{"id":22477257,"url":"https://github.com/base2services/cloudformation-custom-resources-python","last_synced_at":"2026-03-07T20:04:54.453Z","repository":{"id":145344129,"uuid":"128888642","full_name":"base2Services/cloudformation-custom-resources-python","owner":"base2Services","description":"Collection of CloudFormation custom resources, written in Python","archived":false,"fork":false,"pushed_at":"2019-02-01T04:04:25.000Z","size":28,"stargazers_count":5,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"develop","last_synced_at":"2025-07-10T19:28:18.536Z","etag":null,"topics":["aws","aws-cloudformation","aws-cloudformation-custom-resource","aws-cloudformation-stack","aws-custom-resource","aws-region","cloudformation-stack","python","s3-copy","s3-copy-custom"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/base2Services.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-04-10T07:02:43.000Z","updated_at":"2019-09-04T20:13:46.000Z","dependencies_parsed_at":"2023-07-03T09:17:39.518Z","dependency_job_id":null,"html_url":"https://github.com/base2Services/cloudformation-custom-resources-python","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/base2Services/cloudformation-custom-resources-python","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Fcloudformation-custom-resources-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Fcloudformation-custom-resources-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Fcloudformation-custom-resources-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Fcloudformation-custom-resources-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/base2Services","download_url":"https://codeload.github.com/base2Services/cloudformation-custom-resources-python/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/base2Services%2Fcloudformation-custom-resources-python/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30229590,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T19:01:10.287Z","status":"ssl_error","status_checked_at":"2026-03-07T18:59:58.103Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cloudformation","aws-cloudformation-custom-resource","aws-cloudformation-stack","aws-custom-resource","aws-region","cloudformation-stack","python","s3-copy","s3-copy-custom"],"created_at":"2024-12-06T14:09:59.704Z","updated_at":"2026-03-07T20:04:54.438Z","avatar_url":"https://github.com/base2Services.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CloudFormation custom resource catalogue\n\nCollection of Cloud Formation custom resources written in python 3.6, result\nof months of continuous efforts to automate infrastructure management trough\nAWS CloudFormation. You may find some of these CloudFormation resources obsolete,\nas AWS team fills in the gaps. There is also some more complex ones, or developed\nto suite specific needs, such as copying s3 objects between buckets\n\n\n[Collection of custom resources for Node.js can be found here](https://github.com/base2Services/cloudformation-custom-resources-nodejs)\n\n\n## Usage\n\nClone the repository, install the dependencies, and zip up the folder as Lambda Deployment package.\nNote that `boto3` is not packaged as dependency, as it is available in Lambda runtime itself by default.\n\n```\ngit clone https://github.com/base2Services/cloudformation-custom-resources-python.git \u0026\u0026 \\\ncd cloudformation-custom-resources-python \u0026\u0026 \\\ndocker run --rm -v $PWD:/src -w /src python:3.6 pip install -r requirements.txt -t . \u0026\u0026 \\\nzip -r ~/cfn-ccr-python3.6.zip .\n```\n\n## Custom resources\n\n### Creating CloudFormation stack in specific region\n\nIt is easy to create sub-stacks in CloudFormation as long as they are in same region.\nIn some cases, there is need to create stack in region different than region where\nparent stack is being create, or for example, to create same stack in multiple regions.\nSuch (sub)stack lifecycle can be controlled via custom resource having it's code in\n`regional-cfn-stack` folder\n\nhandler: `regional-cfn-stack/handler.lambda_handler`\nruntime: `python3.6`\n\nRequired parameters:\n- `Region` - AWS Region to create stack in\n- `StackName` - Name of the stack to be created\n- `TemplateUrl` - S3 Url of stack template\n- `Capabilities` - Comma seperated list of capabilities. Set to empty value if no IAM capabilities required.\n- `EnabledRegions` - Comma separated list of regions that stack is allowed to be created in.\n Useful when passing this list is template parameters.