Skip to content

Commit

Permalink
MAX_REQUEST_AGE_DAYS is configurable, default disabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@manics
manics committed Mar 27, 2024
1 parent c676eed commit 71956ff
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 3 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ cd secure-egress-backend
| enable_single_approval | Flag that enables just a single stage approval. Accepts string value. Should be set to `"true"` when just one approver needs to approve egress request. Should be set to `"false"` when two approvers are required to approve egress request | |
| ig_workspaces_account | Optionally add the account number in which IG lead will spin up a workspace to review egress data. Leave empty to disable (default). | |
| use_s3_access_points | Set to `"true"` if you are using a customised version of ServiceWorkbench with S3 AccessPoints, default `"false"` | |
| max_request_age_days | Do not display egress requests that were updated after this time period, use this if you have too many old requests, disabled by default | |

> Note: changing the value for `enable_single_approval` for existing deployment should be done after ensuring there are
> no egress requests in progress.
Expand Down
1 change: 1 addition & 0 deletions cdk.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
"download_expiry_seconds": "3600",
"ig_workspaces_account": "",
"use_s3_access_points": "false",
"max_request_age_days": "0",
"global_web_acl_arn": "<<WAF_ADDON_GLOBAL_WEBACL_ARN>>",
"regional_web_acl_arn": "<<WAF_ADDON_REGIONAL_WEBACL_ARN>>",
"custom_domain": {
Expand Down
3 changes: 3 additions & 0 deletions egress_backend/egress_backend_stack.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1515,6 +1515,9 @@ def __init__(
"REVIEWER_LIST": json.dumps(
self.node.try_get_context(env_id).get("egress_reviewer_roles")
),
"MAX_REQUEST_AGE_DAYS": self.node.try_get_context(env_id).get(
"max_request_age_days"
),
"MAX_DOWNLOADS_ALLOWED": self.node.try_get_context(env_id).get(
"max_downloads_allowed"
),
Expand Down
7 changes: 4 additions & 3 deletions egress_backend/lambda/egress_api/list_requests.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,12 @@
import boto3
from aws_lambda_powertools import Logger, Tracer

MAX_REQUEST_AGE_DAYS = 90

tracer = Tracer(service="ListRequestsAPI")
logger = Logger(service="ListRequestsAPI")

ddb = boto3.resource("dynamodb")
table = os.environ["TABLE"]
max_request_age_days = int(os.environ["MAX_REQUEST_AGE_DAYS"])


def list_requests():
Expand All @@ -24,8 +23,10 @@ def list_requests():
now = datetime.now()

def is_recent(item):
if max_request_age_days <= 0:
return True
updated_dt = datetime.strptime(item["updated_dt"], "%Y-%m-%dT%H:%M:%S.%fZ")
return (now - updated_dt).days < MAX_REQUEST_AGE_DAYS
return (now - updated_dt).days < max_request_age_days

ddb_table = ddb.Table(table)

Expand Down

0 comments on commit 71956ff

Please sign in to comment.