Provide initial functionality

[dav3r]

🗣 Description

This PR contains the initial functionality for this Lambda, which is to scan a specified set of AWS accounts and publish files/objects (to an S3 bucket) containing the public IP addresses of EC2 instances or Elastic IPs that have been properly tagged.

💭 Motivation and context

We need a mechanism to publish egress IP info from a subset of our AWS accounts and this Lambda will allow us to do just that.

This is part of the work for:

• https://github.com/cisagov/cool-system/issues/208
• Code in terraform_egress_pub directory does not publish COOL IPs cyhy_amis#284

This PR is related to the following:

• Add ec2readonly role to dynamic accounts cool-accounts#126
• Add role to provision resources related to publishing egress IPs cool-accounts#127

🧪 Testing

In addition to passing all of the automated pre-commit checks, this code was successfully built and tested both manually (using the "Test" tab on the AWS Lambda web console) and in conjunction with the Terraform in the cisagov/publish-egress-ip-terraform repository.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated
  to reflect the changes in this PR.
• All new and existing tests pass.

✅ Pre-merge checklist

• Re-test to ensure Lambda is functioning as expected after all code changes during review.

✅ Post-merge checklist

• Create a release.

[dav3r]

@jsf9k or @mcdonnnj - Any thoughts on adding publish_egress_ip.zip (the output of docker compose up build_deployment_package) to the .gitignore file? This is something that probably should be decided over in cisagov/skeleton-aws-lambda-python, but since I have this PR open now, I figured I'd ask here.

[jsf9k]

@jsf9k or @mcdonnnj - Any thoughts on adding publish_egress_ip.zip (the output of docker compose up build_deployment_package) to the .gitignore file? This is something that probably should be decided over in cisagov/skeleton-aws-lambda-python, but since I have this PR open now, I figured I'd ask here.

Sounds good to me. I agree that it should be in the skeleton.

[dav3r]

@jsf9k or @mcdonnnj - Any thoughts on adding publish_egress_ip.zip (the output of docker compose up build_deployment_package) to the .gitignore file? This is something that probably should be decided over in cisagov/skeleton-aws-lambda-python, but since I have this PR open now, I figured I'd ask here.

Sounds good to me. I agree that it should be in the skeleton.

I realized that we already do this elsewhere and I'm not doing anything new here, so I added the .gitignore entry in 0d2eca3.

[mcdonnnj]

Some additional feedback based on changes that have been made (and some documentation items that I missed).

[mcdonnnj]

Thank you for implementing that change to the file header format. I have a question and a suggestion related to that change.

[dav3r]

@mcdonnnj - Can you please circle back to this review when you have a chance?

[dav3r]

@jsf9k - I re-requested your review since there has been a decent amount of change since your first review.

[mcdonnnj]

Better than ever! I had some best practices suggestions and a question for your consideration.

[mcdonnnj]

[jsf9k]

Great work! I have some comments and suggestions, but nothing that should hold up this PR.

[mcdonnnj]

Some feedback items skimming through this again. Also a suggestion to update the lockfiles again for the final test pre-merge.

[mcdonnnj]

After more than just a skim I have some additional feedback for your consideration (sorry).

[mcdonnnj]

Some minor items for your consideration but otherwise this LGTM.