From 4e49e209041103d5598206a27488f00f99e4ebfe Mon Sep 17 00:00:00 2001
From: o2346 <magi@magi-desktop>
Date: Thu, 2 Jul 2020 20:21:16 +0900
Subject: [PATCH 1/3] behave appropreately on deletion

---
 SecurityHub_to_AWSChatBot.yml | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/SecurityHub_to_AWSChatBot.yml b/SecurityHub_to_AWSChatBot.yml
index b34c375..3dd8b24 100644
--- a/SecurityHub_to_AWSChatBot.yml
+++ b/SecurityHub_to_AWSChatBot.yml
@@ -68,6 +68,7 @@ Resources:
           - Effect: Allow
             Action:
               - 'securityhub:CreateActionTarget'
+              - 'securityhub:DeleteActionTarget'
             Resource: '*'
       Roles: 
         - !Ref LambdaIAMRole
@@ -85,12 +86,29 @@ Resources:
       Code:
         ZipFile: |
           import boto3
+          import os
           import cfnresponse
           def lambda_handler(event, context):
             securityhub = boto3.client('securityhub')
-            response = securityhub.create_action_target(Name="Send_To_Slack",Description='Send Messages to ChatApplication via AWS ChatBot',Id='SendToSlack')
             responseData = {}
-            responseData['Data'] = response
+            if event['RequestType'] == 'Create':
+              try:
+                responseData['Data'] = securityhub.create_action_target(Name="Send_To_Slack",Description='Send Messages to ChatApplication via AWS ChatBot',Id='SendToSlack')
+              except Exception as e:
+                responseData['Data'] = str(e)
+
+            if event['RequestType'] == 'Delete':
+              try:
+                arnDeleteTo = ''.join( [
+                  'arn:aws:securityhub:',
+                  os.environ.get('AWS_REGION'),
+                  ':',
+                  boto3.client('sts').get_caller_identity().get('Account'),
+                  ':action/custom/SendToSlack'
+                ] )
+                responseData['Data'] = securityhub.delete_action_target(ActionTargetArn=arnDeleteTo)
+              except Exception as e:
+                responseData['Data'] = str(e)
             cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, "CustomResourcePhysicalID") 
       MemorySize: 128
       Timeout: 10

From bab4eaafb771cbebfdae9f7fa3b3908922658eb8 Mon Sep 17 00:00:00 2001
From: o2346 <magi@magi-desktop>
Date: Sat, 4 Jul 2020 16:08:52 +0900
Subject: [PATCH 2/3] handle exception & proper cfnresponce

---
 SecurityHub_to_AWSChatBot.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/SecurityHub_to_AWSChatBot.yml b/SecurityHub_to_AWSChatBot.yml
index 3dd8b24..f9f9ac7 100644
--- a/SecurityHub_to_AWSChatBot.yml
+++ b/SecurityHub_to_AWSChatBot.yml
@@ -91,11 +91,13 @@ Resources:
           def lambda_handler(event, context):
             securityhub = boto3.client('securityhub')
             responseData = {}
+            responceStatus = cfnresponse.SUCCESS
             if event['RequestType'] == 'Create':
               try:
                 responseData['Data'] = securityhub.create_action_target(Name="Send_To_Slack",Description='Send Messages to ChatApplication via AWS ChatBot',Id='SendToSlack')
               except Exception as e:
                 responseData['Data'] = str(e)
+                responceStatus = cfnresponse.FAILED
 
             if event['RequestType'] == 'Delete':
               try:
@@ -107,9 +109,14 @@ Resources:
                   ':action/custom/SendToSlack'
                 ] )
                 responseData['Data'] = securityhub.delete_action_target(ActionTargetArn=arnDeleteTo)
+              except securityhub.exceptions.ResourceNotFoundException as rnfe:
+                responseData['Data'] = str(rnfe)
               except Exception as e:
                 responseData['Data'] = str(e)
-            cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, "CustomResourcePhysicalID") 
+                responceStatus = cfnresponse.FAILED
+
+            cfnresponse.send(event, context, responceStatus, responseData, "CustomResourcePhysicalID") 
+
       MemorySize: 128
       Timeout: 10
       Role: !GetAtt LambdaIAMRole.Arn  

From 6c27a1a5c8b138e47faaab70325c7c068740c472 Mon Sep 17 00:00:00 2001
From: o2346 <magi@magi-desktop>
Date: Mon, 6 Jul 2020 22:29:56 +0900
Subject: [PATCH 3/3] spelling

---
 SecurityHub_to_AWSChatBot.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/SecurityHub_to_AWSChatBot.yml b/SecurityHub_to_AWSChatBot.yml
index f9f9ac7..d24ba65 100644
--- a/SecurityHub_to_AWSChatBot.yml
+++ b/SecurityHub_to_AWSChatBot.yml
@@ -91,13 +91,13 @@ Resources:
           def lambda_handler(event, context):
             securityhub = boto3.client('securityhub')
             responseData = {}
-            responceStatus = cfnresponse.SUCCESS
+            responseStatus = cfnresponse.SUCCESS
             if event['RequestType'] == 'Create':
               try:
                 responseData['Data'] = securityhub.create_action_target(Name="Send_To_Slack",Description='Send Messages to ChatApplication via AWS ChatBot',Id='SendToSlack')
               except Exception as e:
                 responseData['Data'] = str(e)
-                responceStatus = cfnresponse.FAILED
+                responseStatus = cfnresponse.FAILED
 
             if event['RequestType'] == 'Delete':
               try:
@@ -113,9 +113,9 @@ Resources:
                 responseData['Data'] = str(rnfe)
               except Exception as e:
                 responseData['Data'] = str(e)
-                responceStatus = cfnresponse.FAILED
+                responseStatus = cfnresponse.FAILED
 
-            cfnresponse.send(event, context, responceStatus, responseData, "CustomResourcePhysicalID") 
+            cfnresponse.send(event, context, responseStatus, responseData, "CustomResourcePhysicalID")
 
       MemorySize: 128
       Timeout: 10