diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e56696..d23c1d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,20 +5,26 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.1.1] - 2024-09-30 + +### Added + +- Fixed bug in the TPS microservice for stacks not starting with "amc." +- Updated IAM_POLICY_INSTALL.json to include additional permissions for console deployments. + ## [3.1.0] - 2024-09-05 ### Added - Added support for retrieving reporting data from Amazon Ads API and Selling Partner API. -- Added support for handling multiple authenticated credentials. -- Cataloged the reporting data in AWS Glue using the Data Lake. - +- Added support for handling multiple authenticated credentials. +- Cataloged the reporting data in AWS Glue using the Data Lake. ## [3.0.0] - 2024-05-30 ### Added -- Implemented support for the Amazon Ads API while phasing out the previous authentication system +- Implemented support for the Amazon Ads API while phasing out the previous authentication system ## [2.0.3] - 2024-02-20 @@ -77,4 +83,3 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Final version before promotion to AWS Solutions - diff --git a/IAM_POLICY_INSTALL.json b/IAM_POLICY_INSTALL.json index 02bf096..2fdb5a1 100644 --- a/IAM_POLICY_INSTALL.json +++ b/IAM_POLICY_INSTALL.json @@ -10,6 +10,7 @@ "cloudformation:DeleteStack", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", "cloudformation:ExecuteChangeSet", "cloudformation:GetTemplate", "cloudformation:GetTemplateSummary", @@ -52,6 +53,7 @@ "iam:AttachRolePolicy", "iam:CreatePolicy", "iam:CreatePolicyVersion", + "iam:CreateServiceLinkedRole", "iam:CreateRole", "iam:DeletePolicy", "iam:DeleteRole", @@ -61,6 +63,7 @@ "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", + "iam:ListRoles", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:PassRole", @@ -91,6 +94,7 @@ "lakeformation:DeregisterResource", "lakeformation:GetDataLakeSettings", "lakeformation:GrantPermissions", + "lakeformation:ListLFTags", "lakeformation:PutDataLakeSettings", "lakeformation:RegisterResource", "lakeformation:RevokePermissions", @@ -180,6 +184,7 @@ "sns:CreateTopic", "sns:DeleteTopic", "sns:GetTopicAttributes", + "sns:ListTopics", "sns:Publish", "sns:SetTopicAttributes", "sns:Subscribe", diff --git a/NOTICE.txt b/NOTICE.txt index 1e40494..183432e 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -24,7 +24,8 @@ aws-cdk.asset-kubectl-v20 Apache-2.0 aws-cdk.asset-node-proxy-agent-v5 Apache-2.0 aws-lambda-powertools MIT License; MIT No Attribution License (MIT-0) aws-solutions-cdk Apache Software License -aws-solutions-python Apache Software License +aws-solutions-python Apache Software License +black MIT License boto3 Apache Software License botocore Apache Software License cattrs MIT License @@ -32,7 +33,7 @@ cdk-nag Apache-2.0 certifi Mozilla Public License 2.0 (MPL 2.0) cffi MIT License charset-normalizer MIT License -click BSD License +Click BSD License constructs Apache-2.0 coverage Apache Software License crhelper Apache Software License @@ -56,8 +57,10 @@ openapi-schema-validator BSD License openapi-spec-validator Apache Software License packaging Apache Software License; BSD License pandas BSD License -pathable Other/Proprietary License -pluggy MIT License +pathable Other/Proprietary License +pipenv MIT License +pluggy MIT License +poetry MIT License publication MIT License pycparser BSD License pyparsing MIT License @@ -75,7 +78,9 @@ rfc3339-validator MIT License rpds-py MIT License s3transfer Apache Software License six MIT License -tomli MIT License +tomli MIT License +tox MIT License +tox-pyenv Apache 2.0 typeguard MIT License types-PyYAML Apache Software License typing_extensions Python Software Foundation License diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh index 80588d1..13205c5 100644 --- a/deployment/build-s3-dist.sh +++ b/deployment/build-s3-dist.sh @@ -1,4 +1,6 @@ #!