Release: 1.5.0

Author: AWS

VERSION

@@ -1 +1 @@
-1.4.2
+1.5.0

modules/aft-customizations/buildspecs/aft-account-customizations-api-helpers.yml

@@ -4,12 +4,13 @@
 version: 0.2
 
 phases:
-  pre_build:
+  install:
+    on-failure: ABORT
     commands:
+      - set -e
+      # Populate Required Variables
       - DEFAULT_PATH=$(pwd)
       - TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
-      - AWS_MODULE_SOURCE=$(aws ssm get-parameter --name "/aft/config/aft-pipeline-code-source/repo-url" --query "Parameter.Value" --output text)
-      - AWS_MODULE_GIT_REF=$(aws ssm get-parameter --name "/aft/config/aft-pipeline-code-source/repo-git-ref" --query "Parameter.Value" --output text)
       - TF_VERSION=$(aws ssm get-parameter --name "/aft/config/terraform/version" --query "Parameter.Value" --output text)
       - TF_DISTRIBUTION=$(aws ssm get-parameter --name "/aft/config/terraform/distribution" --query "Parameter.Value" --output text)
       - CT_MGMT_REGION=$(aws ssm get-parameter --name "/aft/config/ct-management-region" --query "Parameter.Value" --output text)
@@ -19,6 +20,19 @@ phases:
       - AFT_ADMIN_ROLE_NAME=$(aws ssm get-parameter --name /aft/resources/iam/aft-administrator-role-name | jq --raw-output ".Parameter.Value")
       - AFT_ADMIN_ROLE_ARN=arn:aws:iam::$AFT_MGMT_ACCOUNT:role/$AFT_ADMIN_ROLE_NAME
       - ROLE_SESSION_NAME=$(aws ssm get-parameter --name /aft/resources/iam/aft-session-name | jq --raw-output ".Parameter.Value")
+      - |
+        CUSTOMIZATION=$(aws dynamodb get-item --table-name aft-request-metadata --key "{\"id\": {\"S\": \"$VENDED_ACCOUNT_ID\"}}" --attributes-to-get "account_customizations_name" | jq --raw-output ".Item.account_customizations_name.S")
+
+      # Check if customization directory exists
+      - |
+        if [[ ! -d "$DEFAULT_PATH/$CUSTOMIZATION" ]]; then
+          echo "${CUSTOMIZATION} directory does not exist"
+          exit 1
+        else
+          echo "Found customization" $CUSTOMIZATION
+        fi  
+ 
+      # Configure Development SSH Key
       - |
         ssh_key_parameter=$(aws ssm get-parameter --name /aft/config/aft-ssh-key --with-decryption 2> /dev/null || echo "None")
         if [[ $ssh_key_parameter != "None" ]]; then
@@ -32,64 +46,89 @@ phases:
           chmod 600 ~/.ssh/ssh_key
           eval "$(ssh-agent -s)"
           ssh-add ~/.ssh/ssh_key
-        fi
+        fi   
+
+      # Clone AFT
+      - AWS_MODULE_SOURCE=$(aws ssm get-parameter --name "/aft/config/aft-pipeline-code-source/repo-url" --query "Parameter.Value" --output text)
+      - AWS_MODULE_GIT_REF=$(aws ssm get-parameter --name "/aft/config/aft-pipeline-code-source/repo-git-ref" --query "Parameter.Value" --output text)
       - git config --global credential.helper '!aws codecommit credential-helper $@'
       - git config --global credential.UseHttpPath true
-      - git clone -b $AWS_MODULE_GIT_REF $AWS_MODULE_SOURCE aws-aft-core-framework
-      - python3 -m venv ./venv
-      - source ./venv/bin/activate
-      - pip install jinja2-cli==0.7.0 Jinja2==3.0.1 MarkupSafe==2.0.1 boto3==1.18.56 requests==2.26.0
-      - |
-        CUSTOMIZATION=$(aws dynamodb get-item --table-name aft-request-metadata --key "{\"id\": {\"S\": \"$VENDED_ACCOUNT_ID\"}}" --attributes-to-get "account_customizations_name" | jq --raw-output ".Item.account_customizations_name.S")
-      - echo $CUSTOMIZATION
-      - |
-        if [ -d "$CUSTOMIZATION" ]; then
-          echo "Found customization" $CUSTOMIZATION
-          if [ $TF_DISTRIBUTION = "oss" ]; then
