Cleanup

david-dearden-ssc · david-dearden-ssc · commit 4ef0a4a44c86 · 2024-12-16T12:13:48.000-08:00
diff --git a/src/lambda/gc01_check_alerts_flag_misuse/app.py b/src/lambda/gc01_check_alerts_flag_misuse/app.py
@@ -115,6 +115,10 @@ def lambda_handler(event, context):
     logger.info("Received Event: %s", json.dumps(event, indent=2))
 
     invoking_event = json.loads(event["invokingEvent"])
+    if not is_scheduled_notification(invoking_event["messageType"]):
+        logger.error("Skipping assessments as this is not a scheduled invocation")
+        return
+
     rule_parameters = json.loads(event.get("ruleParameters", "{}"))
     valid_rule_parameters = check_required_parameters(rule_parameters, [])
     execution_role_name = valid_rule_parameters.get("ExecutionRoleName", "AWSA-GCLambdaExecutionRole")
@@ -123,10 +127,6 @@ def lambda_handler(event, context):
     is_not_audit_account = aws_account_id != audit_account_id
     evaluations = []
 
-    if not is_scheduled_notification(invoking_event["messageType"]):
-        logger.error("Skipping assessments as this is not a scheduled invocation")
-        return
-
     aws_config_client = get_client("config", aws_account_id, execution_role_name, is_not_audit_account)
     aws_s3_client = get_client("s3")
     aws_guard_duty_client = get_client("guardduty", aws_account_id, execution_role_name, is_not_audit_account)
diff --git a/src/lambda/gc02_check_account_mgmt_plan/app.py b/src/lambda/gc02_check_account_mgmt_plan/app.py
@@ -28,6 +28,10 @@ def lambda_handler(event, context):
     logger.info("Received Event: %s", json.dumps(event, indent=2))
 
     invoking_event = json.loads(event["invokingEvent"])
+    if not is_scheduled_notification(invoking_event["messageType"]):
+        logger.error("Skipping assessments as this is not a scheduled invocation")
+        return
+
     rule_parameters = json.loads(event.get("ruleParameters", "{}"))
     valid_rule_parameters = check_required_parameters(rule_parameters, ["s3ObjectPath"])
     execution_role_name = valid_rule_parameters.get("ExecutionRoleName", "AWSA-GCLambdaExecutionRole")
@@ -40,10 +44,6 @@ def lambda_handler(event, context):
     compliance_type = "NOT_APPLICABLE"
     annotation = "Guardrail only applicable in the Audit Account"
 
-    if not is_scheduled_notification(invoking_event["messageType"]):
-        logger.error("Skipping assessments as this is not a scheduled invocation")
-        return
-
     if is_not_audit_account:
         logger.info(
             "Account management plan document not checked in account %s - not the Audit account", aws_account_id
diff --git a/src/lambda/gc02_check_iam_password_policy/app.py b/src/lambda/gc02_check_iam_password_policy/app.py
@@ -144,6 +144,10 @@ def lambda_handler(event, context):
     """
     logger.info("Received Event: %s", json.dumps(event, indent=2))
 
+    invoking_event = json.loads(event["invokingEvent"])
+    if not is_scheduled_notification(invoking_event["messageType"]):
+        return
+
     password_assessment_policy = {
         "MinimumPasswordLength": 12,
         "RequireSymbols": True,
@@ -157,7 +161,6 @@ def lambda_handler(event, context):
         "HardExpiry": False,
     }
 
-    invoking_event = json.loads(event["invokingEvent"])
     rule_parameters = json.loads(event.get("ruleParameters", "{}"))
     valid_rule_parameters = evaluate_parameters(rule_parameters, password_assessment_policy)
     execution_role_name = valid_rule_parameters.get("ExecutionRoleName", "AWSA-GCLambdaExecutionRole")
@@ -167,9 +170,6 @@ def lambda_handler(event, context):
 
     evaluations = []
 
-    if not is_scheduled_notification(invoking_event["messageType"]):
-        return
-
     aws_config_client = get_client("config", aws_account_id, execution_role_name, is_not_audit_account)
     aws_iam_client = get_client("iam", aws_account_id, execution_role_name, is_not_audit_account)
 
diff --git a/src/lambda/gc12_check_marketplace/app.py b/src/lambda/gc12_check_marketplace/app.py
@@ -164,6 +164,10 @@ def lambda_handler(event, context):
     logger.info("Received Event: %s", json.dumps(event, indent=2))
 
     invoking_event = json.loads(event["invokingEvent"])
+    if not is_scheduled_notification(invoking_event["messageType"]):
+        logger.error("Skipping assessments as this is not a scheduled invocation")
+        return
+
     rule_parameters = json.loads(event.get("ruleParameters", "{}"))
     valid_rule_parameters = check_required_parameters(rule_parameters, [])
     execution_role_name = valid_rule_parameters.get("ExecutionRoleName", "AWSA-GCLambdaExecutionRole")
@@ -174,10 +178,6 @@ def lambda_handler(event, context):
     evaluations = []
     interval_between_calls = 0.1
 
-    if not is_scheduled_notification(invoking_event["messageType"]):
-        logger.error("Skipping assessments as this is not a scheduled invocation")
-        return
-
     aws_config_client = get_client("config", aws_account_id, execution_role_name, is_not_audit_account)
     aws_iam_client = get_client("iam", aws_account_id, execution_role_name, is_not_audit_account)
     aws_organizations_client = get_client("organizations", aws_account_id, execution_role_name, is_not_audit_account)
