Add resource type AWS::ControlTower::LandingZone

aws-cloudformation · Aug 5, 2024 · f111489 · f111489
1 parent cf4caba
commit f111489
Show file tree

Hide file tree

Showing 31 changed files with 4,338 additions and 0 deletions.
diff --git a/aws-controltower-landingzone/.gitignore b/aws-controltower-landingzone/.gitignore
@@ -0,0 +1,17 @@
+# macOS
+.DS_Store
+._*
+
+# Maven outputs
+.classpath
+
+# IntelliJ
+*.iml
+.idea
+out.java
+out/
+.settings
+.project
+
+# auto-generated files
+target/
diff --git a/aws-controltower-landingzone/.rpdk-config b/aws-controltower-landingzone/.rpdk-config
@@ -0,0 +1,29 @@
+{
+    "artifact_type": "RESOURCE",
+    "typeName": "AWS::ControlTower::LandingZone",
+    "language": "java",
+    "runtime": "java17",
+    "entrypoint": "software.amazon.controltower.landingzone.HandlerWrapper::handleRequest",
+    "testEntrypoint": "software.amazon.controltower.landingzone.HandlerWrapper::testEntrypoint",
+    "settings": {
+        "version": false,
+        "subparser_name": null,
+        "verbose": 0,
+        "force": false,
+        "type_name": null,
+        "artifact_type": null,
+        "endpoint_url": null,
+        "region": null,
+        "target_schemas": [],
+        "profile": null,
+        "namespace": [
+            "software",
+            "amazon",
+            "controltower",
+            "landingzone"
+        ],
+        "codegen_template_path": "guided_aws",
+        "protocolVersion": "2.0.0"
+    },
+    "executableEntrypoint": "software.amazon.controltower.landingzone.HandlerWrapperExecutable"
+}
diff --git a/aws-controltower-landingzone/README.md b/aws-controltower-landingzone/README.md
@@ -0,0 +1,12 @@
+# AWS::ControlTower::LandingZone
+
+Congratulations on starting development! Next steps:
+
+1. Write the JSON schema describing your resource, `aws-controltower-landingzone.json`
+1. Implement your resource handlers.
+
+The RPDK will automatically generate the correct resource model from the schema whenever the project is built via Maven. You can also do this manually with the following command: `cfn generate`.
+
+> Please don't modify files under `target/generated-sources/rpdk`, as they will be automatically overwritten.
+
+The code uses [Lombok](https://projectlombok.org/), and [you may have to install IDE integrations](https://projectlombok.org/setup/overview) to enable auto-complete for Lombok-annotated classes.
diff --git a/aws-controltower-landingzone/aws-controltower-landingzone.json b/aws-controltower-landingzone/aws-controltower-landingzone.json
@@ -0,0 +1,198 @@
+{
+  "typeName": "AWS::ControlTower::LandingZone",
+  "description": "Definition of AWS::ControlTower::LandingZone Resource Type",
+  "definitions": {
+    "LandingZoneDriftStatus": {
+      "type": "string",
+      "enum": [
+        "DRIFTED",
+        "IN_SYNC"
+      ]
+    },
+    "LandingZoneStatus": {
+      "type": "string",
+      "enum": [
+        "ACTIVE",
+        "PROCESSING",
+        "FAILED"
+      ]
+    },
+    "Tag": {
+      "type": "object",
+      "properties": {
+        "Key": {
+          "type": "string",
+          "maxLength": 256,
+          "minLength": 1
+        },
+        "Value": {
+          "type": "string",
+          "maxLength": 256,
+          "minLength": 0
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  "properties": {
+    "LandingZoneIdentifier": {
+      "type": "string"
+    },
+    "Arn": {
+      "type": "string",
+      "maxLength": 2048,
+      "minLength": 20,
+      "pattern": "^arn:aws[0-9a-zA-Z_\\-:\\/]+$"
+    },