/bin/bash +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 # # This assumes all of the OS-level configuration has been completed and git repo has already been cloned # diff --git a/deployment/venv_check.py b/deployment/venv_check.py index 30516ed..223943d 100644 --- a/deployment/venv_check.py +++ b/deployment/venv_check.py @@ -1,4 +1,6 @@ #!/usr/bin/env python3 +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 """ This program returns 0 if the current environment is a virtual environment. """ diff --git a/solution-manifest.yaml b/solution-manifest.yaml index b404ba8..5ce438d 100644 --- a/solution-manifest.yaml +++ b/solution-manifest.yaml @@ -1,6 +1,6 @@ id: SO0193 name: amazon-marketing-cloud-insights-on-aws -version: v3.1.0 +version: v3.1.1 cloudformation_templates: - template: amazon-marketing-cloud-insights.template main_template: true diff --git a/source/cdk_solution_helper_py/helpers_common/aws_solutions/extended/resource_lookup.py b/source/cdk_solution_helper_py/helpers_common/aws_solutions/extended/resource_lookup.py index cb54681..f736d8d 100644 --- a/source/cdk_solution_helper_py/helpers_common/aws_solutions/extended/resource_lookup.py +++ b/source/cdk_solution_helper_py/helpers_common/aws_solutions/extended/resource_lookup.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + from aws_solutions.core.helpers import get_aws_region import boto3 diff --git a/source/infrastructure/amc_insights/admin_policy/admin_policy_construct.py b/source/infrastructure/amc_insights/admin_policy/admin_policy_construct.py index c9b33b4..342a1fa 100644 --- a/source/infrastructure/amc_insights/admin_policy/admin_policy_construct.py +++ b/source/infrastructure/amc_insights/admin_policy/admin_policy_construct.py @@ -4,7 +4,7 @@ from constructs import Construct import aws_cdk.aws_iam as iam from aws_cdk import Aws, CfnOutput, Aspects -from aws_solutions.cdk.cfn_nag import add_cfn_nag_suppressions, CfnNagSuppression +from aws_solutions.cdk.cfn_nag import add_cfn_nag_suppressions, CfnNagSuppression, add_cfn_guard_suppressions from amc_insights.condition_aspect import ConditionAspect @@ -263,6 +263,10 @@ def _create_microservice_admin_policy(self): reason="* permissions required for admin using this policy to access all deployed resources/actions through the console.") ] ) + add_cfn_guard_suppressions( + resource=self.microservice_admin_policy.node.default_child, + suppressions=["IAM_POLICY_NON_COMPLIANT_ARN"] + ) def _create_datalake_admin_policy(self): APPLICATION_REGION = Aws.REGION @@ -388,6 +392,10 @@ def _create_datalake_admin_policy(self): reason="Managed Policy is created for Admin User access to the Solution") ] ) + add_cfn_guard_suppressions( + resource=self.datalake_admin_policy.node.default_child, + suppressions=["IAM_POLICY_NON_COMPLIANT_ARN"] + ) def _create_cfn_output(self): admin_policy_link = f''' diff --git a/source/infrastructure/amc_insights/amc_insights_stack.py b/source/infrastructure/amc_insights/amc_insights_stack.py index 6772531..e157b26 100644 --- a/source/infrastructure/amc_insights/amc_insights_stack.py +++ b/source/infrastructure/amc_insights/amc_insights_stack.py @@ -82,7 +82,7 @@ class Microservice: class AMCInsightsStack(SolutionStack): name = "amcinsights" - description = "Amazon Marketing Cloud Insights" + description = "Amazon Marketing Cloud Insights on AWS" template_filename = "amazon-marketing-cloud-insights.template" def __init__(self, scope: Construct, id: str, *args: Any, **kwargs: Any) -> None: diff --git