From 090d7da6382b73744a19fe6deed2a0655fb88017 Mon Sep 17 00:00:00 2001
From: Roberto Aldera <51328612+roberto-aldera@users.noreply.github.com>
Date: Mon, 24 Feb 2025 09:35:08 +0000
Subject: [PATCH] Add cron job changes for AWS exposed key checker and wiki
 link (#647)

---
 .../lambda_source/exposed_key_checker/lambda_handler.py    | 7 ++++---
 aws-exposed-key-checker-infra/main.tf                      | 4 +++-
 aws-exposed-key-checker-infra/variables.tf                 | 4 ++++
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/aws-exposed-key-checker-infra/lambda_source/exposed_key_checker/lambda_handler.py b/aws-exposed-key-checker-infra/lambda_source/exposed_key_checker/lambda_handler.py
index b1e97b513..1096cf76a 100644
--- a/aws-exposed-key-checker-infra/lambda_source/exposed_key_checker/lambda_handler.py
+++ b/aws-exposed-key-checker-infra/lambda_source/exposed_key_checker/lambda_handler.py
@@ -14,6 +14,7 @@
 )
 from exposed_key_checker import support_ticketer
 
+WIKI_REFERENCE = os.environ["WIKI_REFERENCE"]
 ZENDESK_EXPOSED_TICKET_TAG = os.environ["ZENDESK_EXPOSED_TICKET_TAG"]
 ZENDESK_AUTH_SECRET_ID = os.environ["ZENDESK_AUTH_SECRET_ID"]
 TOKENS_SERVERS_ALLOW_LIST = [
@@ -29,7 +30,7 @@ def lambda_handler(_event, _context):
         ticket_manager = ZendeskTicketManager(*get_zendesk_auth())
         key_data, ignorable_ids, failed_ids = gather_data(ticket_manager)
     except Exception as e:
-        text = f"The key checker could not query the Zendesk API for tickets.\nThe exception was {e}."
+        text = f"The key checker could not query the Zendesk API for tickets.\nThe exception was {e}. See wiki for guidance: {WIKI_REFERENCE}"
         support_ticketer.create_ticket(
             "Exposed AWS Key Checker could not query the Zendesk API",
             text,
@@ -46,7 +47,7 @@ def lambda_handler(_event, _context):
         )
 
     if failed_ids:
-        text = f"The key checker could not parse the following Zendesk ticket IDs: {failed_ids}"
+        text = f"The key checker could not parse the following Zendesk ticket IDs: {failed_ids} \n See wiki for guidance: {WIKI_REFERENCE}"
         support_ticketer.create_ticket(
             "Exposed AWS Key Checker could not parse Zendesk tickets",
             text,
@@ -71,7 +72,7 @@ def process_data(data: "list[ExposedKeyData]", ticket_manager: "ZendeskTicketMan
         try:
             send_to_tokens_server(item)
         except Exception as e:
-            text = f"The key checker could not post the exposed event to the tokens server for the following item: {item}\nThe exception was: {e}.\n\nThis post will be retried automatically on the next run of the lambda. This only needs to be investigated if the failures continue."
+            text = f"The key checker could not post the exposed event to the tokens server for the following item: {item}\nThe exception was: {e}.\n\nThis post will be retried automatically on the next run of the lambda. This only needs to be investigated if the failures continue: {WIKI_REFERENCE}."
             support_ticketer.create_ticket(
                 "Exposed AWS Key Checker could not post to tokens server",
                 text,
diff --git a/aws-exposed-key-checker-infra/main.tf b/aws-exposed-key-checker-infra/main.tf
index 51556f252..ae0bbf68d 100644
--- a/aws-exposed-key-checker-infra/main.tf
+++ b/aws-exposed-key-checker-infra/main.tf
@@ -75,6 +75,7 @@ resource "aws_lambda_function" "key_checker_lambda" {
       {
         TICKET_SERVICE_URL         = "${var.ticket_service_url}"
         TICKET_SERVICE_RECIPIENT   = "${var.ticket_service_recipient}"
+        WIKI_REFERENCE             = "${var.wiki_reference}"
         ZENDESK_EXPOSED_TICKET_TAG = "${var.zendesk_exposed_ticket_tag}"
         ZENDESK_CLOSED_TICKET_TAG  = "${var.zendesk_closed_ticket_tag}"
         ZENDESK_ASSIGNEE           = "${var.zendesk_assignee}"
@@ -138,7 +139,8 @@ resource "aws_iam_role_policy_attachment" "console_event_dispatcher_lambda_basic
 # Schedule lambda run
 resource "aws_cloudwatch_event_rule" "periodic_run" {
   name                = "run_exposed_key_checker_periodically"
-  schedule_expression = "rate(4 hours)"
+  description         = "Triggers every hour on the hour"
+  schedule_expression = "cron(0 * * * ? *)"
 }
 
 resource "aws_cloudwatch_event_target" "lambda_target" {
diff --git a/aws-exposed-key-checker-infra/variables.tf b/aws-exposed-key-checker-infra/variables.tf
index bac882e49..c288b60f6 100644
--- a/aws-exposed-key-checker-infra/variables.tf
+++ b/aws-exposed-key-checker-infra/variables.tf
@@ -6,6 +6,10 @@ variable "ticket_service_recipient" {
   type = string
 }
 
+variable "wiki_reference" {
+  type = string
+}
+
 variable "zendesk_exposed_ticket_tag" {
   type = string
 }