-            TF_BACKEND_REGION=$(aws ssm get-parameter --name "/aft/config/oss-backend/primary-region" --query "Parameter.Value" --output text)
-            TF_KMS_KEY_ID=$(aws ssm get-parameter --name "/aft/config/oss-backend/kms-key-id" --query "Parameter.Value" --output text)
-            TF_DDB_TABLE=$(aws ssm get-parameter --name "/aft/config/oss-backend/table-id" --query "Parameter.Value" --output text)
-            TF_S3_BUCKET=$(aws ssm get-parameter --name "/aft/config/oss-backend/bucket-id" --query "Parameter.Value" --output text)
-            TF_S3_KEY=$VENDED_ACCOUNT_ID-aft-account-customizations/terraform.tfstate
-            cd /tmp
-            echo "Installing Terraform"
-            curl -o terraform_${TF_VERSION}_linux_amd64.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
-            unzip -o terraform_${TF_VERSION}_linux_amd64.zip && mv terraform /usr/bin
-            terraform --version
-            cd $DEFAULT_PATH/$CUSTOMIZATION/terraform
-            for f in *.jinja; do jinja2 $f -D timestamp="$TIMESTAMP" -D tf_distribution_type=$TF_DISTRIBUTION -D provider_region=$CT_MGMT_REGION -D region=$TF_BACKEND_REGION -D aft_admin_role_arn=$AFT_EXEC_ROLE_ARN -D target_admin_role_arn=$VENDED_EXEC_ROLE_ARN -D bucket=$TF_S3_BUCKET -D key=$TF_S3_KEY -D dynamodb_table=$TF_DDB_TABLE -D kms_key_id=$TF_KMS_KEY_ID >> ./$(basename $f .jinja).tf; done
-            for f in *.tf; do echo "\n \n"; echo $f; cat $f; done
-            JSON=$(aws sts assume-role --role-arn ${AFT_ADMIN_ROLE_ARN} --role-session-name ${ROLE_SESSION_NAME})
-            #Make newly assumed role default session
-            export AWS_ACCESS_KEY_ID=$(echo ${JSON} | jq --raw-output ".Credentials[\"AccessKeyId\"]")
-            export AWS_SECRET_ACCESS_KEY=$(echo ${JSON} | jq --raw-output ".Credentials[\"SecretAccessKey\"]")
-            export AWS_SESSION_TOKEN=$(echo ${JSON} | jq --raw-output ".Credentials[\"SessionToken\"]")
-            terraform init
-          else
-            TF_BACKEND_REGION=$(aws ssm get-parameter --name "/aft/config/oss-backend/primary-region" --query "Parameter.Value" --output text)
-            TF_ORG_NAME=$(aws ssm get-parameter --name "/aft/config/terraform/org-name" --query "Parameter.Value" --output text)
-            TF_TOKEN=$(aws ssm get-parameter --name "/aft/config/terraform/token" --with-decryption --query "Parameter.Value" --output text)
-            TF_ENDPOINT=$(aws ssm get-parameter --name "/aft/config/terraform/api-endpoint" --query "Parameter.Value" --output text)
-            TF_WORKSPACE_NAME=$VENDED_ACCOUNT_ID-aft-account-customizations
-            TF_CONFIG_PATH="./temp_configuration_file.tar.gz"
-            cd $DEFAULT_PATH/$CUSTOMIZATION/terraform
-            for f in *.jinja; do jinja2 $f -D timestamp="$TIMESTAMP" -D provider_region=$CT_MGMT_REGION -D tf_distribution_type=$TF_DISTRIBUTION -D aft_admin_role_arn=$AFT_EXEC_ROLE_ARN -D target_admin_role_arn=$VENDED_EXEC_ROLE_ARN -D terraform_org_name=$TF_ORG_NAME -D terraform_workspace_name=$TF_WORKSPACE_NAME  >> ./$(basename $f .jinja).tf; done
-            for f in *.tf; do echo "\n \n"; echo $f; cat $f; done
-            cd $DEFAULT_PATH/$CUSTOMIZATION
-            tar -czf temp_configuration_file.tar.gz -C terraform --exclude .git --exclude venv .
-            python3 $DEFAULT_PATH/aws-aft-core-framework/sources/scripts/workspace_manager.py --operation "deploy" --organization_name $TF_ORG_NAME --workspace_name $TF_WORKSPACE_NAME --assume_role_arn $AFT_ADMIN_ROLE_ARN --assume_role_session_name $ROLE_SESSION_NAME --api_endpoint $TF_ENDPOINT --api_token $TF_TOKEN --terraform_version $TF_VERSION --config_file $TF_CONFIG_PATH
-          fi
