Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import json
- import boto3
- import uuid
- from botocore.vendored import requests
- def lambda_handler(event, context):
- print ("Rec event: ")
- print (event)
- resource_type = event['ResourceType']
- request_type = event['RequestType']
- resource_properties = event['ResourceProperties']
- hosted_zone_id = resource_properties['HostedZoneId']
- physical_resource_id = event.get('PhysicalResourceId', unicode(uuid.uuid4()))
- try:
- if resource_type == "Custom::AmazonSesVerificationRecords99":
- if request_type == 'Create':
- verify_ses(hosted_zone_id=hosted_zone_id, action='UPSERT')
- elif request_type == 'Delete':
- verify_ses(hosted_zone_id=hosted_zone_id, action='DELETE')
- elif request_type == 'Update':
- old_hosted_zone_id = event['OldResourceProperties']['HostedZoneId']
- verify_ses(hosted_zone_id=old_hosted_zone_id, action='DELETE')
- verify_ses(hosted_zone_id=hosted_zone_id, action='UPSERT')
- else:
- print ('Request type is {request_type}, doing nothing.'.format(request_type=request_type) )
- response_data = {}
- else:
- raise ValueError("Unexpected resource_type: {resource_type}".format(resource_type=resource_type))
- except Exception:
- send(
- event,
- context,
- responseStatus="FAILED" if request_type != 'Delete' else "SUCCESS",
- responseData=None,
- physicalResourceId=physical_resource_id,
- )
- raise
- else:
- send(
- event,
- context,
- responseStatus="SUCCESS",
- responseData=response_data,
- physicalResourceId=physical_resource_id,
- )
- def verify_ses(hosted_zone_id, action):
- ses = boto3.client('ses')
- print ("Retrieving Hosted Zone name")
- hosted_zone_name = _get_hosted_zone_name(hosted_zone_id=hosted_zone_id)
- print ('Hosted zone name: {hosted_zone_name}'.format(hosted_zone_name=hosted_zone_name))
- domain = hosted_zone_name.rstrip('.')
- verification_token = ses.verify_domain_identity(
- Domain=domain
- )['VerificationToken']
- dkim_tokens = ses.verify_domain_dkim(
- Domain=domain
- )['DkimTokens']
- print ('Changing resource record sets')
- changes = [
- {
- 'Action': action,
- 'ResourceRecordSet': {
- 'Name': "_amazonses.{hosted_zone_name}".format(hosted_zone_name=hosted_zone_name),
- 'Type': 'TXT',
- 'TTL': 1800,
- 'ResourceRecords': [
- {
- 'Value': '"{verification_token}"'.format(verification_token=verification_token)
- }
- ]
- }
- }
- ]
- for dkim_token in dkim_tokens:
- change = {
- 'Action': action,
- 'ResourceRecordSet': {
- 'Name': "{dkim_token}._domainkey.{hosted_zone_name}".format(
- dkim_token=dkim_token,
- hosted_zone_name=hosted_zone_name
- ),
- 'Type': 'CNAME',
- 'TTL': 1800,
- 'ResourceRecords': [
- {
- 'Value': "{dkim_token}.dkim.dev.cloudtpsoftware.com".format(dkim_token=dkim_token)
- }
- ]
- }
- }
- changes.append(change)
- boto3.client('route53').change_resource_record_sets(
- ChangeBatch={
- 'Changes': changes
- },
- HostedZoneId=hosted_zone_id
- )
- def _get_hosted_zone_name(hosted_zone_id):
- route53 = boto3.client('route53')
- route53_resp = route53.get_hosted_zone(
- Id=hosted_zone_id
- )
- return route53_resp['HostedZone']['Name']
- def send(event, context, responseStatus, responseData, physicalResourceId):
- responseUrl = event['ResponseURL']
- print (responseUrl)
- responseBody = {}
- responseBody['Status'] = responseStatus
- responseBody['Reason'] = 'details in CloudWatch: ' + context.log_stream_name
- responseBody['PhysicalResourceId'] = physicalResourceId
- responseBody['StackId'] = event['StackId']
- responseBody['RequestId'] = event['RequestId']
- responseBody['LogicalResourceId'] = event['LogicalResourceId']
- responseBody['Data'] = responseData
- json_responseBody = json.dumps(responseBody)
- print ("Response body:\n" + json_responseBody)
- headers = {
- 'content-type': '',
- 'content-length': str(len(json_responseBody))
- }
- try:
- response = requests.put(responseUrl,
- data=json_responseBody,
- headers=headers)
- print ("Status code: " + response.reason)
- except Exception as e:
- print ("send(..)failed" + str(e))
- def verify_domain_dkim(self, domain):
- """
- Returns a set of DNS records, or tokens, that must be published in the
- domain name's DNS to complete the DKIM verification process. These
- tokens are DNS ``CNAME`` records that point to DKIM public keys hosted
- by Amazon SES. To complete the DKIM verification process, these tokens
- must be published in the domain's DNS. The tokens must remain
- published in order for Easy DKIM signing to function correctly.
- After the tokens are added to the domain's DNS, Amazon SES will be able
- to DKIM-sign email originating from that domain. To enable or disable
- Easy DKIM signing for a domain, use the ``SetIdentityDkimEnabled``
- action. For more information about Easy DKIM, go to the `Amazon SES
- Developer Guide
- <http://docs.amazonwebservices.com/ses/latest/DeveloperGuide>`_.
- :type domain: string
- :param domain: The domain name.
- """
- return self._make_request('VerifyDomainDkim', {
- 'Domain': domain,
- })
- def verify_email_address(self, email_address):
- """Verifies an email address. This action causes a confirmation email
- message to be sent to the specified address.
- :type email_adddress: string
- :param email_address: The email address to be verified.
- :rtype: dict
- :returns: A VerifyEmailAddressResponse structure. Note that keys must
- be unicode strings.
- """
- return self._make_request('VerifyEmailAddress', {
- 'EmailAddress': email_address,
- })
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
