variables: + NOTIFICATION_TYPES: "CREATE_COMPLETE" + Code: + ZipFile: | + import os + import boto3 + import json + from botocore.vendored import requests + + def handler(event, context): + message = event['Records'][0]['Sns']['Message'] + res = {} + for sub in message.split('\n'): + if '=' in sub: + #removing single quote from our input + g1 = [x.strip("'") for x in sub.split('=',1)] + res[g1[0]]=g1[1]; + + name=res['StackName']; + resource_status= res['ResourceStatus']; + namespace=res['Namespace']; + ResourceType=res['ResourceType'] + + if resource_status == 'CREATE_COMPLETE' and ResourceType=='AWS::IAM::Role': + print('getting stack information'); + client = boto3.client('cloudformation'); + response = client.describe_stacks(StackName = name); + # parse + parameter_array=response['Stacks'][0]['Parameters']; + #iterate list for set of parameters + bucketName=""; + rolearn=""; + prefix=""; + accountid=""; + region=""; + externalid=""; + namespaces=""; + secretname=""; + hostname=""; + for item in parameter_array: + if item['ParameterKey']=='BucketName': + bucketName=item['ParameterValue']; + elif item['ParameterKey']=='ExternalId': + externalid=item['ParameterValue']; + elif item['ParameterKey']=='Prefix': + prefix=item['ParameterValue']; + elif item['ParameterKey']=='IAMRoleName': + rolearn=item['ParameterValue']; + elif item['ParameterKey']=='WavefrontAWSAccountId': + accountid=item['ParameterValue']; + elif item['ParameterKey']=='Region': + region=item['ParameterValue']; + elif item['ParameterKey']=='Namespace': + namespaces=item['ParameterValue']; + elif item['ParameterKey']=='SecretName': + secretname=item['ParameterValue']; + elif item['ParameterKey']=='Hostname': + hostname=item['ParameterValue']; + + roleARN= "arn:aws:iam::"+namespace+":role/"+rolearn; + print('Sending request to cluster'); + #make http call to cluster + + data={"roleArn":roleARN,"externalId":externalid} + + headers = { + "Authorization": getSecret(secretname), + "Content-Type": "application/json" + } + #send req to create awsmetric+ and cloudwatch + url_all= hostname+"/api/external/all?name=AWS"; + resp_all= requests.post(url_all,headers=headers, data=json.dumps(data)); + print("output for Cloudwatch and AWSmetric+ creation"); + print(resp_all); + id=getId(hostname,headers,roleARN, secretname); + + + #if bucket non empty, create cloudtrail also + if bucketName!="" and prefix=="": + cloudtrail_data= {"name": "cloudtrail integration","service": "cloudTrail","cloudTrail": {"prefix":"","region": "us-west-2","baseCredentials": {"externalId": externalid,"roleArn": roleARN},"bucketName":bucketName}} + elif bucketName!="" and prefix!="": + cloudtrail_data= {"name": "cloudtrail integration","service": "cloudTrail","cloudTrail": {"prefix":prefix,"region": "us-west-2","baseCredentials": {"externalId": externalid,"roleArn": roleARN},"bucketName":bucketName}} + + if bucketName!="": + API_URL=hostname+"/api/v2/cloudintegration"; + r = requests.post(API_URL, headers=headers, data=json.dumps(cloudtrail_data)); + print(r.content); + + #UPDATE based on namespaces + if namespaces!