import json import boto3 ddb = boto3.client('dynamodb') codecommit = boto3.client('codecommit') targetarn = 'arn:aws:codecommit:us-west-2:932028523435:authorized_keys' def lambda_handler(event, context): # { # "Records": [ # { # "awsRegion": "us-west-2", # "codecommit": { # "references": [ # { # "commit": "5c4ef1049f1d27deadbeeff313e0730018be182b", # "ref": "refs/heads/master" # } # ] # }, # "customData": "this is custom data", # "eventId": "5a824061-17ca-46a9-bbf9-114edeadbeef", # "eventName": "TriggerEventTest", # "eventPartNumber": 1, # "eventSource": "aws:codecommit", # "eventSourceARN": "arn:aws:codecommit:us-west-2:123456789012:repo", # "eventTime": "2016-01-01T23:59:59.000+0000", # "eventTotalParts": 1, # "eventTriggerConfigId": "5a824061-17ca-46a9-bbf9-114edeadbeef", # "eventTriggerName": "my-trigger", # "eventVersion": "1.0", # "userIdentityARN": "arn:aws:iam::123456789012:root" # } # ] # } print(json.dumps(event)) records = event["Records"] if records is None or len(records) == 0: raise RuntimeError('No records property in event') print(records) for record in records: repoArn = record['eventSourceARN'] if repoArn is None: print('no eventSourceARN on record') continue print('Record from ARN' + repoArn) if repoArn != targetarn: print('Not target ARN. Continuting') continue resp = codecommit.get_file(repositoryName='authorized_keys', filePath='authorized_keys') data = resp['fileContent'].decode("utf-8") ddbitem = ddb.scan(TableName='key') # ddbitem['Items']... found = False for item in ddbitem['Items']: # should be only one anyway - whatever if item['key']['S'] == data: found = True break if found: print('no change to keys. continuing') continue # Something's changed - let's make the update in DDB ddb.put_item(TableName='key', Item={'key': {'S': data}}) for item in ddbitem['Items']: # should be only one anyway - whatever print('deleting old item') ddb.delete_item(TableName='key', Key=item) print('All records processed') return { 'statusCode': 200, 'body': json.dumps('Processing complete') }