cyberark · jcosteatcyberark · Oct 28, 2020 · Oct 28, 2020 · Nov 4, 2020 · Nov 4, 2020
diff --git a/README.md b/README.md
@@ -29,14 +29,14 @@ This solution requires the following:
 
 1. The CyberArk PAS solution is installed on-prem / Cloud / hybrid with v9.10 or higher.
 2. The CyberArk license must include SSH key manager.
-3.  Network access from the Lambda VPC to CyberArk's PVWA.
+3. Network access from the Lambda VPC to CyberArk's PVWA.
 4. The CPM that manages the SSH keys must have a network connection to the target devices (for example, vpc peering).
 5. To connect to new instances, PSM must have a network connection to the target devices (for example, vpc peering).
 6. The expected maximum number of instances must be within the number of accounts license limits.
 7. PVWA is configured with SSL (unless its a POC environment).
-8. In the "UnixSSH" platform, set the "ChangeNotificationPeriod" value to 60 sec (this platform will be used for managing Unix accounts,
+8. A *Unix SSH Keys* Platform (UnixSSHKeys by default) with the "ChangeNotificationPeriod" value set to 60 sec (this platform will be used for managing Unix accounts,
 and setting this parameter gives the instance time to boot before attempting to change the password).
-9. In the "WinServerLocal" platform, set the "ChangeNotificationPeriod" value to 60 sec (this platform will be used for managing Unix accounts,
+9. A *Windows Local Accounts* Platform (WinServerLocal by default) with the "ChangeNotificationPeriod" value set to 60 sec (this platform will be used for managing Unix accounts,
 and setting this parameter gives the instance time to boot before attempting to change the password) .
 10. Dedicated Vault user for the solution with the following authorizations (not Admin):
 

diff --git a/dist/multi-region-cft/CyberArk-AOB-MultiRegion-CF-VaultEnvCreation.yaml b/dist/multi-region-cft/CyberArk-AOB-MultiRegion-CF-VaultEnvCreation.yaml
@@ -21,13 +21,27 @@ Resources:
       Description: Safe name for UNIX accounts.
       Type: String
       Value: !Ref UnixSafeName
+  ParameterUnixAccountsPlatform:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Name: AOB_Unix_Platform_Name
+      Description: Platform name for UNIX accounts
+      Type: String
+      Value: !Ref UnixPlatformName
   ParameterWindowsAccountsSafe:
     Type: 'AWS::SSM::Parameter'
     Properties:
       Name: AOB_Windows_Safe_Name
       Description: Safe name for Windows accounts.
       Type: String
       Value: !Ref WindowsSafeName
+  ParameterWindowsAccountsPlatform:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Name: AOB_Windows_Platform_Name
+      Description: Platform name for Windows accounts
+      Type: String
+      Value: !Ref WindowsPlatformName
   ParameterUsername:
     Type: 'AWS::SSM::Parameter'
     Properties:
@@ -48,7 +62,9 @@ Resources:
       ServiceToken: !Ref SafeHandlerLambdaARN
       PVWAIP: !Ref PvwaIP
       UnixSafeName: !Ref UnixSafeName
+      UnixPlatformName: !Ref UnixPlatformName
       WindowsSafeName: !Ref WindowsSafeName
+      WindowsPlatformName: !Ref WindowsPlatformName
       Username: !Ref VaultUser
       Password: !Ref VaultPassword
       CPMUnix: !Ref CPMNameUnixSafe
@@ -85,6 +101,15 @@ Parameters:
     AllowedPattern: '^[^\\:\*<>\"\.\|\/]*$'
     MinLength: '1'
     MaxLength: '28'
+  UnixPlatformName:
+    Type: String
+    Description: >-
+      Name of the Platform assigned to all the Unix accounts created by the
+      solution. The platform must exist prior to onboarding accounts.
+    AllowedPattern: '^[^\\:\*<>\"\.\|\/]*$'
+    MinLength: '1'
+    MaxLength: '28'
+    Default: UnixSSHKeys
   WindowsSafeName:
     Type: String
     Description: >-
@@ -93,6 +118,15 @@ Parameters:
     AllowedPattern: '^[^\\:\*<>\"\.\|\/]*$'
     MinLength: '1'
     MaxLength: '28'
+  WindowsPlatformName:
+    Type: String
+    Description: >-
+      Name of the Platform assigned to all the Local Windows accounts created by the
+      solution. The platform must exist prior to onboarding accounts.
+    AllowedPattern: '^[^\\:\*<>\"\.\|\/]*$'
+    MinLength: '1'
+    MaxLength: '28'
+    Default: WinServerLocal
   VaultUser:
     Type: String
     Description: Vault user that will be used by the solution.
@@ -153,8 +187,10 @@ Metadata:
           - VaultUser
           - VaultPassword
           - UnixSafeName
+          - UnixPlatformName
           - CPMNameUnixSafe
           - WindowsSafeName
+          - WindowsPlatformName
           - CPMNameWindowsSafe
           - KeyPairsSafe
           - EnableDebugLevel
@@ -175,8 +211,12 @@ Metadata:
         default: 'Verification Key File Name:'
       UnixSafeName:
         default: 'Target Safe for Unix accounts:'
+      UnixPlatformName:
+          default: 'Target Platform for Unix accounts:'
       WindowsSafeName:
         default: 'Target Safe for Windows accounts:'
+      WindowsPlatformName:
+          default: 'Target Platform for Windows accounts:'
       VaultUser:
         default: 'Vault user name:'
       VaultPassword:

diff --git a/dist/multi-region-cft/CyberArk-AOB-MultiRegion-CF.json b/dist/multi-region-cft/CyberArk-AOB-MultiRegion-CF.json
@@ -287,33 +287,42 @@
             "Fn::Join": [
               "\n",
               [
-                "import uuid",
                 "import boto3",
                 "",
                 "",
                 "def lambda_handler(event, context):",
                 "    creds = get_parameters_from_store(event['Parameters'])",
                 "    return creds",
                 "",
-                "def get_parameters_from_store(paramKeys):",
-                "    client = boto3.client('ssm')",
                 "",
-                "    try:",
-                "        response = client.get_parameters(",
-                "            Names=paramKeys,",
-                "            WithDecryption=True)",
-                "    except Exception as e:",
-                "        raise e",
+                "def parameters_split(params, size):",
+                "    for i in range(0, len(params), size):",
+                "        yield params[i:i + size]",
+                "",
+                "",
+                "def get_parameters_from_store(param_keys):",
+                "    client = boto3.client('ssm')",
                 "",
-                "    for ssmObject in response['Parameters']:",
-                "        lastDate = ssmObject['LastModifiedDate']",
-                "        print('LastDate:{0}'.format(lastDate))",
-                "        ssmObject['LastModifiedDate'] = lastDate.strftime('%m/%d/%Y')",
+                "    parameters = []",
+                "    for param_keys_chunk in parameters_split(param_keys, 10):",
+                "        try:",
+                "            response = client.get_parameters(",
+                "                Names=param_keys_chunk,",
+                "                WithDecryption=True)",
+                "        except Exception as e:",
+                "            print('Exception has occurred: {}'.format(type(e)))",
+                "            raise e",
                 "",
-                "    if response:",
+                "        for ssm_object in response['Parameters']:",
+                "            last_date = ssm_object['LastModifiedDate']",
+                "            print('LastDate:{0}'.format(last_date))",
+                "            ssm_object['LastModifiedDate'] = last_date.strftime('%m/%d/%Y')",
+                "            parameters.append(ssm_object)",
                 "",
-                "        print ('get_parameters_from_store(): finished successfully')",
-                "        return response['Parameters']"
+                "    if len(parameters):",
+                "        print('get_parameters_from_store(): finished successfully')",
+                "        return parameters",
+                ""
               ]
             ]
           }