diff --git a/.copier-answers.yml b/.copier-answers.yml new file mode 100644 index 0000000..db502f0 --- /dev/null +++ b/.copier-answers.yml @@ -0,0 +1,6 @@ +# This file is auto-generated, changes will be overwritten +_commit: v0.1.4 +_src_path: /task/77fa2a16-4212-11ee-a686-b6ba09e3d2c1/projecttype +starting_version: v0.0.0 +version_file: VERSION + diff --git a/.github/.gitkeep b/.github/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..38dccc3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,162 @@ +functional-test-output.sarif +static-test-output.sarif +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/#use-with-ide +.pdm.toml + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..cdc7805 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "docs/boilerplate"] + path = docs/boilerplate + url = https://github.com/aws-ia/aws-ia-documentation-base-common.git diff --git a/.nojekyll b/.nojekyll new file mode 100644 index 0000000..e69de29 diff --git a/.project_automation/deprecation/entrypoint.sh b/.project_automation/deprecation/entrypoint.sh new file mode 100755 index 0000000..395a46f --- /dev/null +++ b/.project_automation/deprecation/entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/bash -ex + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype diff --git a/.project_automation/deprovision/entrypoint.sh b/.project_automation/deprovision/entrypoint.sh new file mode 100755 index 0000000..395a46f --- /dev/null +++ b/.project_automation/deprovision/entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/bash -ex + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype diff --git a/.project_automation/functional_tests/Dockerfile b/.project_automation/functional_tests/Dockerfile new file mode 100644 index 0000000..6ed7707 --- /dev/null +++ b/.project_automation/functional_tests/Dockerfile @@ -0,0 +1,4 @@ +FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 +RUN pip install taskcat yq +RUN yum install -y yum-utils && yum-config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo && yum install -y gh +RUN gem install asciidoctor \ No newline at end of file diff --git a/.project_automation/functional_tests/entrypoint.sh b/.project_automation/functional_tests/entrypoint.sh new file mode 100755 index 0000000..d607291 --- /dev/null +++ b/.project_automation/functional_tests/entrypoint.sh @@ -0,0 +1,66 @@ +#!/bin/bash -ex + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +printf '\nFunctional test...\n' + +DOCS_BRANCH="html-guide" +## Check if docs/ files are modified? +git fetch +git branch +DIFF_OUTPUT=$(git diff HEAD..origin/main) +## If docs are modified, render updated index.html file and +## create a PR with index.html file. +if echo "${DIFF_OUTPUT}" | grep "^diff --git a/docs/"; then + printf '\nChanges detected in the /docs files. \n' + #--- Github pages site generation ---# + asciidoctor --version + # Generate guide - filename -> index.html + asciidoctor --base-dir docs/ --backend=html5 -o ../index.html -w --doctype=book -a toc2 -a production_build docs/boilerplate/index_deployment_guide.adoc + ## Create PR with index.html file + CURRENT_BRANCH=$(git branch --show-current) + git checkout main + git checkout -b "${DOCS_BRANCH}" + git add index.html + git commit -m '(automated) rendered html deployment guide' + git push --set-upstream origin "${DOCS_BRANCH}" + gh pr create --title 'Generated deployment guide' --body "_This is an automated PR with rendered html file for the deployment guide. Please review it before merge_" +else + printf '\nNo changes detected in the /docs files. \n' +fi + +##---------------------------------------------------- +## Download taskcat overrides from AWS Secrets Manager +## --------------------------------------------------- +## Create a 'secret' of type plaintext in AWS Secrets Manager +## and add taskcat override file contents to it. +## Provide secret name to 'secret_name' parameter below and +## the AWS region where you secret is stored to 'aws_region'. + +# set defaults +secret_name=$(cat .taskcat.yml | yq -r '.project|.name') +secret_name=${secret_name}-override +secret_region="us-east-1" +# If overrides secret exists, retrieve the secret value as a JSON string +set +e +overrides=$(aws secretsmanager get-secret-value --secret-id $secret_name --query SecretString --output text --region $secret_region) +# convert the JSON string to YAML and save it to a file +if [ "$?" -eq 0 ]; then + echo "$overrides" > .taskcat_overrides.yml +fi +set -e +##---------------------------------------------------- + +# set taskcat general config +cat << EOF > ~/.taskcat.yml +general: + s3_regional_buckets: true +EOF + +# Run taskcat tests +REGIONS=$(aws ec2 describe-regions --region us-east-1 | yq -r '.Regions|.[]|.RegionName') +CSV_REGIONS=$(echo $REGIONS | tr ' ' ',') +taskcat test run -r $CSV_REGIONS \ No newline at end of file diff --git a/.project_automation/init/noop.sh b/.project_automation/init/noop.sh new file mode 100644 index 0000000..052b47d --- /dev/null +++ b/.project_automation/init/noop.sh @@ -0,0 +1,2 @@ +#!/bin/bash +echo "Not Supported!" diff --git a/.project_automation/provision/entrypoint.sh b/.project_automation/provision/entrypoint.sh new file mode 100755 index 0000000..395a46f --- /dev/null +++ b/.project_automation/provision/entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/bash -ex + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype diff --git a/.project_automation/publication/Dockerfile b/.project_automation/publication/Dockerfile new file mode 100644 index 0000000..8f71360 --- /dev/null +++ b/.project_automation/publication/Dockerfile @@ -0,0 +1,3 @@ +FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 +RUN yum install -y yum-utils && yum-config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo && yum install -y gh +RUN pip install copier taskcat yq jq awscli cfn-flip \ No newline at end of file diff --git a/.project_automation/publication/assets/.taskcat_publish.yml b/.project_automation/publication/assets/.taskcat_publish.yml new file mode 100644 index 0000000..8ffd750 --- /dev/null +++ b/.project_automation/publication/assets/.taskcat_publish.yml @@ -0,0 +1,44 @@ +general: + auth: + default: default-profile + af-south-1: af-south-1-profile + ap-east-1: ap-east-1-profile + ap-southeast-3: ap-southeast-3-profile + eu-south-1: eu-south-1-profile + me-south-1: me-south-1-profile + cn-north-1: china-profile + cn-northwest-1: china-profile + us-gov-east-1: us-govcloud-profile + us-gov-west-1: us-govcloud-profile +project: + s3_regional_buckets: true + s3_bucket: aws-ia + regions: + - af-south-1 + - ap-east-1 + - ap-southeast-3 + - eu-south-1 + - me-south-1 + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - sa-east-1 + - ap-northeast-1 + - ap-northeast-2 + - ap-northeast-3 + - ap-south-1 + - ap-southeast-1 + - ap-southeast-2 + - ca-central-1 + - eu-central-1 + - eu-north-1 + - cn-north-1 + - cn-northwest-1 + - us-gov-east-1 + - us-gov-west-1 +tests: + test1: {} \ No newline at end of file diff --git a/.project_automation/publication/assets/assume_role_regional_endpoint_wrapper.sh b/.project_automation/publication/assets/assume_role_regional_endpoint_wrapper.sh new file mode 100755 index 0000000..8e38f56 --- /dev/null +++ b/.project_automation/publication/assets/assume_role_regional_endpoint_wrapper.sh @@ -0,0 +1,2 @@ +#!/bin/bash -ex +aws sts assume-role --role-arn $1 --role-session-name 'wrapped-role' --external-id $2 --endpoint https://sts.us-east-2.amazonaws.com --region us-east-2 | jq '.Credentials + {"Version":1}' \ No newline at end of file diff --git a/.project_automation/publication/assets/cred_helper.py b/.project_automation/publication/assets/cred_helper.py new file mode 100644 index 0000000..c01d761 --- /dev/null +++ b/.project_automation/publication/assets/cred_helper.py @@ -0,0 +1,72 @@ +#!