Skip to content

Commit

Permalink
ssm parameters prefix
Browse files Browse the repository at this point in the history
  • Loading branch information
@cnfait
cnfait committed Mar 26, 2024
1 parent 2c3ea0e commit 894a819
Show file tree
Hide file tree
Showing 32 changed files with 362 additions and 362 deletions.
8 changes: 4 additions & 4 deletions deploy.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ devops_account () {
--profile "$DEVOPS_AWS_PROFILE" || exit 1
template_protection "$STACK_NAME" "$REGION" "$DEVOPS_AWS_PROFILE"

ARTIFACTS_BUCKET=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --name /SDLF/S3/DevOpsArtifactsBucket --query "Parameter.Value" --output text)
ARTIFACTS_BUCKET=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --name /SDLF2/S3/DevOpsArtifactsBucket --query "Parameter.Value" --output text)
mkdir "$DIRNAME"/output
aws cloudformation package \
--s3-bucket "$ARTIFACTS_BUCKET" --s3-prefix template-cicd-sdlf-repositories \
Expand All @@ -173,7 +173,7 @@ devops_account () {
--stack-name "$STACK_NAME" \
--template-file "$DIRNAME"/output/packaged-template-cicd-sdlf-repositories.yaml \
--parameter-overrides \
pKMSKey=/SDLF/KMS/CICDKeyId \
pKMSKey=/SDLF2/KMS/CICDKeyId \
--tags Framework=sdlf \
--capabilities "CAPABILITY_NAMED_IAM" "CAPABILITY_AUTO_EXPAND" \
--region "$REGION" \
Expand Down Expand Up @@ -207,8 +207,8 @@ devops_account () {
--stack-name "$STACK_NAME" \
--template-file "$DIRNAME"/output/packaged-template-cicd-sdlf-pipelines.yaml \
--parameter-overrides \
pArtifactsBucket=/SDLF/S3/DevOpsArtifactsBucket \
pKMSKey=/SDLF/KMS/CICDKeyId \
pArtifactsBucket=/SDLF2/S3/DevOpsArtifactsBucket \
pKMSKey=/SDLF2/KMS/CICDKeyId \
--tags Framework=sdlf \
--capabilities "CAPABILITY_NAMED_IAM" "CAPABILITY_AUTO_EXPAND" \
--region "$REGION" \
Expand Down
22 changes: 11 additions & 11 deletions sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,19 @@ Parameters:
pArtifactsBucket:
Description: The artifacts bucket used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/S3/DevOpsArtifactsBucket
Default: /SDLF2/S3/DevOpsArtifactsBucket
pKMSKey:
Description: The KMS key used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/KMS/CICDKeyId
Default: /SDLF2/KMS/CICDKeyId
pStagesRepositoriesPrefix:
Description: Prefix of the repositories containing SDLF stages
Type: String
Default: sdlf-stage-
pEnableVpc:
Description: Deploy SDLF resources in a VPC
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/VPC/Enabled
Default: /SDLF2/VPC/Enabled

Conditions:
RunInVpc: !Equals [!Ref pEnableVpc, true]
Expand Down Expand Up @@ -93,7 +93,7 @@ Resources:
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
Expand All @@ -107,7 +107,7 @@ Resources:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- PolicyName: sdlf-cicd-build-stages-cfn-modules
PolicyDocument:
Expand Down Expand Up @@ -141,7 +141,7 @@ Resources:
- RunInVpc
- SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups]
Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}"
VpcId: "{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
Environment:
EnvironmentVariables:
Expand Down Expand Up @@ -202,7 +202,7 @@ Resources:
export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
# compare hashes to avoid creating a new module version when there is no change
if CURRENT_MODULE=$(aws ssm --endpoint-url "$SSM_ENDPOINT_URL" get-parameter --name "/SDLF/CFN/$DOMAIN_NAME-$TEAM_NAME-$MODULE_NAME-MODULE" --query "Parameter.Value" --output text); then
if CURRENT_MODULE=$(aws ssm --endpoint-url "$SSM_ENDPOINT_URL" get-parameter --name "/SDLF2/CFN/$DOMAIN_NAME-$TEAM_NAME-$MODULE_NAME-MODULE" --query "Parameter.Value" --output text); then
echo "Current module version commit id: $CURRENT_MODULE"
echo "New module version commit id: $NEW_MODULE"
if [ "$NEW_MODULE" == "$CURRENT_MODULE" ]; then
Expand Down Expand Up @@ -246,7 +246,7 @@ Resources:
- RunInVpc
- SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups]
Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}"
VpcId: "{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
Environment:
EnvironmentVariables:
Expand Down Expand Up @@ -332,7 +332,7 @@ Resources:
NEW_MODULE=$(git rev-parse --verify --end-of-options HEAD)
MODULE_NAME=${!STAGE_REPOSITORY##*-}
# compare hashes to avoid creating a new module version when there is no change
if CURRENT_MODULE=$(aws ssm --endpoint-url "$SSM_ENDPOINT_URL" get-parameter --name "/SDLF/CFN/$DOMAIN_NAME-$TEAM_NAME-$MODULE_NAME-MODULE" --query "Parameter.Value" --output text); then
if CURRENT_MODULE=$(aws ssm --endpoint-url "$SSM_ENDPOINT_URL" get-parameter --name "/SDLF2/CFN/$DOMAIN_NAME-$TEAM_NAME-$MODULE_NAME-MODULE" --query "Parameter.Value" --output text); then
echo "Current module version commit id: $CURRENT_MODULE"
echo "New module version commit id: $NEW_MODULE"
if [ "$NEW_MODULE" == "$CURRENT_MODULE" ]; then
Expand Down Expand Up @@ -369,15 +369,15 @@ Resources:
rBuildCloudformationModuleStageSsm:
Type: AWS::SSM::Parameter
Properties:
Name: /SDLF/CodeBuild/BuildCloudformationModuleStage
Name: /SDLF2/CodeBuild/BuildCloudformationModuleStage
Type: String
Value: !Ref rBuildCloudformationModuleStage
Description: Name of the CodeBuild job that build a CloudFormation module from a SAM template