a/source/infrastructure/amc_insights/custom_resource/tenant_provisioning_service/lambdas/scripts/amc-bucket-logs.yaml b/source/infrastructure/amc_insights/custom_resource/tenant_provisioning_service/lambdas/scripts/amc-bucket-logs.yaml index 2648a81..f8d4ca0 100644 --- a/source/infrastructure/amc_insights/custom_resource/tenant_provisioning_service/lambdas/scripts/amc-bucket-logs.yaml +++ b/source/infrastructure/amc_insights/custom_resource/tenant_provisioning_service/lambdas/scripts/amc-bucket-logs.yaml @@ -41,9 +41,6 @@ Resources: - !Sub "arn:aws:s3:::${Bucket}/*" - !GetAtt Bucket.Arn Condition: - ArnLike: - aws:SourceArn: - - "arn:aws:s3:::amc*" StringEquals: aws:SourceAccount: !Sub "${AWS::AccountId}" diff --git a/source/infrastructure/amc_insights/microservices/tenant_provisioning_service/tenant_provisioning_services.py b/source/infrastructure/amc_insights/microservices/tenant_provisioning_service/tenant_provisioning_services.py index 91fcf7f..3fc6f57 100644 --- a/source/infrastructure/amc_insights/microservices/tenant_provisioning_service/tenant_provisioning_services.py +++ b/source/infrastructure/amc_insights/microservices/tenant_provisioning_service/tenant_provisioning_services.py @@ -236,11 +236,7 @@ def create_amc_onboarding_sm(self): "s3:PutObject", # NOSONAR "s3:PutBucketVersioning", ], - resources=[ - "arn:aws:s3:::amc*", - self._solution_buckets.artifacts_bucket.bucket_arn, - f"{self._solution_buckets.artifacts_bucket.bucket_arn}/*" - ], + resources=["*"], conditions={ "StringEquals": { AWS_RESOURCE_ACCOUNT_KEY: [ @@ -555,9 +551,7 @@ def create_amc_onboarding_sm(self): "s3:PutBucketNotification", "s3:GetBucketNotification" ], - resources=[ - "arn:aws:s3:::amc*", - ], + resources=["*"], conditions={ "StringEquals": { AWS_RESOURCE_ACCOUNT_KEY: [ diff --git a/source/infrastructure/cdk.json b/source/infrastructure/cdk.json index 3b8d3da..5b9c6d1 100644 --- a/source/infrastructure/cdk.json +++ b/source/infrastructure/cdk.json @@ -29,7 +29,7 @@ "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, "SOLUTION_NAME": "Amazon Marketing Cloud Insights on AWS", "SOLUTION_ID": "SO0193", - "SOLUTION_VERSION": "v3.1.0", + "SOLUTION_VERSION": "v3.1.1", "METRICS_NAMESPACE": "amcinsights", "BUCKET_NAME": "BUCKET_NAME" } diff --git a/source/infrastructure/data_lake/stages/sdlf_light_transform/sdlf_light_transform.py b/source/infrastructure/data_lake/stages/sdlf_light_transform/sdlf_light_transform.py index af4a4d1..c47d4df 100644 --- a/source/infrastructure/data_lake/stages/sdlf_light_transform/sdlf_light_transform.py +++ b/source/infrastructure/data_lake/stages/sdlf_light_transform/sdlf_light_transform.py @@ -375,10 +375,7 @@ def _create_and_attach_policy_to_lambda_roles(self, team, pipeline, lambda_funct "s3-object-lambda:Get*", "s3-object-lambda:List*" ], - resources=[ - "arn:aws:s3:::amc*", - f"arn:aws:s3:::{self.resource_prefix}*", - ], + resources=["*"], conditions={ "StringEquals": { "aws:ResourceAccount": [ diff --git a/source/pytest.ini b/source/pytest.ini index 463e8b7..12235f6 100644 --- a/source/pytest.ini +++ b/source/pytest.ini @@ -5,7 +5,7 @@ env = SOLUTION_ID=SO9999test SOLUTION_VERSION=v99.99.99 VERSION=v99.99.99 - SOLUTION_NAME=Amazon Marketing Cloud Insights + SOLUTION_NAME=Amazon Marketing Cloud Insights on AWS AWS_REGION=us-east-1 AWS_DEFAULT_REGION=us-east-1 RESOURCE_PREFIX=prefix diff --git a/source/tests/functional_tests/helper/venv_check.py b/source/tests/functional_tests/helper/venv_check.py index 30516ed..f78280c 100644 --- a/source/tests/functional_tests/helper/venv_check.py +++ b/source/tests/functional_tests/helper/venv_check.py @@ -1,4 +1,7 @@ #!