/usr/bin/env python3 +import boto3 +import json +import sys +import argparse + +# https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html + +def _transform_creds(result, ak, sk): + AK = result[ak] + SAK = result[sk] + transformed_creds = { + "Version": 1, + "AccessKeyId": AK, + "SecretAccessKey": SAK + } + return transformed_creds + +def fetch_creds(region_name, secret_name, ak, sk, pr): + ssm = boto3.Session(profile_name=pr).client('secretsmanager', region_name=region_name) + value = ssm.get_secret_value(SecretId=secret_name) + value = json.loads(value["SecretString"]) + return _transform_creds(value, ak, sk) + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + prog="cred_helper.py", + description="Snags creds from Secrets manager for use in an AWS profile. Leveraging botocore builtins.", + ) + parser.add_argument( + "--region", + type=str, + help="region name. otherwise use the default.", + required=True + ) + parser.add_argument( + "--secret-name", + type=str, + help="secret name to fetch", + required=True + ) + parser.add_argument( + "--access-key-index", + type=str, + help="secret name to fetch", + required=True + ) + parser.add_argument( + "--secret-access-key-index", + type=str, + help="secret name to fetch", + required=True + ) + parser.add_argument( + "--secret-profile", + type=str, + help="profile to use when fetching the secret", + required=False, + default="default" + ) + args = parser.parse_args() + try: + parsed_creds = fetch_creds( + args.region, + args.secret_name, + args.access_key_index, + args.secret_access_key_index, + args.secret_profile + ) + json.dump(parsed_creds, sys.stdout, indent=2) + except: + raise diff --git a/.project_automation/publication/entrypoint.sh b/.project_automation/publication/entrypoint.sh new file mode 100755 index 0000000..9fb1228 --- /dev/null +++ b/.project_automation/publication/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/bash -ex + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +# Add execute permission and run publishing script s3_publish.sh +if [ -n "${BASE_PATH}" ] +then + chmod +x $PROJECT_PATH"/.project_automation/publication/s3_publish.sh" + $PROJECT_PATH"/.project_automation/publication/s3_publish.sh" +else + echo "Local build mode (skipping publishing)" +fi \ No newline at end of file diff --git a/.project_automation/publication/s3_publish.sh b/.project_automation/publication/s3_publish.sh new file mode 100755 index 0000000..8d54835 --- /dev/null +++ b/.project_automation/publication/s3_publish.sh @@ -0,0 +1,86 @@ +#!/bin/bash -ex + +aws sts get-caller-identity --debug + +# project root directory path +project_root="${BASE_PATH}/project" +# automation scripts directory path +automation_scripts_path="${project_root}/.project_automation/publication/assets/" +# project taskcat config filename +project_config_file="${project_root}/.taskcat.yml" + +prepare_taskcat_file_to_publish(){ + # modified taskcat config filename for publishing + modified_config_file="${automation_scripts_path}.taskcat_publish.yml" + + # name of the attribute to retrieve from project config file + attr_name=".project.name" + + # retrieve the value of the attribute from the project config yml file + attr_value=$(yq -r "${attr_name}" ${project_config_file}) + + # add the attribute and its value to the modified_config_file + yq -Y --arg attribute_name "name" --arg attribute_value "${attr_value}" '.project += {($attribute_name): ($attribute_value)}' ${modified_config_file} > "${automation_scripts_path}tmp.yml" +} + +prepare_aws_config(){ + # set defaults + secret_name="aws_config.override" + secret_region="us-east-1" + + # get aws config override file from secrets manager + json_overrides=$(aws secretsmanager get-secret-value --secret-id ${secret_name} --query SecretString --output text --region ${secret_region}) + + # parse JSON using jq and iterate over each profile + profiles=$(echo "${json_overrides}" | jq -r '.profiles | keys[]') + + # create default profile and redirect output to a file + echo -e "[profile default]\ncredential_process = cat \"${BASE_PATH}/.aws/temp-creds-default.json\"" > "${automation_scripts_path}aws_config.override" + + for profile in ${profiles} + do + # get values of each profile + region=$(echo "${json_overrides}" | jq -r ".profiles[\"${profile}\"].region") + credential=$(echo "${json_overrides}" | jq -r ".profiles[\"${profile}\"].credential_process // .profiles[\"${profile}\"].credential_source") + + # print the profile and its values in the desired format + echo -e "\n[profile ${profile}]\nregion = ${region}\ncredential_process = ${credential}" >> "${automation_scripts_path}aws_config.override" + sed -i "s|project_root|${project_root}|g" "${automation_scripts_path}aws_config.override" + done +} + +# package lambdas +taskcat package -p ${project_root} -s functions/source/ -z functions/packages/ + +prepare_taskcat_file_to_publish +prepare_aws_config + +export AWS_CONFIG_FILE="${automation_scripts_path}aws_config.override" + +cat ${AWS_CONFIG_FILE} +cat "${automation_scripts_path}tmp.yml" + +aws sts get-caller-identity --debug + +chmod 755 ${project_root}/.project_automation/publication/assets/cred_helper.py +# push to regional S3 buckets +export TASKCAT_PROJECT_S3_REGIONAL_BUCKETS=true; taskcat -d upload -p ${project_root} -c "${automation_scripts_path}tmp.yml" + +PUBLICATIONS_ASSETS_BUCKET=$(aws ssm get-parameter --region us-east-1 --name PUBLICATIONS_ASSETS_BUCKET --with-decryption | jq -r '.Parameter|.Value') + +upload_assets_to_ssm(){ + cd ${project_root} + APP_MGR_MANIFEST=${project_root}/manifests/app-manager/app-manager-manifest.yaml + if [[ -f "$APP_MGR_MANIFEST" ]]; then + aws s3 cp --region us-east-1 s3://${PUBLICATIONS_ASSETS_BUCKET}/template_to_ssm_doc_pusher.py ${project_root}/.project_automation/publication/assets/ + PUBLISH_SSM_DOC_ACCOUNT_ID=$(aws ssm get-parameter --region us-east-1 --name PUBLISH_SSM_DOC_ACCOUNT_ID --with-decryption | jq -r '.Parameter|.Value') + version_suffix=$(date "+%Y-%m-%d-%H-%M-%S") + regions=$(aws ec2 describe-regions --region us-east-1 --output text | cut -f4) + aws sts get-caller-identity + for region in ${regions}; do + python ${project_root}/.project_automation/publication/assets/template_to_ssm_doc_pusher.py -a ${PUBLISH_SSM_DOC_ACCOUNT_ID} -f ${project_root}/manifests/app-manager/app-manager-manifest.yaml -r ${region} -v ${version_suffix} -d true + done + fi +} + +upload_assets_to_ssm \ No newline at end of file diff --git a/.project_automation/static_tests/Dockerfile b/.project_automation/static_tests/Dockerfile new file mode 100644 index 0000000..4f5b5b5 --- /dev/null +++ b/.project_automation/static_tests/Dockerfile @@ -0,0 +1,4 @@ +FROM public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0 +RUN git clone https://github.com/aws-quickstart/qs-cfn-lint-rules.git /tmp/qs-cfn-lint-rules +RUN cd /tmp/qs-cfn-lint-rules && pip install . +RUN cfn-lint -u \ No newline at end of file diff --git a/.project_automation/static_tests/entrypoint.sh b/.project_automation/static_tests/entrypoint.sh new file mode 100755 index 0000000..918207e --- /dev/null +++ b/.project_automation/static_tests/entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/bash -ex + +## NOTE: paths may differ when running in a managed task. To ensure behavior is consistent between +# managed and local tasks always use these variables for the project and project type path +PROJECT_PATH=${BASE_PATH}/project +PROJECT_TYPE_PATH=${BASE_PATH}/projecttype + +cd $PROJECT_PATH +cfn-lint --non-zero-exit-code none -t templates/**/*.yaml -a /tmp/qs-cfn-lint-rules/qs_cfn_lint_rules/ \ No newline at end of file diff --git a/.project_automation/update/noop.sh b/.project_automation/update/noop.sh new file mode 100644 index 0000000..052b47d --- /dev/null +++ b/.project_automation/update/noop.sh @@ -0,0 +1,2 @@ +#!/bin/bash +echo "Not Supported!" diff --git a/.project_config.yml b/.project_config.yml new file mode 100644 index 0000000..e78c2aa --- /dev/null +++ b/.project_config.yml @@ -0,0 +1,24 @@ +version: "1.0.0" + +init: + entrypoint: .project_automation/init/noop.sh +update: + entrypoint: .project_automation/update/noop.sh +static_tests: + dockerfile: .project_automation/static_tests/Dockerfile + entrypoint: .project_automation/static_tests/entrypoint.sh +functional_tests: + enable_docker: true + dockerfile: .project_automation/functional_tests/Dockerfile + entrypoint: .project_automation/functional_tests/entrypoint.sh + github_permissions: + contents: write + pull_requests: write +publication: + enable_docker: true + dockerfile: .project_automation/publication/Dockerfile + entrypoint: .project_automation/publication/entrypoint.sh + github_permissions: + contents: write +deprecation: + entrypoint: .project_automation/deprecation/entrypoint.sh diff --git a/.taskcat.yml b/.taskcat.yml new file mode 100644 index 0000000..911b592 --- /dev/null +++ b/.taskcat.yml @@ -0,0 +1,33 @@ +project: + name: cfn-sample-template + owner: quickstart@amazon.com + package_lambda: false + regions: + - ap-northeast-1 + - ap-northeast-2 + - ap-southeast-1 + - ap-southeast-2 + - eu-central-1 + - eu-west-1 + - sa-east-1 + - us-east-1 + - us-west-1 + - us-west-2 +tests: + sample: + parameters: + Param1: 'Inputs to Stack' + # Examples: of other taskcat dynamic input parameters for more into see http://taskcat.io + # + # AvailabilityZones: $[taskcat_genaz_3] + # ByteValue: 1 + # PasswordA: $[taskcat_genpass_8A] + # PasswordB: $[taskcat_genpass_32S] + # RandomNumber: $[taskcat_random-numbers] + # RandomString: $[taskcat_random-string] + # StackName: TestStack + # UUID: $[taskcat_genuuid] + # + regions: + - us-east-2 + template: templates/another-workload.template.yaml diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..1006f66 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @aws-ia/aws-ia \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..5b627cf --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,4 @@ +## Code of Conduct +This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). +For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact +opensource-codeofconduct@amazon.com with any additional questions or comments. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8415ace --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2022 [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/NOTICE.txt b/NOTICE.txt new file mode 100644 index 0000000..919c27c --- /dev/null +++ b/NOTICE.txt @@ -0,0 +1,7 @@ +Copyright 2016-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at + + http://aws.amazon.com/apache2.0/ + +or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..ae39fab --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +v0.0.0 diff --git a/docs/_deployment_guide.adoc b/docs/_deployment_guide.adoc new file mode 100644 index 0000000..fa896ef --- /dev/null +++ b/docs/_deployment_guide.adoc @@ -0,0 +1 @@ +:type: cfn diff --git a/docs/boilerplate b/docs/boilerplate new file mode 160000 index 0000000..62c3622 --- /dev/null +++ b/docs/boilerplate @@ -0,0 +1 @@ +Subproject commit 62c36223ff89ec221b24c4824e7d524785350df4 diff --git a/docs/deployment_guide/images/AWS-Logo.svg b/docs/deployment_guide/images/AWS-Logo.svg new file mode 100644 index 0000000..4d23322 --- /dev/null +++ b/docs/deployment_guide/images/AWS-Logo.svg @@ -0,0 +1 @@ +AWS-Logo_White-Color \ No newline at end of file diff --git a/docs/deployment_guide/images/architecture_diagram.png b/docs/deployment_guide/images/architecture_diagram.png new file mode 100644 index 0000000..769bf7f Binary files /dev/null and b/docs/deployment_guide/images/architecture_diagram.png differ diff --git a/docs/deployment_guide/images/aws-quickstart-deployment-graphic.png b/docs/deployment_guide/images/aws-quickstart-deployment-graphic.png new file mode 100644 index 0000000..8efde67 Binary files /dev/null and b/docs/deployment_guide/images/aws-quickstart-deployment-graphic.png differ diff --git a/docs/deployment_guide/images/aws-quickstart-migration-graphic.png b/docs/deployment_guide/images/aws-quickstart-migration-graphic.png new file mode 100644 index 0000000..8efde67 Binary files /dev/null and b/docs/deployment_guide/images/aws-quickstart-migration-graphic.png differ diff --git a/docs/deployment_guide/images/aws-quickstart-operational-graphic.png b/docs/deployment_guide/images/aws-quickstart-operational-graphic.png new file mode 100644 index 0000000..8efde67 Binary files /dev/null and b/docs/deployment_guide/images/aws-quickstart-operational-graphic.png differ diff --git a/docs/deployment_guide/partner_editable/_settings.adoc