I'm running into an issue with actually successfully looping through a boto3 result for AWS Config. From my testing, I am able to perform the loop; however, it only outputs same violation instead of each violation for the different ARNs.
I realize where the issue is at in the code as I was doing the below:
for arn in configRule.items():
acmArn = configRule['EvaluationResults'][0]['EvaluationResultIdentifier']['EvaluationResultQualifier']['ResourceId']
But, when I try and take out the [0] so it is not a specific item I get "list indices must be integers or slices, not str".
My question is if there is an actual way to get this value to be incremented, so it will be able to get the different ARNs of the violations? Sorry if this is an easy answer, still new to Python, so trying to figure all this out.
Output Example:
{
"EvaluationResults": [
{
"Annotation": "Certificate will expire on 2023-01-21T23:59:59.000Z",
"ComplianceType": "NON_COMPLIANT",
"ConfigRuleInvokedTime": "2022-01-03 18:28:54.939000 00:00",
"EvaluationResultIdentifier": {
"EvaluationResultQualifier": {
"ConfigRuleName": "acm-certificate-expiration-check",
"ResourceId": "arn:aws:acm:us-west-2:xxxx:certificate/39a95537-e5aa-46dd-bc9b-04d7b2606bd0",
"ResourceType": "AWS::ACM::Certificate"
},
"OrderingTimestamp": "2021-12-22 00:29:01 00:00"
},
"ResultRecordedTime": "2022-01-03 18:28:55.672000 00:00"
},
{
"Annotation": "Certificate will expire on 2023-01-10T23:59:59.000Z",
"ComplianceType": "NON_COMPLIANT",
"ConfigRuleInvokedTime": "2022-01-03 18:28:54.939000 00:00",
"EvaluationResultIdentifier": {
"EvaluationResultQualifier": {
"ConfigRuleName": "acm-certificate-expiration-check",
"ResourceId": "arn:aws:acm:us-west-2:xxxx:certificate/493de1e8-2bcb-42c7-96df-ce88bdeac64c",
"ResourceType": "AWS::ACM::Certificate"
},
"OrderingTimestamp": "2021-12-12 18:25:14 00:00"
},
"ResultRecordedTime": "2022-01-03 18:28:55.683000 00:00"
}
],
"ResponseMetadata": {
"HTTPHeaders": {
"content-length": "955",
"content-type": "application/x-amz-json-1.1",
"date": "Mon, 03 Jan 2022 20:13:06 GMT",
"strict-transport-security": "max-age=86400",
"x-amzn-requestid": "a6e51323-9e4c-44c7-a15a-ea0314392ab6"
},
"HTTPStatusCode": 200,
"RequestId": "a6e51323-9e4c-44c7-a15a-ea0314392ab6",
"RetryAttempts": 0
}
}
CodePudding user response:
configRules.items() for your example would be a sequence containing a single tuple, ('EvaluationResults', [...]). You don't really care about that key: you hard-code it in the body. What you really want is to iterate over the dicts in the list configRule['EvaluationResults']:
for arn in configRule['EvaluationResults']:
acmArn = arn['EvaluationResultIdentifier']['EvaluationResultQualifier']['ResourceId']
CodePudding user response:
So, I'm not sure if this is the correct way to do this, but for now this is how I got this to work. This allows me to add a variable there and increase it each time it performs the loop.
I'm sure there is a better way to do this, but just what I found doing some testing.
i = 0
for key, value in configRule.items():
acmArn = configRule['EvaluationResults'][i]['EvaluationResultIdentifier']['EvaluationResultQualifier']['ResourceId']
i =1