+    "Status": {
+      "$ref": "#/definitions/LandingZoneStatus"
+    },
+    "LatestAvailableVersion": {
+      "type": "string",
+      "maxLength": 10,
+      "minLength": 3,
+      "pattern": "\\d+.\\d+"
+    },
+    "DriftStatus": {
+      "$ref": "#/definitions/LandingZoneDriftStatus"
+    },
+    "Manifest": {},
+    "Version": {
+      "type": "string",
+      "maxLength": 10,
+      "minLength": 3,
+      "pattern": "\\d+.\\d+"
+    },
+    "Tags": {
+      "type": "array",
+      "items": {
+        "$ref": "#/definitions/Tag"
+      }
+    }
+  },
+  "required": [
+    "Manifest",
+    "Version"
+  ],
+  "readOnlyProperties": [
+    "/properties/LandingZoneIdentifier",
+    "/properties/Arn",
+    "/properties/Status",
+    "/properties/LatestAvailableVersion",
+    "/properties/DriftStatus"
+  ],
+  "primaryIdentifier": [
+    "/properties/LandingZoneIdentifier"
+  ],
+  "tagging": {
+    "taggable": true,
+    "tagOnCreate": true,
+    "tagUpdatable": true,
+    "cloudFormationSystemTags": true,
+    "tagProperty": "/properties/Tags"
+  },
+  "handlers": {
+    "create": {
+      "permissions": [
+        "controltower:CreateLandingZone",
+        "controltower:GetLandingZoneOperation",
+        "controltower:ListTagsForResource",
+        "controltower:TagResource",
+        "controltower:GetLandingZone",
+        "cloudformation:DescribeOrganizationsAccess",
+        "servicecatalog:AssociatePrincipalWithPortfolio",
+        "servicecatalog:AssociateProductWithPortfolio",
+        "servicecatalog:CreatePortfolio",
+        "servicecatalog:CreateProduct",
+        "servicecatalog:CreateProvisioningArtifact",
+        "servicecatalog:ListPortfolios",
+        "servicecatalog:ListProvisioningArtifacts",
+        "servicecatalog:SearchProductsAsAdmin",
+        "servicecatalog:UpdatePortfolio",
+        "servicecatalog:UpdateProvisioningArtifact",
+        "servicecatalog:ListPrincipalsForPortfolio",
+        "organizations:CreateOrganizationalUnit",
+        "organizations:CreateOrganization",
+        "organizations:UpdatePolicy",
+        "organizations:CreatePolicy",
+        "organizations:AttachPolicy",
+        "organizations:DetachPolicy",
+        "organizations:DeletePolicy",
+        "organizations:EnablePolicyType",
+        "organizations:EnableAWSServiceAccess",
+        "organizations:ListRoots",
+        "sso:*"
+      ]
+    },
+    "read": {
+      "permissions": [
+        "controltower:GetLandingZone",
+        "controltower:ListTagsForResource"
+      ]
+    },
+    "update": {
+      "permissions": [
+        "controltower:UpdateLandingZone",
+        "controltower:GetLandingZoneOperation",
+        "controltower:ListTagsForResource",
+        "controltower:TagResource",
+        "controltower:GetLandingZone",
+        "controltower:UntagResource",
+        "cloudformation:DescribeOrganizationsAccess",
+        "servicecatalog:AssociatePrincipalWithPortfolio",
+        "servicecatalog:AssociateProductWithPortfolio",
+        "servicecatalog:CreatePortfolio",
+        "servicecatalog:CreateProduct",
+        "servicecatalog:CreateProvisioningArtifact",
+        "servicecatalog:ListPortfolios",
+        "servicecatalog:ListProvisioningArtifacts",
+        "servicecatalog:SearchProductsAsAdmin",
+        "servicecatalog:UpdatePortfolio",
+        "servicecatalog:UpdateProvisioningArtifact",
+        "servicecatalog:ListPrincipalsForPortfolio",
+        "organizations:CreateOrganizationalUnit",
+        "organizations:CreateOrganization",
+        "organizations:UpdatePolicy",