b/docs/deployment_guide/partner_editable/_settings.adoc new file mode 100644 index 0000000..3771142 --- /dev/null +++ b/docs/deployment_guide/partner_editable/_settings.adoc @@ -0,0 +1,17 @@ +:partner-solution-project-name: partner-solution-repo-name +:partner-solution-github-org: aws-quickstart +:partner-product-name: Full Product Name +:partner-product-short-name: Product Name +:partner-company-name: Example Company Name, Ltd. +:doc-month: January +:doc-year: 2023 +:partner-contributors: John Smith, {partner-company-name} +// :other-contributors: Akua Mansa, Trek10 +:aws-contributors: Janine Singh, AWS IoT Partner team +:aws-ia-contributors: Toni Jones, AWS Integration & Automation team +:deployment_time: 15 minutes +:default_deployment_region: us-east-1 +// :private_repo: + + +// For instructions on creating this deployment guide, refer to "Build your AWS Partner Solution documentation" (https://aws-ia-us-west-2.s3.us-west-2.amazonaws.com/docs/content/index.html#/). \ No newline at end of file diff --git a/docs/deployment_guide/partner_editable/architecture.adoc b/docs/deployment_guide/partner_editable/architecture.adoc new file mode 100644 index 0000000..55087cb --- /dev/null +++ b/docs/deployment_guide/partner_editable/architecture.adoc @@ -0,0 +1,28 @@ +:xrefstyle: short + +Deploying this Partner Solution with default parameters builds the following {partner-product-short-name} environment in the +AWS Cloud. + +// Replace this example diagram with your own. Follow our wiki guidelines: https://w.amazon.com/bin/view/AWS_Quick_Starts/Process_for_PSAs/#HPrepareyourarchitecturediagram. Upload your source PowerPoint file to the GitHub {deployment name}/docs/images/ directory in its repository. + +[#architecture1] +.Partner Solution architecture for {partner-product-short-name} on AWS +image::../docs/deployment_guide/images/architecture_diagram.png[Architecture] + +As shown in <>, this Partner Solution sets up the following: + +* A highly available architecture that spans two Availability Zones.* +* A virtual private cloud (VPC) configured with public and private subnets, according to AWS +best practices, to provide you with your own virtual network on AWS.* +* In the public subnets: +** Managed network address translation (NAT) gateways to allow outbound +internet access for resources in the private subnets.* +** A Linux bastion host in an Auto Scaling group to allow inbound Secure +Shell (SSH) access to Amazon Elastic Compute Cloud (Amazon EC2) instances in public and private subnets.* +* In the private subnets: +** . +** . +// Add bullet points for any additional components that are included in the deployment. Ensure that the additional components are shown in the architecture diagram. End each bullet with a period. +* . + +[.small]#* The template that deploys this Partner Solution into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.# diff --git a/docs/deployment_guide/partner_editable/deployment_options.adoc b/docs/deployment_guide/partner_editable/deployment_options.adoc new file mode 100644 index 0000000..b667c14 --- /dev/null +++ b/docs/deployment_guide/partner_editable/deployment_options.adoc @@ -0,0 +1,8 @@ +// Edit this placeholder text as necessary to describe the deployment options. + +This Partner Solution provides the following deployment options: + +* https://qs_launch_permalink[Deploy {partner-product-short-name} into a new VPC^]. This option builds a new AWS environment that consists of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components. It then deploys {partner-product-short-name} into this new VPC. +* https://qs_launch_permalink[Deploy {partner-product-short-name} into an existing VPC^]. This option provisions {partner-product-short-name} in your existing AWS infrastructure. + +This Partner Solution provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and {partner-product-short-name} settings. diff --git a/docs/deployment_guide/partner_editable/licenses.adoc b/docs/deployment_guide/partner_editable/licenses.adoc new file mode 100644 index 0000000..9b10efe --- /dev/null +++ b/docs/deployment_guide/partner_editable/licenses.adoc @@ -0,0 +1,3 @@ +// Include details about any licenses and how to sign up. Provide links as appropriate. + +There is no cost to use this Partner Solution, but you will be billed for any AWS services or resources that this Partner Solution deploys. For more information, refer to the https://fwd.aws/rA69w?