fix flake8 config issues

Author: cyphronix

aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_invocation_log_cloudwatch/app.py

@@ -1,4 +1,4 @@
-"""Config rule to check invocation log for Bedrock environemts.
+"""Config rule to check invocation log cloudwatch enabled for Bedrock environemts.
 
 Version: 1.0
 

aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_invocation_log_s3/app.py

@@ -1,3 +1,12 @@
+"""Config rule to check invocation log s3 enabled for Bedrock environemts.
+
+Version: 1.0
+
+Config rule for SRA in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples
+
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
 from typing import Any
 import boto3
 import json
@@ -20,9 +29,17 @@
 config_client = boto3.client('config', region_name=AWS_REGION)
 s3_client = boto3.client('s3', region_name=AWS_REGION)
 
-def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:
-    """Evaluates if Bedrock Model Invocation Logging is properly configured for S3"""
-    
+
+def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:  # noqa: CFQ004, CCR001, C901
+    """Evaluate if Bedrock Model Invocation Logging is properly configured for S3.
+
+    Args:
+        rule_parameters (dict): Rule parameters from AWS Config.
+
+    Returns:
+        tuple[str, str]: Compliance status and annotation message.
+
+    """
     # Parse rule parameters
     params = json.loads(json.dumps(rule_parameters)) if rule_parameters else {}
     check_retention = params.get('check_retention', 'true').lower() == 'true'
@@ -34,7 +51,7 @@ def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:
     try:
         response = bedrock_client.get_model_invocation_logging_configuration()
         logging_config = response.get('loggingConfig', {})
-        
+
         s3_config = logging_config.get('s3Config', {})
         LOGGER.info(f"Bedrock Model Invocation S3 config: {s3_config}")
         bucket_name = s3_config.get('bucketName', "")
@@ -81,22 +98,28 @@ def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:
 
         if issues:
             return 'NON_COMPLIANT', f"S3 logging enabled but {', '.join(issues)}"
-        else:
-            return 'COMPLIANT', f"S3 logging properly configured for Bedrock Model Invocation Logging. Bucket: {bucket_name}"
+        return 'COMPLIANT', f"S3 logging properly configured for Bedrock Model Invocation Logging. Bucket: {bucket_name}"
 
     except Exception as e:
         LOGGER.error(f"Error evaluating Bedrock Model Invocation Logging configuration: {str(e)}")
         return 'INSUFFICIENT_DATA', f"Error evaluating compliance: {str(e)}"
 
-def lambda_handler(event: dict, context: Any) -> None:
+
+def lambda_handler(event: dict, context: Any) -> None:  # noqa: U100
+    """Lambda handler.
+
+    Args:
+        event (dict): Config event data
+        context (Any): Lambda event object
+    """
     LOGGER.info('Evaluating compliance for AWS Config rule')
     LOGGER.info(f"Event: {json.dumps(event)}")
 
     invoking_event = json.loads(event['invokingEvent'])
     rule_parameters = json.loads(event['ruleParameters']) if 'ruleParameters' in event else {}
 
     compliance_type, annotation = evaluate_compliance(rule_parameters)
-    
+
     evaluation = {
         'ComplianceResourceType': 'AWS::::Account',
         'ComplianceResourceId': event['accountId'],
@@ -113,4 +136,4 @@ def lambda_handler(event: dict, context: Any) -> None:
         ResultToken=event['resultToken']
     )
 
-    LOGGER.info("Compliance evaluation complete.")
+    LOGGER.info("Compliance evaluation complete.")