garyellis/gist:aa45bf8f51578b44ac3ebf7cd9051751

## gistfile1.txt
---

Description: >-
  Manage default VPCs in the specified regions.


Parameters:
  State:
    Description: The default VPC desired state
    Type: String
    AllowedValues:
    - present
    - absent
    Default: present

  Regions:
    Description: A comma separated list of regions
    Type: String
    Default: ""

Conditions:
  UseRegionsList: !Not [!Equals [!Ref Regions, ""]]

Resources:
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: '/'
      Policies:
      - PolicyName: lambdaDefaultVPC
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            - logs:DescribeLogStreams
            Resource: arn:aws:logs:*:*
          - Effect: Allow
            Action:
            - ec2:Describe*
            Resource: '*'
          - Effect: Allow
            Action:
            - ec2:CreateDefaultVpc
            - ec2:DeleteVpc
            - ec2:DeleteSubnet
            - ec2:DeleteRoute
            - ec2:DetachInternetGateway
            - ec2:DeleteInternetGateway
            Resource: '*'

  LambdaDefaultVPCs:
    Type: AWS::Lambda::Function
    Properties:
      Description:  Delete unused default VPCs
      # FunctionName: defaultVPCs
      Handler: index.handler
      Role: !GetAtt [ LambdaExecutionRole, Arn ]
      Runtime: python2.7
      Timeout: 300
      Code:
        ZipFile: |
          import boto3
          import cfnresponse

          def handler(event, context):
              ""
              ec2_client = boto3.client('ec2')

              state = event['ResourceProperties']['state']

              regions_filter = []
              regions = []
              if len(event['ResourceProperties']['regions']) > 0:
                  regions_filter = event['ResourceProperties']['regions'].split(',')
                  regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions'] if region['RegionName'] in regions_filter]

              else:
                  regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions']]

              for region in regions:
                  r_client = boto3.client(service_name='ec2', region_name=region)
                  if region in regions:

                      if state == 'absent':
                          for vpc in default_vpc(r_client):
                              if  vpc_count_interfaces(r_client, vpc['VpcId']) > 0:
                                  print 'Skipping default VPC %s because there are resources deployed here' % vpc['VpcId']

                              else:
                                  print 'Deleting %s default VPC %s' % (region, vpc['VpcId'])
                                  delete_vpc(r_client,vpc['VpcId'])

                      if state == 'present':
                          if default_vpc(r_client):
                              print 'Skipping create default VPC in %s because one already exists' % region

                          else:
                              print 'Creating default VPC in %s' % region
                              r_client.create_default_vpc()

              # always send success response back to cloudfomration
              response_data = {'Data': {} }
              cfnresponse.send(event, context, cfnresponse.SUCCESS, response_data)

          def default_vpc(client):
              "Get the default VpcId of the current region"
              vpc_filter = [{ 'Name': 'isDefault', 'Values': ['true'] }]
              vpcs = client.describe_vpcs(Filters=vpc_filter)['Vpcs']

              default_vpcs = []
              for vpc in vpcs:
                  default_vpcs.append(vpc)

              return default_vpcs

          def vpc_count_interfaces(ec2_client, vpc_id):
              "Sum the total nummber of in-use ENI interfaces"
              vpc_filter = [{ 'Name': 'vpc-id', 'Values': [vpc_id] }]
              network_interfaces = ec2_client.describe_network_interfaces(Filters=vpc_filter)['NetworkInterfaces']

              interfaces_count = len(network_interfaces)
              return interfaces_count

          def delete_vpc(ec2_client, vpc_id):
              "deletes all vpc related resources"

              vpc_filter = [{'Name': 'vpc-id', 'Values': [vpc_id] }]

              # delete the subnets
              for subnet in ec2_client.describe_subnets(Filters=vpc_filter)['Subnets']:
                  print 'Deleting %s' % subnet['SubnetId']
                  ec2_client.delete_subnet(SubnetId=subnet['SubnetId'])

              vpc_igw_filter = [{'Name': 'attachment.vpc-id', 'Values': [vpc_id]}]
              for igw in ec2_client.describe_internet_gateways(Filters=vpc_igw_filter)['InternetGateways']:
                  ec2_client.detach_internet_gateway(InternetGatewayId=igw['InternetGatewayId'], VpcId=vpc_id)
                  ec2_client.delete_internet_gateway(InternetGatewayId=igw['InternetGatewayId'])

              # delete the default vpc
              ec2_client.delete_vpc(VpcId=vpc_id)

  DefaultVPCs:
    Type: Custom::DefaultVPCs
    Properties:
      ServiceToken: !GetAtt LambdaDefaultVPCs.Arn
      state: !Ref State
      regions: !Ref Regions
	---

	Description: >-
	Manage default VPCs in the specified regions.