[AWS Partner Solution General Information Guide^]. \ No newline at end of file diff --git a/docs/deployment_guide/partner_editable/overview.adoc b/docs/deployment_guide/partner_editable/overview.adoc new file mode 100644 index 0000000..f8197e0 --- /dev/null +++ b/docs/deployment_guide/partner_editable/overview.adoc @@ -0,0 +1,10 @@ +This guide covers the information you need to deploy the {partner-product-name} Partner Solution in the AWS Cloud. + +// Fill in the info in for use on the landing page only: +This Amazon Web Services (AWS) Partner Solution deploys []() in the AWS Cloud so that . This solution is for who want to so that . For more information, refer to the [ documentation](). + +// Deploying this solution does not guarantee an organization’s compliance with any laws, certifications, policies, or other regulations. [Uncomment this statement only for solutions that relate to compliance. We'll add the corresponding reference part to the landing page and get legal approval before publishing.] + +// For advanced information about the product, troubleshooting, or additional functionality, refer to the https://{partner-solution-github-org}.github.io/{partner-solution-project-name}/operational/index.html[Operational Guide^]. + +// For information about using this Partner Solution for migrations, refer to the https://{partner-solution-github-org}.github.io/{partner-solution-project-name}/migration/index.html[Migration Guide^]. \ No newline at end of file diff --git a/docs/deployment_guide/partner_editable/post_deployment.adoc b/docs/deployment_guide/partner_editable/post_deployment.adoc new file mode 100644 index 0000000..7fab41c --- /dev/null +++ b/docs/deployment_guide/partner_editable/post_deployment.adoc @@ -0,0 +1,3 @@ +// Include any postdeployment steps here, such as steps necessary to test that the deployment was successful. If there are no postdeployment steps, leave this file empty. + +== Postdeployment steps diff --git a/docs/deployment_guide/partner_editable/pre_deployment.adoc b/docs/deployment_guide/partner_editable/pre_deployment.adoc new file mode 100644 index 0000000..5be88b7 --- /dev/null +++ b/docs/deployment_guide/partner_editable/pre_deployment.adoc @@ -0,0 +1,3 @@ +//Include any predeployment steps here, such as signing up for a Marketplace AMI or making any changes to a partner account. If there are no predeployment steps, leave this file empty. + +== Predeployment steps diff --git a/docs/deployment_guide/partner_editable/troubleshooting.adoc b/docs/deployment_guide/partner_editable/troubleshooting.adoc new file mode 100644 index 0000000..aaeba88 --- /dev/null +++ b/docs/deployment_guide/partner_editable/troubleshooting.adoc @@ -0,0 +1,6 @@ +// Add any unique troubleshooting steps here. + +For troubleshooting common Partner Solution issues, refer to the https://fwd.aws/rA69w?[AWS Partner Solution General Information Guide^] and https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html[Troubleshooting CloudFormation^]. + +// == Resources +// Uncomment section and add links to any external resources that are specified by the partner. diff --git a/scripts/sample_userdata.sh b/scripts/sample_userdata.sh new file mode 100644 index 0000000..a84a81f --- /dev/null +++ b/scripts/sample_userdata.sh @@ -0,0 +1 @@ +#UserData and or scripts should be stored here, but only for source code revision purposes cf templatess should refer to prod s3bucket allways diff --git a/templates/another-workload.template.yaml b/templates/another-workload.template.yaml new file mode 100644 index 0000000..6865197 --- /dev/null +++ b/templates/another-workload.template.yaml @@ -0,0 +1,99 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: Sample Stack (qs-def3wdf) +Metadata: + cfn-lint: + config: + ignore_checks: + - W9002 + - W9003 +Parameters: + Param1: + Description: Param1 + Type: String +Resources: + LambdaExecutionRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + Path: "/" + Policies: + - PolicyName: lambda_policy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: !Sub 'arn:${AWS::Partition}:logs:*:*:*' + GenID: + Type: AWS::Lambda::Function + Properties: + Code: + ZipFile: + Fn::Join: + - "\n" + - - import random + - import json + - import cfnresponse + - from cfnresponse import send, SUCCESS + - 'def handler(event, context):' + - " if event['RequestType'] == 'Delete':" + - " send(event, context, 'SUCCESS', {})" + - " return" + - " if event['RequestType'] == 'Create':" + - ' token= "%0x.%0x" % (random.SystemRandom().getrandbits(3*8), + random.SystemRandom().getrandbits(8*8))' + - " responseData = {}" + - " responseData['Data'] = token" + - " send(event, context, 'SUCCESS', responseData)" + - " return token" + Handler: index.handler + Runtime: python3.7 + Timeout: 5 + Role: + Fn::GetAtt: + - LambdaExecutionRole + - Arn + GetID: + Type: Custom::GenerateID + Version: '1.0' + Properties: + ServiceToken: + Fn::GetAtt: + - GenID + - Arn + ResponseURL: + Fn::Join: + - '' + - - http://ResponseURL + - Ref: AWS::StackId + - RequestId + StackId: + Ref: AWS::StackId + ResourceProperties: + RequestType: Create + RequestId: + Fn::Join: + - '' + - - Ref: AWS::StackId + - RequestId + LogicalResourceId: GenIDLogicalResourceId +Outputs: + ClusterID: + Value: + Fn::GetAtt: + - GetID + - Data + Param1Output: + Value: !Ref Param1 diff --git a/templates/functions/source/_lambda_source b/templates/functions/source/_lambda_source new file mode 100644 index 0000000..d36a1e1 --- /dev/null +++ b/templates/functions/source/_lambda_source @@ -0,0 +1,3 @@ +# +# Lambda source files go here +# diff --git a/templates/sample-workload.template.template b/templates/sample-workload.template.template new file mode 100644 index 0000000..989e996 --- /dev/null +++ b/templates/sample-workload.template.template @@ -0,0 +1,97 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: Sample Stack +Parameters: + Param1: + Description: Param1 + Type: String +Resources: + LambdaExecutionRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + Path: "/" + Policies: + - PolicyName: lambda_policy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: arn:aws:logs:*:*:* + - Effect: Allow + Action: + - cloudformation:DescribeStacks + Resource: "*" + GenID: + Type: AWS::Lambda::Function + Properties: + Code: + ZipFile: + Fn::Join: + - "\n" + - - import random + - import json + - import cfnresponse + - from cfnresponse import send, SUCCESS + - 'def handler(event, context):' + - " if event['RequestType'] == 'Delete':" + - " send(event, context, 'SUCCESS', {})" + - " return" + - " if event['RequestType'] == 'Create':" + - ' token= "%0x.%0x" % (random.SystemRandom().getrandbits(3*8), + random.SystemRandom().getrandbits(8*8))' + - " responseData = {}" + - " responseData['Data'] = token" + - " send(event, context, 'SUCCESS', responseData)" + - " return token" + Handler: index.handler + Runtime: python3.7 + Timeout: 5 + Role: + Fn::GetAtt: + - LambdaExecutionRole + - Arn + GetID: + Type: Custom::GenerateID + Version: '1.0' + Properties: + ServiceToken: + Fn::GetAtt: + - GenID + - Arn + ResponseURL: + Fn::Join: + - '' + - - http://ResponseURL + - Ref: AWS::StackId + - RequestId + StackId: + Ref: AWS::StackId + ResourceProperties: + RequestType: Create + RequestId: + Fn::Join: + - '' + - - Ref: AWS::StackId + - RequestId + LogicalResourceId: GenIDLogicalResourceId +Outputs: + ClusterID: + Value: + Fn::GetAtt: + - GetID + - Data + Param1Output: + Value: !Ref Param1 diff --git a/templates/scripts/sample_userdata.sh b/templates/scripts/sample_userdata.sh new file mode 100644 index 0000000..a84a81f --- /dev/null +++ b/templates/scripts/sample_userdata.sh @@ -0,0 +1 @@ +#UserData and or scripts should be stored here, but only for source code revision purposes cf templatess should refer to prod s3bucket allways