Python Lambda给了我一个;“关键错误”;
我正在尝试实现一个Lambda脚本,该脚本将检查新创建的s3存储桶上的加密。如果发现未加密的存储桶,我希望Lambda在这些存储桶上强制SSE-KMS。我正在使用以下代码:Python Lambda给了我一个;“关键错误”;,python,amazon-web-services,aws-lambda,Python,Amazon Web Services,Aws Lambda,我正在尝试实现一个Lambda脚本,该脚本将检查新创建的s3存储桶上的加密。如果发现未加密的存储桶,我希望Lambda在这些存储桶上强制SSE-KMS。我正在使用以下代码: from boto3 import resource, client from logging import getLogger, info, error, debug from os import environ from botocore.exceptions import ClientError SSEAlgorit
from boto3 import resource, client
from logging import getLogger, info, error, debug
from os import environ
from botocore.exceptions import ClientError
SSEAlgorithm = "aws:kms"
KMSMasterKeyID = environ['KMSMasterKeyID']
class Enforce_EBS_Encryption(object):
def __init__(self):
self.s3_client = client('s3')
self.logger = getLogger()
self.logger.setLevel("INFO")
self.unencryptedbucket = list()
def getlistofUnEncryptedBucket(self):
response = self.s3_client.list_buckets()
for bucket in response['Buckets']:
try:
resp_encryption = self.s3_client.get_bucket_encryption(
Bucket=bucket['Name']
)
rules = resp_encryption['ServerSideEncryptionConfiguration']['Rules']
info("{0} is already encrypted : Encryption : {1}".format(bucket['Name'],rules))
except ClientError as e:
if e.response['Error']['Code'] == 'ServerSideEncryptionConfigurationNotFoundError':
info("{0} is not encrypted but will be, No Encrytion found".format(bucket['Name']))
self.unencryptedbucket.append(bucket['Name'])
else:
error("Unexpected error on Bucket: {0}".format(bucket['Name']))
def _putEncryptiononSingleBucket(self,bucket_name):
resp = self.s3_client.put_bucket_encryption(
Bucket=bucket_name,
ServerSideEncryptionConfiguration={
'Rules': [
{
'ApplyServerSideEncryptionByDefault': {
'SSEAlgorithm': SSEAlgorithm,
'KMSMasterKeyID': KMSMasterKeyID
}
},
]
}
)
def forceEncrytionOnUnEncryptedBucket(self):
for bucket in self.unencryptedbucket:
self._putEncryptiononSingleBucket(bucket)
info("The Bucket : {0} has been encrypted with KMS key".format(bucket))
def lambda_handler(event, context):
print("***** Start Processing ****")
s3_encryption = Enforce_EBS_Encryption()
s3_encryption.getlistofUnEncryptedBucket()
s3_encryption.forceEncrytionOnUnEncryptedBucket()
print("***** End Processing ****")
但是,在测试时,我收到以下错误:
{
"errorMessage": "'KMSMasterKeyID'",
"errorType": "KeyError",
"stackTrace": [
" File \"/var/lang/lib/python3.7/imp.py\", line 234, in load_module\n return load_source(name, filename, file)\n",
" File \"/var/lang/lib/python3.7/imp.py\", line 171, in load_source\n module = _load(spec)\n",
" File \"<frozen importlib._bootstrap>\", line 696, in _load\n",
" File \"<frozen importlib._bootstrap>\", line 677, in _load_unlocked\n",
" File \"<frozen importlib._bootstrap_external>\", line 728, in exec_module\n",
" File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed\n",
" File \"/var/task/lambda_function.py\", line 7, in <module>\n KMSMasterKeyID = environ['KMSMasterKeyID']\n",
" File \"/var/lang/lib/python3.7/os.py\", line 681, in __getitem__\n raise KeyError(key) from None\n"
]
}
Request ID:
"1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6"
Function logs:
START RequestId: 1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6 Version: $LATEST
[ERROR] KeyError: 'KMSMasterKeyID'
Traceback (most recent call last):
File "/var/lang/lib/python3.7/imp.py", line 234, in load_module
return load_source(name, filename, file)
File "/var/lang/lib/python3.7/imp.py", line 171, in load_source
module = _load(spec)
File "<frozen importlib._bootstrap>", line 696, in _load
File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 728, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/var/task/lambda_function.py", line 7, in <module>
KMSMasterKeyID = environ['KMSMasterKeyID']
File "/var/lang/lib/python3.7/os.py", line 681, in __getitem__
raise KeyError(key) from None
END RequestId: 1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6
REPORT RequestId: 1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6 Duration: 4130.89 ms Billed Duration: 4200 ms Memory Size: 128 MB Max Memory Used: 25 MB
Unknown application error occurred
{
“errorMessage”:“KMSMasterKeyID”,
“errorType”:“KeyError”,
“stackTrace”:[
“File\”/var/lang/lib/python3.7/imp.py\”,第234行,在加载模块中\n返回加载源(名称、文件名、文件)\n“,
“File\”/var/lang/lib/python3.7/imp.py\”,第171行,在load\u source\n module=\u load(spec)\n中,
“文件\“\”,第696行,在加载\n中”,
“文件\“\”,第677行,在“加载\u解锁\n”中,
“文件\“\”,第728行,在执行模块中\n”,
“文件\“\”,第219行,在“已删除帧的调用”中\n“,
“File\”/var/task/lambda_function.py\”,第7行,在\n KMSMasterKeyID=environ['KMSMasterKeyID']\n中,
“文件\“/var/lang/lib/python3.7/os.py\”,第681行,在\uuuu getitem\uuu\n raise KeyError(key)from None中\n”
]
}
请求ID:
“1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6”
功能日志:
启动请求ID:1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6版本:$最新
[ERROR]KeyError:'KMSMasterKeyID'
回溯(最近一次呼叫最后一次):
加载模块中的文件“/var/lang/lib/python3.7/imp.py”,第234行
返回加载源(名称、文件名、文件)
文件“/var/lang/lib/python3.7/imp.py”,第171行,在load_source中
模块=_负载(规格)
文件“”,第696行,正在加载
文件“”,第677行,在\u加载\u解锁
exec_模块中第728行的文件“”
文件“”,第219行,在“调用”中,删除了“帧”
文件“/var/task/lambda_function.py”,第7行,在
KMSMasterKeyID=environ['KMSMasterKeyID']
文件“/var/lang/lib/python3.7/os.py”,第681行,在__
从“无”提升钥匙错误(钥匙)
结束请求ID:1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6
报告请求ID:1a3ceb27-f2ed-4cf9-8b89-87e593a75ac6持续时间:4130.89毫秒计费持续时间:4200毫秒内存大小:128 MB最大使用内存:25 MB
发生未知的应用程序错误
如有任何建议,将不胜感激,谢谢 在环境中找不到该变量。设置了吗?看起来您的环境没有
KMSMasterKeyID
变量。您在代码的其余部分所做的并不重要,因为它不运行。我应该在哪里设置该变量?我在KMS中看到多个密钥,只是不确定主密钥指的是什么。谢谢,只有您知道KMSMasterKeyID应该是什么。你自己写函数了吗?如果没有提到是谁写的,请询问KMSMasterKeyID
是什么。