="": + #make call for put request in AWS cloudwatch + print("calling namespace update"); + url_namespace= hostname+"/api/v2/cloudintegration/"+id; + cloudwatchNamespaceData= {"name": "cloudwatch integration","service": "CLOUDWATCH","cloudWatch": {"baseCredentials": {"externalId": externalid ,"roleArn": roleARN},"namespaces": []}} + splitstring=namespaces.split(","); + for val in splitstring: + if val=='Backup' or val== 'Glue' or val=='WAF': + cloudwatchNamespaceData['cloudWatch']['namespaces'].append(val) + else: + value='AWS/'+val; + cloudwatchNamespaceData['cloudWatch']['namespaces'].append(value); + print(cloudwatchNamespaceData); + responseNamespace= requests.put(url_namespace,headers=headers,data=json.dumps(cloudwatchNamespaceData)); + + def getId(hostname, headers,roleArn, secretname): + url_to_get_id= hostname+ "/api/v2/cloudintegration"; + response= requests.get(url_to_get_id,headers=headers); + jsonResponse = response.json(); + jsonArray=jsonResponse['response']['items'] + id=""; + for jsons in jsonArray: + if jsons['service'].lower()=='cloudwatch': + cred=jsons['cloudWatch']['baseCredentials']; + if cred['roleArn']==roleArn: + id=jsons['id']; + break; + return id; + + def getSecret(secretname): + secrets = boto3.client("secretsmanager"); + apiToken = secrets.get_secret_value(SecretId=secretname); + print("getting secret"); + tokenJson=json.loads(apiToken['SecretString']); + return tokenJson['token']; + + Runtime: "python3.6" + Timeout: "90" + TracingConfig: + Mode: "Active" + + # SNS topic and inline subscription to forward events to Lambda function + SNSTopicCloudFormation: + Type: "AWS::SNS::Topic" + Properties: + DisplayName: snsteststack + Subscription: + - + Endpoint: !GetAtt "LambdaFunction.Arn" + Protocol: "lambda" + DependsOn: "LambdaFunction" + + # Lambda permission to allow SNS to forward events to Lambda function + LambdaPermission: + Type: "AWS::Lambda::Permission" + Properties: + Action: "lambda:InvokeFunction" + Principal: "sns.amazonaws.com" + SourceArn: !Ref "SNSTopicCloudFormation" + FunctionName: !GetAtt "LambdaFunction.Arn" + +Outputs: + SNSTopicCloudFormation: + Description: "ARN of CloudFormation SNS topic - use this value with --notification-arns when creating other stacks" + Value: !Ref "SNSTopicCloudFormation" + Export: + Name: "sns-topic-cloudformation" \ No newline at end of file From f1a73219ca0a0f517ab6525f28b46025cd9026f3 Mon Sep 17 00:00:00 2001 From: Kanika Bathla Date: Tue, 17 Aug 2021 18:59:57 +0530 Subject: [PATCH 2/2] updated code based on scan --- aws-setup/LambdaCode.py | 230 ++++++++++++++++++++++------------------ 1 file changed, 126 insertions(+), 104 deletions(-) diff --git a/aws-setup/LambdaCode.py b/aws-setup/LambdaCode.py index f28ee2c..0554927 100644 --- a/aws-setup/LambdaCode.py +++ b/aws-setup/LambdaCode.py @@ -1,119 +1,141 @@ -import os -import boto3 +"""System module.""" import json +import boto3 from botocore.vendored import requests + def handler(event, context): + """Creates a AWS setup.""" message = event['Records'][0]['Sns']['Message'] res = {} for sub in message.split('\n'): - if '=' in sub: - #removing single quote from our input - g1 = [x.strip("'") for x in sub.split('=',1)] - res[g1[0]]=g1[1]; + if '=' in sub: + # removing single quote from our input + data = [x.strip("'") for x in sub.split('=', 1)] + res[data[0]] = data[1] + + if ( + res['ResourceStatus'] == 'CREATE_COMPLETE' + and res['ResourceType'] == 'AWS::IAM::Role' + ): + # getting stack information + client = boto3.client('cloudformation') + response = client.describe_stacks(StackName=res['StackName']) + # parse + parameter_array = response['Stacks'][0]['Parameters'] + # iterate list for set of parameters + parameters = {} + for item in parameter_array: + parameters[item['ParameterKey']] = item['ParameterValue'] + + bucket_name = parameters.get('BucketName') + rolearn = parameters.get('IAMRoleName') + prefix = parameters.get('Prefix') + region = parameters.get('Region') + externalid = parameters.get('ExternalId') + namespaces = parameters.get('Namespace') + secretname = parameters.get('SecretName') + hostname = parameters.get('Hostname') - name=res['StackName']; - resource_status= res['ResourceStatus']; - namespace=res['Namespace']; - resourceType=res['ResourceType'] + role_arn = "arn:aws:iam::" + res['Namespace'] + ":role/" + rolearn + # make http call to cluster + data = {"roleArn": role_arn, "externalId": externalid} + headers = { + "Authorization": gßet_secret(secretname), + "Content-Type": "application/json" + } + # send req to create awsmetric+ and cloudwatch + url_all = hostname + "/api/external/all?name=AWS" + requests.post(url_all, headers=headers, data=json.dumps(data)) + integration_id = get_id(hostname, headers, role_arn) + # if bucket non empty, create cloudtrail also + cloudtrail_data = get_request_data(region, + externalid, + role_arn, prefix, bucket_name) + if bucket_name != "": + api_url = hostname+"/api/v2/cloudintegration" + requests.post(api_url, + headers=headers, + data=json.dumps(cloudtrail_data)) - if resource_status == 'CREATE_COMPLETE' and resourceType=='AWS::IAM::Role': - print('getting stack information'); - client = boto3.client('cloudformation'); - response = client.describe_stacks(StackName = name); - # parse - parameter_array=response['Stacks'][0]['Parameters']; - #iterate list for set of parameters - bucketName=""; - rolearn=""; - prefix=""; - accountid=""; - region=""; - externalid=""; - namespaces=""; - secretname=""; - hostname=""; - for item in parameter_array: - if item['ParameterKey']=='BucketName': - bucketName=item['ParameterValue']; - elif item['ParameterKey']=='ExternalId': - externalid=item['ParameterValue']; - elif item['ParameterKey']=='Prefix': - prefix=item['ParameterValue']; - elif item['ParameterKey']=='IAMRoleName': - rolearn=item['ParameterValue']; - elif item['ParameterKey']=='WavefrontAWSAccountId': - accountid=item['ParameterValue']; - elif item['ParameterKey']=='Region': - region=item['ParameterValue']; - elif item['ParameterKey']=='Namespace': - namespaces=item['ParameterValue']; - elif item['ParameterKey']=='SecretName': - secretname=item['ParameterValue']; - elif item['ParameterKey']=='Hostname': - hostname=item['ParameterValue']; + # update based on namespaces + if namespaces != "": + # make call for put request in AWS cloudwatch + url_namespace = hostname + "/api/v2/cloudintegration/" + integration_id + namespace_data = { + "name": "cloudwatch integration", + "service": "CLOUDWATCH", + "cloudWatch": + { + "baseCredentials": + {"externalId": externalid, + "roleArn": role_arn}, "namespaces": []}} + exclude_value = ['Backup', 'Glue', 'WAF'] + for val in namespaces.split(","): + if val in exclude_value: + namespace_data['cloudWatch']['namespaces'].append(val) + else: + value = 'AWS/'+val + namespace_data['cloudWatch']['namespaces'].append(value) + requests.put(url_namespace, + headers=headers, + data=json.dumps(namespace_data)) - roleARN= "arn:aws:iam::"+namespace+":role/"+rolearn; - print('Sending request to cluster'); - #make http call to cluster - data={"roleArn":roleARN,"externalId":externalid} - - headers = { - "Authorization": getSecret(secretname), - "Content-Type": "application/json" - } - #send req to create awsmetric+ and cloudwatch - url_all= hostname+"/api/external/all?name=AWS"; - resp_all= requests.post(url_all,headers=headers, data=json.dumps(data)); - print("output for Cloudwatch and AWSmetric+ creation"); - print(resp_all); - id=getId(hostname,headers,roleARN, secretname); - +def get_id(hostname, headers, role_arn): + """Returns the cloudintegration Id.""" + url_to_get_id = hostname + "/api/v2/cloudintegration" + response = requests.get(url_to_get_id, headers=headers) + json_response = response.json() + json_array = json_response['response']['items'] + integration_id = "" + for jsons in json_array: + if jsons['service'].lower() == 'cloudwatch': + cred = jsons['cloudWatch']['baseCredentials'] + if cred['roleArn'] == role_arn: + integration_id = jsons['id'] + break + return integration_id - #if bucket non empty, create cloudtrail also - if bucketName!