+        "organizations:CreatePolicy",
+        "organizations:AttachPolicy",
+        "organizations:DetachPolicy",
+        "organizations:DeletePolicy",
+        "organizations:EnablePolicyType",
+        "organizations:EnableAWSServiceAccess",
+        "organizations:ListRoots",
+        "sso:*"
+      ]
+    },
+    "delete": {
+      "permissions": [
+        "controltower:DeleteLandingZone",
+        "controltower:GetLandingZone",
+        "controltower:GetLandingZoneOperation",
+        "cloudformation:DescribeOrganizationsAccess",
+        "servicecatalog:ListPortfolios",
+        "servicecatalog:ListProvisioningArtifacts",
+        "servicecatalog:SearchProductsAsAdmin",
+        "servicecatalog:DeleteProvisioningArtifact",
+        "servicecatalog:ListPrincipalsForPortfolio",
+        "servicecatalog:DeleteProduct",
+        "servicecatalog:DisassociatePrincipalFromPortfolio",
+        "servicecatalog:DisassociateProductFromPortfolio",
+        "servicecatalog:DeletePortfolio",
+        "organizations:AttachPolicy",
+        "organizations:DetachPolicy",
+        "organizations:DeletePolicy",
+        "organizations:ListRoots",
+        "sso:*",
+        "iam:DeleteRolePolicy",
+        "iam:DetachRolePolicy",
+        "iam:DeleteRole"
+      ]
+    },
+    "list": {
+      "permissions": [
+        "controltower:ListLandingZones"
+      ]
+    }
+  },
+  "additionalProperties": false
+}
diff --git a/aws-controltower-landingzone/docs/README.md b/aws-controltower-landingzone/docs/README.md
@@ -0,0 +1,95 @@
+# AWS::ControlTower::LandingZone
+
+Definition of AWS::ControlTower::LandingZone Resource Type
+
+## Syntax
+
+To declare this entity in your AWS CloudFormation template, use the following syntax:
+
+### JSON
+
+<pre>
+{
+    "Type" : "AWS::ControlTower::LandingZone",
+    "Properties" : {
+        "<a href="#manifest" title="Manifest">Manifest</a>" : <i>Map</i>,
+        "<a href="#version" title="Version">Version</a>" : <i>String</i>,
+        "<a href="#tags" title="Tags">Tags</a>" : <i>[ <a href="tag.md">Tag</a>, ... ]</i>
+    }
+}
+</pre>
+
+### YAML
+
+<pre>
+Type: AWS::ControlTower::LandingZone
+Properties:
+    <a href="#manifest" title="Manifest">Manifest</a>: <i>Map</i>
+    <a href="#version" title="Version">Version</a>: <i>String</i>
+    <a href="#tags" title="Tags">Tags</a>: <i>
+      - <a href="tag.md">Tag</a></i>
+</pre>
+
+## Properties
+
+#### Manifest
+
+_Required_: Yes
+
+_Type_: Map
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
+#### Version
+
+_Required_: Yes
+
+_Type_: String
+
+_Minimum Length_: <code>3</code>
+
+_Maximum Length_: <code>10</code>
+
+_Pattern_: <code>\d+.\d+</code>
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
+#### Tags
+
+_Required_: No
+
+_Type_: List of <a href="tag.md">Tag</a>
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
+## Return Values
+
+### Ref
+
+When you pass the logical ID of this resource to the intrinsic `Ref` function, Ref returns the LandingZoneIdentifier.
+
+### Fn::GetAtt
+
+The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
+
+For more information about using the `Fn::GetAtt` intrinsic function, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html).
+
+#### LandingZoneIdentifier
+
+Returns the <code>LandingZoneIdentifier</code> value.
+
+#### Arn
+
+Returns the <code>Arn</code> value.
+
+#### Status
+
+Returns the <code>Status</code> value.
+
+#### LatestAvailableVersion
+
+Returns the <code>LatestAvailableVersion</code> value.
+
+#### DriftStatus
+
+Returns the <code>DriftStatus</code> value.