From 3b5af257f82fa045b86ed5d5006934c13347b0d4 Mon Sep 17 00:00:00 2001
From: Iakov GAN <82834333+iakov-aws@users.noreply.github.com>
Date: Tue, 26 Mar 2024 12:08:03 +0100
Subject: [PATCH] support cur replication for cn (#753)

* support cur replication for cn

* Update cur-aggregation.yaml
---
 cfn-templates/cur-aggregation.yaml | 36 ++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/cfn-templates/cur-aggregation.yaml b/cfn-templates/cur-aggregation.yaml
index 8b336c9e..7a919437 100644
--- a/cfn-templates/cur-aggregation.yaml
+++ b/cfn-templates/cur-aggregation.yaml
@@ -59,11 +59,14 @@ Parameters:
 Conditions:
   IsDestinationAccount: !Equals [!Ref DestinationAccountId, !Ref AWS::AccountId]
   IsSourceAccount: !Not [!Condition IsDestinationAccount]
-  IsNorthVirginia: !Equals [!Ref AWS::Region, 'us-east-1']
+  RegionSupportsCURviaCFN: # CFN supports CUR only in us-east-1 and cn-northwest-1. Other regions must use lambda
+    Fn::Or:
+      - !Equals [!Ref AWS::Region, 'us-east-1']
+      - !Equals [!Ref AWS::Region, 'cn-northwest-1']
   CUREnable: !Equals [!Ref CreateCUR, 'True']
-  DeployCURViaCFNInSource: !And [!Condition CUREnable, !Condition IsSourceAccount, !Condition IsNorthVirginia]
-  DeployCURViaCFNInDestination: !And [!Condition CUREnable, !Condition IsDestinationAccount, !Condition IsNorthVirginia]
-  DeployCURViaLambda: !And [!Condition CUREnable, !Not [!Condition IsNorthVirginia]]
+  DeployCURViaCFNInSource: !And [!Condition CUREnable, !Condition IsSourceAccount, !Condition RegionSupportsCURviaCFN]
+  DeployCURViaCFNInDestination: !And [!Condition CUREnable, !Condition IsDestinationAccount, !Condition RegionSupportsCURviaCFN]
+  DeployCURViaLambda: !And [!Condition CUREnable, !Not [!Condition RegionSupportsCURviaCFN]]
   EmptySourceAccountIds: !Equals [ !Ref SourceAccountIds, '']
 
 Resources:
@@ -364,7 +367,7 @@ Resources:
 # Local CUR 
 ####
 
-  ## Deploy CUR nativly via CFN resource if we are in us-east-1
+  ## Deploy CUR natively via CFN resource if we are in us-east-1
   LocalCurInSource:
     Type: AWS::CUR::ReportDefinition
     Condition: DeployCURViaCFNInSource
@@ -472,13 +475,13 @@ Resources:
               - cur:ModifyReportDefinition
               - cur:DeleteReportDefinition
               Resource:
-                - Fn::Sub: arn:${AWS::Partition}:cur:us-east-1:${AWS::AccountId}:definition/*
+                - Fn::Sub: arn:${AWS::Partition}:cur:*:${AWS::AccountId}:definition/*
 
   CIDLambdaCURCreator:
     Type: AWS::Lambda::Function
     Condition: DeployCURViaLambda
     Properties:
-      Runtime: python3.10
+      Runtime: python3.11
       FunctionName:
         Fn::Sub: ${ResourcePrefix}-CID-CURCreator
       Handler: index.lambda_handler
@@ -488,13 +491,22 @@ Resources:
       Timeout: 15
       Code:
         ZipFile: |
+          import os
+          import json
+          import uuid
+
           import boto3
           import cfnresponse
-          import uuid
-          import json
 
-          # Create a cur client in us-east-1 region
-          client = boto3.client('cur', region_name='us-east-1')
+          region = os.environ['AWS_REGION']
+
+          # CUR only exists in us-east-1 and cn-northwest-1 regions
+          if region.startswith('cn-'):
+              region = 'cn-northwest-1'
+          else:
+              region = 'us-east-1'
+
+          client = boto3.client('cur', region_name=region)
 
           def lambda_handler(event, context):
 
@@ -599,7 +611,7 @@ Resources:
   CIDLambdaAnalytics:
     Type: AWS::Lambda::Function
     Properties:
-      Runtime: python3.9
+      Runtime: python3.11 # before updating 
       FunctionName:
         Fn::Sub: ${ResourcePrefix}-CID-Analytics
       Handler: index.lambda_handler