/usr/bin/env python3 +############################################################################### +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 """ This program returns 0 if the current environment is a virtual environment. """ diff --git a/source/tests/functional_tests/test_extended_dataset/run-test.sh b/source/tests/functional_tests/test_extended_dataset/run-test.sh index 2a17c8d..dee6bdf 100755 --- a/source/tests/functional_tests/test_extended_dataset/run-test.sh +++ b/source/tests/functional_tests/test_extended_dataset/run-test.sh @@ -150,7 +150,7 @@ echo "-----------------------------------------" cd $deployment_dir -version_code="v3.1.0" +version_code="v3.1.1" build-s3-cdk-dist deploy \ --source-bucket-name $template_bucket_name \ diff --git a/source/tests/functional_tests/test_stack_deploy/run-test.sh b/source/tests/functional_tests/test_stack_deploy/run-test.sh index f552960..ea81cdb 100755 --- a/source/tests/functional_tests/test_stack_deploy/run-test.sh +++ b/source/tests/functional_tests/test_stack_deploy/run-test.sh @@ -140,7 +140,7 @@ echo "TEST STACK SYNTHESIZE & DEPLOY" echo "-----------------------------------------" cd $deployment_dir -version_code="v3.1.0" +version_code="v3.1.1" build-s3-cdk-dist deploy \ --source-bucket-name $template_bucket_name \ --solution-name amcinsights \ diff --git a/source/tests/unit_tests/amc_insights_tests/custom_resource/test_cloudwatch_metrics_report.py b/source/tests/unit_tests/amc_insights_tests/custom_resource/test_cloudwatch_metrics_report.py index 4762ad2..1d1bdb9 100644 --- a/source/tests/unit_tests/amc_insights_tests/custom_resource/test_cloudwatch_metrics_report.py +++ b/source/tests/unit_tests/amc_insights_tests/custom_resource/test_cloudwatch_metrics_report.py @@ -1,3 +1,5 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 # ############################################################################### # PURPOSE: # * Unit test for cloudwatch_matrics/report.py diff --git a/source/tests/unit_tests/data_lake_tests/layers/transforms/test_amc_light_transform.py b/source/tests/unit_tests/data_lake_tests/layers/transforms/test_amc_light_transform.py index fcf6f9a..9f903d8 100644 --- a/source/tests/unit_tests/data_lake_tests/layers/transforms/test_amc_light_transform.py +++ b/source/tests/unit_tests/data_lake_tests/layers/transforms/test_amc_light_transform.py @@ -1,3 +1,5 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 # ############################################################################### # PURPOSE: # * Unit test for amc_light_transform.py diff --git a/source/tests/unit_tests/data_lake_tests/layers/transforms/test_default_heavy_transform.py b/source/tests/unit_tests/data_lake_tests/layers/transforms/test_default_heavy_transform.py index ffbe0a6..c079879 100644 --- a/source/tests/unit_tests/data_lake_tests/layers/transforms/test_default_heavy_transform.py +++ b/source/tests/unit_tests/data_lake_tests/layers/transforms/test_default_heavy_transform.py @@ -1,3 +1,5 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 # ############################################################################### # PURPOSE: # * Unit test for default_heavy_transform.py diff --git a/source/tests/unit_tests/data_lake_tests/layers/transforms/test_reports_light_transform.py b/source/tests/unit_tests/data_lake_tests/layers/transforms/test_reports_light_transform.py index 0e4a9e8..f7a6712 100644 --- a/source/tests/unit_tests/data_lake_tests/layers/transforms/test_reports_light_transform.py +++ b/source/tests/unit_tests/data_lake_tests/layers/transforms/test_reports_light_transform.py @@ -1,3 +1,5 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 # ############################################################################### # PURPOSE: # * Unit test for reports_light_transform.py