="" and prefix=="": - cloudtrail_data= {"name": "cloudtrail integration","service": "cloudTrail","cloudTrail": {"prefix":"","region": "us-west-2","baseCredentials": {"externalId": externalid,"roleArn": roleARN},"bucketName":bucketName}} - elif bucketName!="" and prefix!="": - cloudtrail_data= {"name": "cloudtrail integration","service": "cloudTrail","cloudTrail": {"prefix":prefix,"region": "us-west-2","baseCredentials": {"externalId": externalid,"roleArn": roleARN},"bucketName":bucketName}} - if bucketName!="": - API_URL=hostname+"/api/v2/cloudintegration"; - r = requests.post(API_URL, headers=headers, data=json.dumps(cloudtrail_data)); - print(r.content); - - #UPDATE based on namespaces - if namespaces!="": - #make call for put request in AWS cloudwatch - print("calling namespace update"); - url_namespace= hostname+"/api/v2/cloudintegration/"+id; - cloudwatchNamespaceData= {"name": "cloudwatch integration","service": "CLOUDWATCH","cloudWatch": {"baseCredentials": {"externalId": externalid ,"roleArn": roleARN},"namespaces": []}} - splitstring=namespaces.split(","); - for val in splitstring: - if val=='Backup' or val== 'Glue' or val=='WAF': - cloudwatchNamespaceData['cloudWatch']['namespaces'].append(val) - else: - value='AWS/'+val; - cloudwatchNamespaceData['cloudWatch']['namespaces'].append(value); - responseNamespace= requests.put(url_namespace,headers=headers,data=json.dumps(cloudwatchNamespaceData)); +def get_request_data(region, externalid, role_arn, prefix, bucket_name): + """Returns the cloudtrail request data.""" + cloudtrail_data = "" + if bucket_name != "" and prefix == "": + cloudtrail_data = { + "name": "cloudtrail integration", + "service": "cloudTrail", + "cloudTrail": + { + "prefix": "", + "region": region, + "baseCredentials": + {"externalId": externalid, + "roleArn": role_arn}, + "bucketName": bucket_name + }} + elif bucket_name != "" and prefix != "": + cloudtrail_data = { + "name": "cloudtrail integration", + "service": "cloudTrail", + "cloudTrail": + { + "prefix": prefix, + "region": region, + "baseCredentials": + {"externalId": externalid, + "roleArn": role_arn}, + "bucketName": bucket_name + }} + return cloudtrail_data -def getId(hostname, headers,roleArn, secretname): - url_to_get_id= hostname+ "/api/v2/cloudintegration"; - response= requests.get(url_to_get_id,headers=headers); - jsonResponse = response.json(); - jsonArray=jsonResponse['response']['items'] - id=""; - for jsons in jsonArray: - if jsons['service'].lower()=='cloudwatch': - cred=jsons['cloudWatch']['baseCredentials']; - if cred['roleArn']==roleArn: - id=jsons['id']; - break; - return id; -def getSecret(secretname): - secrets = boto3.client("secretsmanager"); - apiToken = secrets.get_secret_value(SecretId=secretname); - print("getting secret"); - tokenJson=json.loads(apiToken['SecretString']); - return tokenJson['token']; +def get_secret(secretname): + """Get the token for the Wavefront API calls. + Args: secretname (String) + Returns: String: token_json['token']""" + secrets = boto3.client("secretsmanager") + api_token = secrets.get_secret_value(SecretId=secretname) + print("getting secret") + token_json = json.loads(api_token['SecretString']) + return token_json['token']