	Parameters:
	State:
	Description: The default VPC desired state
	Type: String
	AllowedValues:
	- present
	- absent
	Default: present

	Regions:
	Description: A comma separated list of regions
	Type: String
	Default: ""

	Conditions:
	UseRegionsList: !Not [!Equals [!Ref Regions, ""]]

	Resources:
	LambdaExecutionRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: '/'
	Policies:
	- PolicyName: lambdaDefaultVPC
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- logs:CreateLogGroup
	- logs:CreateLogStream
	- logs:PutLogEvents
	- logs:DescribeLogStreams
	Resource: arn:aws:logs::
	- Effect: Allow
	Action:
	- ec2:Describe*
	Resource: '*'
	- Effect: Allow
	Action:
	- ec2:CreateDefaultVpc
	- ec2:DeleteVpc
	- ec2:DeleteSubnet
	- ec2:DeleteRoute
	- ec2:DetachInternetGateway
	- ec2:DeleteInternetGateway
	Resource: '*'

	LambdaDefaultVPCs:
	Type: AWS::Lambda::Function
	Properties:
	Description: Delete unused default VPCs
	# FunctionName: defaultVPCs
	Handler: index.handler
	Role: !GetAtt [ LambdaExecutionRole, Arn ]
	Runtime: python2.7
	Timeout: 300
	Code:
	ZipFile: \|
	import boto3
	import cfnresponse

	def handler(event, context):
	""
	ec2_client = boto3.client('ec2')

	state = event['ResourceProperties']['state']

	regions_filter = []
	regions = []
	if len(event['ResourceProperties']['regions']) > 0:
	regions_filter = event['ResourceProperties']['regions'].split(',')
	regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions'] if region['RegionName'] in regions_filter]

	else:
	regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions']]

	for region in regions:
	r_client = boto3.client(service_name='ec2', region_name=region)
	if region in regions:

	if state == 'absent':
	for vpc in default_vpc(r_client):
	if vpc_count_interfaces(r_client, vpc['VpcId']) > 0:
	print 'Skipping default VPC %s because there are resources deployed here' % vpc['VpcId']

	else:
	print 'Deleting %s default VPC %s' % (region, vpc['VpcId'])
	delete_vpc(r_client,vpc['VpcId'])

	if state == 'present':
	if default_vpc(r_client):
	print 'Skipping create default VPC in %s because one already exists' % region

	else:
	print 'Creating default VPC in %s' % region
	r_client.create_default_vpc()

	# always send success response back to cloudfomration
	response_data = {'Data': {} }
	cfnresponse.send(event, context, cfnresponse.SUCCESS, response_data)

	def default_vpc(client):
	"Get the default VpcId of the current region"
	vpc_filter = [{ 'Name': 'isDefault', 'Values': ['true'] }]
	vpcs = client.describe_vpcs(Filters=vpc_filter)['Vpcs']

	default_vpcs = []
	for vpc in vpcs:
	default_vpcs.append(vpc)

	return default_vpcs

	def vpc_count_interfaces(ec2_client, vpc_id):
	"Sum the total nummber of in-use ENI interfaces"
	vpc_filter = [{ 'Name': 'vpc-id', 'Values': [vpc_id] }]
	network_interfaces = ec2_client.describe_network_interfaces(Filters=vpc_filter)['NetworkInterfaces']

	interfaces_count = len(network_interfaces)
	return interfaces_count

	def delete_vpc(ec2_client, vpc_id):
	"deletes all vpc related resources"

	vpc_filter = [{'Name': 'vpc-id', 'Values': [vpc_id] }]

	# delete the subnets
	for subnet in ec2_client.describe_subnets(Filters=vpc_filter)['Subnets']:
	print 'Deleting %s' % subnet['SubnetId']
	ec2_client.delete_subnet(SubnetId=subnet['SubnetId'])

	vpc_igw_filter = [{'Name': 'attachment.vpc-id', 'Values': [vpc_id]}]
	for igw in ec2_client.describe_internet_gateways(Filters=vpc_igw_filter)['InternetGateways']:
	ec2_client.detach_internet_gateway(InternetGatewayId=igw['InternetGatewayId'], VpcId=vpc_id)
	ec2_client.delete_internet_gateway(InternetGatewayId=igw['InternetGatewayId'])

	# delete the default vpc
	ec2_client.delete_vpc(VpcId=vpc_id)

	DefaultVPCs:
	Type: Custom::DefaultVPCs
	Properties:
	ServiceToken: !GetAtt LambdaDefaultVPCs.Arn
	state: !Ref State
	regions: !Ref Regions