rBuildCloudformationStagesModulesSsm:
Type: AWS::SSM::Parameter
Properties:
Name: /SDLF/CodeBuild/BuildCloudformationStagesModules
Name: /SDLF2/CodeBuild/BuildCloudformationStagesModules
Type: String
Value: !Ref rBuildCloudformationStagesModules
Description: Name of the CodeBuild job that build CloudFormation modules from a SAM template for SDLF stages
Expand Down
14 changes: 7 additions & 7 deletions sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@ Parameters:
pArtifactsBucket:
Description: The artifacts bucket used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/S3/DevOpsArtifactsBucket
Default: /SDLF2/S3/DevOpsArtifactsBucket
pKMSKey:
Description: The KMS key used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/KMS/CICDKeyId
Default: /SDLF2/KMS/CICDKeyId
pEnableVpc:
Description: Deploy SDLF resources in a VPC
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/VPC/Enabled
Default: /SDLF2/VPC/Enabled

Conditions:
RunInVpc: !Equals [!Ref pEnableVpc, true]
Expand Down Expand Up @@ -86,7 +86,7 @@ Resources:
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
Expand All @@ -100,7 +100,7 @@ Resources:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"

rGlueJobPackage:
Expand All @@ -115,7 +115,7 @@ Resources:
- RunInVpc
- SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups]
Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}"
VpcId: "{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
Environment:
EnvironmentVariables:
Expand Down Expand Up @@ -188,7 +188,7 @@ Resources:
rGlueJobPackageSsm:
Type: AWS::SSM::Parameter
Properties:
Name: /SDLF/CodeBuild/PrepareGlueJobPackage
Name: /SDLF2/CodeBuild/PrepareGlueJobPackage
Type: String
Value: !Ref rGlueJobPackage
Description: Name of the CodeBuild job that prepares Glue jobs
14 changes: 7 additions & 7 deletions sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@ Parameters:
pArtifactsBucket:
Description: The artifacts bucket used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/S3/DevOpsArtifactsBucket
Default: /SDLF2/S3/DevOpsArtifactsBucket
pKMSKey:
Description: The KMS key used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/KMS/CICDKeyId
Default: /SDLF2/KMS/CICDKeyId
pEnableVpc:
Description: Deploy SDLF resources in a VPC
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/VPC/Enabled
Default: /SDLF2/VPC/Enabled

Conditions:
RunInVpc: !Equals [!Ref pEnableVpc, true]
Expand Down Expand Up @@ -86,7 +86,7 @@ Resources:
Condition:
ArnEqualsIfExists:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- !If
- RunInVpc
Expand All @@ -100,7 +100,7 @@ Resources:
"ec2:AuthorizedService": codebuild.amazonaws.com
ArnEquals:
"ec2:Vpc":
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}"
- !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"

