fix flake8 issues in config rules

cyphronix · cyphronix · commit f7d3ddebbc25 · 2024-12-11T20:42:30.000-07:00
diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_invocation_log_cloudwatch/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/rules/sra_bedrock_check_invocation_log_cloudwatch/app.py
@@ -1,3 +1,12 @@
+"""Config rule to check invocation log for Bedrock environemts.
+
+Version: 1.0
+
+Config rule for SRA in the repo, https://github.com/aws-samples/aws-security-reference-architecture-examples
+
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
 from typing import Any
 import boto3
 import json
@@ -18,9 +27,16 @@
 config_client = boto3.client('config', region_name=AWS_REGION)
 logs_client = boto3.client('logs', region_name=AWS_REGION)
 
-def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:
-    """Evaluates if Bedrock Model Invocation Logging is properly configured for CloudWatch"""
-    
+
+def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:  # noqa: CFQ004
+    """Evaluate if Bedrock Model Invocation Logging is properly configured for CloudWatch.
+
+    Args:
+        rule_parameters (dict): Rule parameters from AWS Config rule.
+
+    Returns:
+        tuple[str, str]: Compliance type and annotation message.
+    """
     # Parse rule parameters
     params = json.loads(json.dumps(rule_parameters)) if rule_parameters else {}
     check_retention = params.get('check_retention', 'true').lower() == 'true'
@@ -31,7 +47,6 @@ def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:
         LOGGER.info(f"Bedrock get_model_invocation_logging_configuration response: {response}")
         logging_config = response.get('loggingConfig', {})
         LOGGER.info(f"Bedrock Model Invocation Logging Configuration: {logging_config}")
-                
         cloudwatch_config = logging_config.get('cloudWatchConfig', {})
         LOGGER.info(f"Bedrock Model Invocation config: {cloudwatch_config}")
         log_group_name = cloudwatch_config.get('logGroupName', "")
@@ -54,22 +69,28 @@ def evaluate_compliance(rule_parameters: dict) -> tuple[str, str]:
 
         if issues:
             return 'NON_COMPLIANT', f"CloudWatch logging enabled but {', '.join(issues)}"
-        else:
-            return 'COMPLIANT', f"CloudWatch logging properly configured for Bedrock Model Invocation Logging. Log Group: {log_group_name}"
+        return 'COMPLIANT', f"CloudWatch logging properly configured for Bedrock Model Invocation Logging. Log Group: {log_group_name}"
 
     except Exception as e:
         LOGGER.error(f"Error evaluating Bedrock Model Invocation Logging configuration: {str(e)}")
         return 'INSUFFICIENT_DATA', f"Error evaluating compliance: {str(e)}"
 
-def lambda_handler(event: dict, context: Any) -> None:
+
+def lambda_handler(event: dict, context: Any) -> None:  # noqa: U100
+    """Lambda handler.
+
+    Args:
+        event (dict): Lambda event object
+        context (Any): Lambda context object
+    """
     LOGGER.info('Evaluating compliance for AWS Config rule')
     LOGGER.info(f"Event: {json.dumps(event)}")
 
     invoking_event = json.loads(event['invokingEvent'])
     rule_parameters = json.loads(event['ruleParameters']) if 'ruleParameters' in event else {}
 
     compliance_type, annotation = evaluate_compliance(rule_parameters)
-    
+
     evaluation = {
         'ComplianceResourceType': 'AWS::::Account',
         'ComplianceResourceId': event['accountId'],
@@ -86,4 +107,4 @@ def lambda_handler(event: dict, context: Any) -> None:
         ResultToken=event['resultToken']
     )
 
-    LOGGER.info("Compliance evaluation complete.")
+    LOGGER.info("Compliance evaluation complete.")