\n\n\nOptional parameters:\n- `StackParam_Key` - Will pass value of this param down to stack's `Key` parameter\n- `OnFailure` - Behaviour on stack creation failure. Accepted values are `DO_NOTHING`,`ROLLBACK` and `DELETE`\n\n### Copy or unpack objects between S3 buckets\n\nThis custom resource allows copying from source to destination s3 buckets. For source, if you provide prefix\n(without trailing slash), all objects under that prefix will be copied. Alternatively, if you provide s3 object\nwith `*.zip` extensions, this object will be unpacked before it's files are unpacked to target bucket / prefix.\nPlease note that this lambda function design does not include recursive calls if lambda is timing out, thus it does not\npermit mass file unpacking, but is rather designed for deployment of smaller files, such as client side web applications.\n\nhandler: `3-copy/handler.lambda_handler`\nruntime:  `python3.6`\n\nRequired parameters:\n\n- `Source` - Source object/prefix/zip-file in `s3://bucket-name/path/to/prefix/or/object.zip` format\n- `Destination` - Destination bucket and prefix in `s3://bucket-name/destination-prefix` format\n- `CannedAcl` - Canned ACL for created objects in destination\nNo optional parameters.\n\n### Create Regex Waf Rules\n\nThis custom resource allows create/update/delete match regex rules with regex a pattern set.\n\nhandler: `waf_regex/handler.lambda_handler`\nruntime: `python3.6`\n\nRequired parameters:\n\n- `Name` - Custom Resource name.\n- `RegexPatterns` - List format, regex pattern to match.\n- `Type` - The part of the web request that you want AWS WAF to search for a specified string\n- `Data` - Data such as when the value of Type is HEADER , enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer\n- `Transform` - Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\nImplementation require to be serialised with other waf condition.\n### AmazonMQ Broker\n\nThis custom resource creates a AmazonMQ broker instance.\n\n**NOTE:** This resource cannot be updated. If a change to the instance is required such as Instance Type, a new broker resource must be created.\n\nhandler: `amazon-mq-broker/handler.lambda_handler`\nruntime:  `python3.6`\n\nRequired parameters:\n\n- `Name` - Unique name given to the broker\n- `SecurityGroups` - Array of security group ids\n- `Subnets` - Array of subnets ids\n- `MultiAZ` - String boolean [ 'true', 'false' ]\n- `InstanceType` - valid values [ 'mq.t2.micro', 'mq.m4.large' ]\n- `Username` - Username for the amq user\n- `Password` - Password for the amq user. Must be 12-250 characters long\n\nNo optional parameters.\n\nReturned Values:\n\n- `Active` - Active AmazonMQ endpoint\n- `Stanby` - Standby AmazonMQ endpoint\n- `BrokerId` - Id of the AmazonMQ Broker\n- `BrokerArn` - Arn of the broker\n\nIAM Permissions:\n\n```json\n{\n  \"Statement\":\n  [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\":\n      [\n        \"mq:*\",\n        \"ec2:CreateNetworkInterface\",\n        \"ec2:CreateNetworkInterfacePermission\",\n        \"ec2:DeleteNetworkInterface\",\n        \"ec2:DeleteNetworkInterfacePermission\",\n        \"ec2:DetachNetworkInterface\",\n        \"ec2:DescribeInternetGateways\",\n        \"ec2:DescribeNetworkInterfaces\",\n        \"ec2:DescribeNetworkInterfacePermissions\",\n        \"ec2:DescribeRouteTables\",\n        \"ec2:DescribeSecurityGroups\",\n        \"ec2:DescribeSubnets\",\n        \"ec2:DescribeVpcs\",\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\",\n        \"lambda:InvokeFunction\"\n      ],\n      \"Resource\": [\"*\"]\n    }\n  ]\n}\n```\n\n### Auto generated secure ssm parameters\n\nThis custom resource generates a random string `[a-z][A-Z][0-9]` a definable length. The string is then return to the cfn stack and can then be passed into other resources requiring a password. The resource can be updated generating a new password and updating the SSM parameter and returning the new password by passing a dummy parameter into the custom resource.\n\nhandler: `ssm-secure-parameter/handler.lambda_handler`\nruntime:  `python3.6`\n\nRequired parameters:\n\n- `Path` - SSM parameter path e.g. `/app/env/password`\n\nOptional parameters:\n\n- `Length` - Length of the auto generated password. Defaults to 16 characters\n\nReturned Values:\n\n- `Password` - The password generated by the resource\n\nIAM Permissions:\n\n```json\n{\n  \"Statement\":\n  [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\":\n      [\n        \"ssm:PutParameter\",\n        \"ssm:DeleteParameter\",\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ],\n      \"Resource\": [\"*\"]\n    }\n  ]\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbase2services%2Fcloudformation-custom-resources-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbase2services%2Fcloudformation-custom-resources-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbase2services%2Fcloudformation-custom-resources-python/lists"}