rBuildLambdaLayersPackage:
Expand All @@ -115,7 +115,7 @@ Resources:
- RunInVpc
- SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups]
Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets]
VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}"
VpcId: "{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
Environment:
EnvironmentVariables:
Expand Down Expand Up @@ -229,7 +229,7 @@ Resources:
rBuildLambdaLayersPackageSsm:
Type: AWS::SSM::Parameter
Properties:
Name: /SDLF/CodeBuild/BuildLambdaLayersPackage
Name: /SDLF2/CodeBuild/BuildLambdaLayersPackage
Type: String
Value: !Ref rBuildLambdaLayersPackage
Description: Name of the CodeBuild job that creates a Lambda Layer containing the libraries and version numbers listed in the requirements.txt file in the repository provided
6 changes: 3 additions & 3 deletions sdlf-cicd/nested-stacks/template-cicd-modules-pipelines.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ Parameters:
pArtifactsBucket:
Description: The artifacts bucket used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/S3/DevOpsArtifactsBucket
Default: /SDLF2/S3/DevOpsArtifactsBucket
pKMSKey:
Description: The KMS key used by CodeBuild and CodePipeline
Type: AWS::SSM::Parameter::Value<String>
Default: /SDLF/KMS/CICDKeyId
Default: /SDLF2/KMS/CICDKeyId
pCicdRepository:
Type: String
pMainRepository:
Expand Down Expand Up @@ -255,7 +255,7 @@ Resources:
rMainRepositoryPipelineSsm:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub /SDLF/CodePipeline/MainRepository${pEnvironment}Pipeline
Name: !Sub /SDLF2/CodePipeline/MainRepository${pEnvironment}Pipeline
Type: String
Value: !Ref rMainRepositoryPipeline
Description: !Sub CodePipeline that triggers on sdlf-main ${pEnvironment} changes
2 changes: 1 addition & 1 deletion sdlf-cicd/template-cfn-module.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Resources:
Type: AWS::SSM::Parameter
DependsOn: rCloudFormationModuleDefaultVersion
Properties:
Name: !Sub /SDLF/CFN/${pDomain}-${pTeamName}-${pModuleName}-MODULE
Name: !Sub /SDLF2/CFN/${pDomain}-${pTeamName}-${pModuleName}-MODULE
Type: String
Value: !Ref pModuleGitRef
Description: Git reference (commit id) with the sources of this module version
20 changes: 10 additions & 10 deletions sdlf-cicd/template-cicd-domain-roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Resources:
Type: AWS::SSM::Parameter
Condition: MultiAccountSetup
Properties:
Name: /SDLF/VPC/Enabled
Name: /SDLF2/VPC/Enabled
Type: String
Value: !Ref pEnableVpc
Description: Deploy SDLF resources in a VPC
Expand Down Expand Up @@ -93,7 +93,7 @@ Resources:
Action:
- ssm:GetParameter
- ssm:GetParameters
Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/CFN/*
Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF2/CFN/*
- Effect: Allow
Action:
- cloudformation:CreateChangeSet
Expand Down Expand Up @@ -205,7 +205,7 @@ Resources:
- ssm:RemoveTagsFromResource
- ssm:DeleteParameter
Resource:
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/CFN/*
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF2/CFN/*
- PolicyName: sdlf-lambdalayers-codepipeline
PolicyDocument:
Version: "2012-10-17"
Expand All @@ -232,7 +232,7 @@ Resources:
- ssm:RemoveTagsFromResource
- ssm:DeleteParameter
Resource:
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/Lambda/LatestDatalakeLibraryLayer
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF2/Lambda/LatestDatalakeLibraryLayer

rDomainCloudFormationRole:
Type: AWS::IAM::Role
Expand Down Expand Up @@ -396,7 +396,7 @@ Resources:
- RunInVpc
- StringEquals:
"lambda:VpcIds":
- "{{resolve:ssm:/SDLF/VPC/VpcId}}"
- "{{resolve:ssm:/SDLF2/VPC/VpcId}}"
- !Ref "AWS::NoValue"
- Effect: Allow
Action:
Expand Down Expand Up @@ -559,7 +559,7 @@ Resources:
- ssm:ListTagsForResource
- ssm:PutParameter
- ssm:RemoveTagsFromResource
Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/*
Resource: !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF2/*
- Effect: Allow
Action:
- lakeformation:DeregisterResource # W11 exception
Expand Down Expand Up @@ -706,8 +706,8 @@ Resources:
- ssm:GetParameters
- ssm:GetParametersByPath
Resource:
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/Misc/*
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF/VPC/*
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF2/Misc/*
- !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/SDLF2/VPC/*
- Effect: Allow
Action:
- iam:GetRole
Expand Down Expand Up @@ -750,7 +750,7 @@ Outputs:
Description: List of security group ids that will be attached to Lambda functions and CodeBuild projects
Value: !If
- RunInVpc
- "{{resolve:ssm:/SDLF/VPC/SecurityGroupIds}}"
- "{{resolve:ssm:/SDLF2/VPC/SecurityGroupIds}}"
- "-"
Export:
Name: !Join ["-", [!Ref "AWS::StackName", "vpc-security-groups"]]
Expand All @@ -759,7 +759,7 @@ Outputs:
Description: List of subnet ids that will be attached to Lambda functions and CodeBuild projects
Value: !If
- RunInVpc
- "{{resolve:ssm:/SDLF/VPC/SubnetIds}}"
- "{{resolve:ssm:/SDLF2/VPC/SubnetIds}}"
- "-"
Export:
Name: !Join ["-", [!Ref "AWS::StackName", "vpc-subnets"]]
Loading

0 comments on commit 894a819

Please sign in to comment.