Skip to content

Instantly share code, notes, and snippets.

@dagrz
Created June 26, 2016 09:26
Show Gist options
  • Save dagrz/fc65c4d3b0ddde4046f03646a985aa23 to your computer and use it in GitHub Desktop.
Save dagrz/fc65c4d3b0ddde4046f03646a985aa23 to your computer and use it in GitHub Desktop.
#!/usr/bin/env python
from __future__ import print_function
import json
import boto3
import random
import re
import string
def lambda_handler(event, context):
if event['detail']['eventName'] == 'DeleteUser':
deletedUser = event['detail']['requestParameters']['userName']
if re.match( r'^rabbit-\d{10}$', deletedUser, re.M|re.I):
client = boto3.client('iam')
newUser = 'rabbit-' + ''.join(random.choice(string.digits) for _ in range(10))
client.create_user(UserName = newUser)
newUser = 'rabbit-' + ''.join(random.choice(string.digits) for _ in range(10))
client.create_user(UserName = newUser)
return None
if __name__ == '__main__':
event = {
"account":"123456789012",
"region":"us-east-1",
"detail":{
"eventVersion":"1.02",
"eventID":"fb2a5c74-1234-1234-1234-1234560ddaf2",
"eventTime":"2016-06-26T02:06:50Z",
"requestParameters":{
"userName":"rabbit-1234567890"
},
"eventType":"AwsApiCall",
"responseElements": None,
"awsRegion":"us-east-1",
"eventName":"DeleteUser",
"userIdentity":{
"principalId":"123456789012",
"accessKeyId":"ABCDEFGHIJKLMNOPQRST",
"sessionContext":{
"attributes":{
"creationDate":"2016-06-26T00:57:02Z",
"mfaAuthenticated":"true"
}
},
"type":"Root",
"arn":"arn:aws:iam::123456789012:root",
"accountId":"123456789012"
},
"eventSource":"iam.amazonaws.com",
"requestID":"a53939f5-1234-1234-1234-35e68685372d",
"userAgent":"console.amazonaws.com",
"sourceIPAddress":"1.2.3.4"
},
"detail-type":"AWS API Call via CloudTrail",
"source":"aws.iam",
"version":"0",
"time":"2016-06-26T02:06:50Z",
"id":"e6209d69-1234-1234-1234-a347e6ad8dd4",
"resources":[
]
}
print(lambda_handler(event, None))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment