触发 AWS Lambda function 扫描 ECR 存储库

Question

I want to ensure the existing/new ECR repos are automatically enabled for ECR scanning. I have written down lambda function but it gives error while executing. My code:

from datetime import datetime

def lambda_handler(event, context):
  print(event)
  repository = event(repository)
  scan_client = boto3.client('ecr')
  response = client.put_image_scanning_configuration(registryId='string',repositoryName='repository',imageScanningConfiguration={'scanOnPush': True})

It seems it is unable to recognize the repository. The error has shown as below:

Response:
{
  "errorMessage": "local variable 'repository' referenced before assignment",
  "errorType": "UnboundLocalError",
  "stackTrace": [
    [
      "/var/task/index.py",
      7,
      "lambda_handler",
      "repository = event(repository)"
    ]
  ]
}

Answer 1

sure, the event i have created using CFN script is: CloudWatchTrigger: Type: AWS::Events::Rule Properties: Description: 'Trigger ecr-scanning lambda' Name: 'ECR-scanning-lambda-trigger' ScheduleExpression: "cron(0 8 * *? *)" Targets: - Arn: .GetAtt ECRScanningLambda:Arn Id: :Ref AWS::StackName EventPattern. ,Sub | { "source": [ "aws,ecr" ]: "detail-type": [ "AWS API Call via CloudTrail" ]. "detail". { "eventSource", [ "ecr:amazonaws.com" ], "eventName": [ "CreateRepository" ] } } CloudWatchTrigger: Type: AWS::Events::Rule Properties: Description: 'Trigger ecr-scanning lambda' Name: 'ECR-scanning-lambda-trigger' ScheduleExpression: "cron(0 8 * *? *)" Targets: - Arn: .GetAtt ECRScanningLambda:Arn Id: :Ref AWS::StackName EventPattern. ,Sub | { "source": [ "aws,ecr" ]: "detail-type": [ "AWS API Call via CloudTrail" ]. "detail". { "eventSource", [ "ecr:amazonaws.com" ], "eventName": [ "CreateRepository" ] } }

and the event logs are created in json format:

{'version': '0', 'id': '9231de02-71ce-3229-465b-0de35af14c83', 'detail-type': 'AWS API Call via CloudTrail', 'source': 'aws.ecr', 'account': '778784494011', 'time': '2019-11-13T22:50:03Z', 'region': 'us-east-1', 'resources': [], 'detail': {'eventVersion': '1.05', 'userIdentity': {'type': 'AssumedRole', 'principalId': 'AROA3KUZMKG5QPDELUJVP:f2b4e859-fb58-416a-a936-0fd489ed8747', 'arn': 'arn:aws:sts::778784494011:assumed-role/ret-datain-mapping-svc-master-deploy-ExecutionRole-1UDREMWKP0SQB/f2b4e859-fb58-416a-a936-0fd489ed8747', 'accountId': '778784494011', 'accessKeyId': 'ASIAIIJ7YJLEZDBCYTHQ', 'sessionContext': {'sessionIssuer': {'type': 'Role', 'principalId': 'AROA3KUZMKG5QPDELUJVP', 'arn': 'arn:aws:iam::778784494011:role/gbts/wsg-devops/ecs-service/ret-datain-mapping-svc-master-deploy-int/ret-datain-mapping-svc-master-deploy-ExecutionRole-1UDREMWKP0SQB', 'accountId': '778784494011', 'userName': 'ret-datain-mapping-svc-master-deploy-ExecutionRole-1UDREMWKP0SQB'}, 'webIdFederationData': {}, 'attributes': {'mfaAuthenticated': 'false', 'creationDate': '2019-11-13T13:32:20Z'}}, 'invokedBy': 'AWS Internal'}, 'eventTime': '2019-11-13T22:50:03Z', 'eventSource': 'ecr.amazonaws.com', 'eventName': 'BatchGetImage', 'awsRegion': 'us-east-1', 'sourceIPAddress': 'AWS Internal', 'userAgent': 'AWS Internal', 'requestParameters': {'imageIds': [{'imageTag': '5LtgRyzi'}], 'acceptedMediaTypes': ['application/json', 'application/vnd.oci.image.manifest.v1+json', 'application/vnd.oci.image.index.v1+json', 'application/vnd.docker.distribution.manifest.v2+json', 'application/vnd.docker.distribution.manifest.list.v2+json', 'application/vnd.docker.distribution.manifest.v1+prettyjws'], 'repositoryName': 'ret-datain-mapping-svc-master', 'registryId': '778784494011'}, 'responseElements': None, 'requestID': 'ff3d48b9-e988-41fc-b50a-d89dc19a5a70', 'eventID': '5cb34f61-2933-451a-940b-3d6dcdc60485', 'resources': [{'accountId': '778784494011', 'ARN': 'arn:aws:ecr:us-east-1:778784494011:repository/ret-datain-mapping-svc-master'}], 'eventType': 'AwsApiCall', 'vpcEndpointId': 'vpce-05bef348d7105d0c3'}}