-        fi
+      - git clone --quiet -b $AWS_MODULE_GIT_REF $AWS_MODULE_SOURCE aws-aft-core-framework
+
+      # Install AFT Python Dependencies
+      - python3 -m venv $DEFAULT_PATH/aft-venv
+      - $DEFAULT_PATH/aft-venv/bin/pip install pip==22.1.2
+      - $DEFAULT_PATH/aft-venv/bin/pip install jinja2-cli==0.7.0 Jinja2==3.0.1 MarkupSafe==2.0.1 boto3==1.18.56 requests==2.26.0
+
+      # Install API Helper Python Dependencies
+      - python3 -m venv $DEFAULT_PATH/api-helpers-venv
+      - $DEFAULT_PATH/api-helpers-venv/bin/pip install -r ./$CUSTOMIZATION/api_helpers/python/requirements.txt
+
+      # Mark helper scripts as executable
+      - chmod +x $DEFAULT_PATH/$CUSTOMIZATION/api_helpers/pre-api-helpers.sh
+      - chmod +x $DEFAULT_PATH/$CUSTOMIZATION/api_helpers/post-api-helpers.sh
+
+      # Generate session profiles
+      - chmod +x $DEFAULT_PATH/aws-aft-core-framework/sources/scripts/creds.sh
+      - $DEFAULT_PATH/aws-aft-core-framework/sources/scripts/creds.sh
+
+
+  pre_build:
+    on-failure: ABORT
+    commands:
+      - source $DEFAULT_PATH/api-helpers-venv/bin/activate
+      - export AWS_PROFILE=aft-target
+      - $DEFAULT_PATH/$CUSTOMIZATION/api_helpers/pre-api-helpers.sh
+      - unset AWS_PROFILE
+
   build:
+    on-failure: ABORT
     commands:
-      - cd $DEFAULT_PATH
+      # Apply Customizations
+      - source $DEFAULT_PATH/aft-venv/bin/activate
       - |
-        if [ -d "$CUSTOMIZATION" ]; then
-          if [ $TF_DISTRIBUTION = "oss" ]; then
-            cd $DEFAULT_PATH/$CUSTOMIZATION/terraform
-            terraform apply --auto-approve
-          fi
+        if [ $TF_DISTRIBUTION = "oss" ]; then
+          TF_BACKEND_REGION=$(aws ssm get-parameter --name "/aft/config/oss-backend/primary-region" --query "Parameter.Value" --output text)
+          TF_KMS_KEY_ID=$(aws ssm get-parameter --name "/aft/config/oss-backend/kms-key-id" --query "Parameter.Value" --output text)
+          TF_DDB_TABLE=$(aws ssm get-parameter --name "/aft/config/oss-backend/table-id" --query "Parameter.Value" --output text)
+          TF_S3_BUCKET=$(aws ssm get-parameter --name "/aft/config/oss-backend/bucket-id" --query "Parameter.Value" --output text)
+          TF_S3_KEY=$VENDED_ACCOUNT_ID-aft-account-customizations/terraform.tfstate
+
+          cd /tmp
+          echo "Installing Terraform"
+          curl -q -o terraform_${TF_VERSION}_linux_amd64.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
+          mkdir -p /opt/aft/bin
+          unzip -q -o terraform_${TF_VERSION}_linux_amd64.zip 
+          mv terraform /opt/aft/bin
+          /opt/aft/bin/terraform --version
+
+          cd $DEFAULT_PATH/$CUSTOMIZATION/terraform
+          for f in *.jinja; do jinja2 $f -D timestamp="$TIMESTAMP" -D tf_distribution_type=$TF_DISTRIBUTION -D provider_region=$CT_MGMT_REGION -D region=$TF_BACKEND_REGION -D aft_admin_role_arn=$AFT_EXEC_ROLE_ARN -D target_admin_role_arn=$VENDED_EXEC_ROLE_ARN -D bucket=$TF_S3_BUCKET -D key=$TF_S3_KEY -D dynamodb_table=$TF_DDB_TABLE -D kms_key_id=$TF_KMS_KEY_ID >> ./$(basename $f .jinja).tf; done
+          for f in *.tf; do echo "\n \n"; echo $f; cat $f; done
+          
+          cd $DEFAULT_PATH/$CUSTOMIZATION/terraform
+          export AWS_PROFILE=aft-management-admin
+          /opt/aft/bin/terraform init
+          /opt/aft/bin/terraform apply --auto-approve
+        else
+          TF_BACKEND_REGION=$(aws ssm get-parameter --name "/aft/config/oss-backend/primary-region" --query "Parameter.Value" --output text)
+          TF_ORG_NAME=$(aws ssm get-parameter --name "/aft/config/terraform/org-name" --query "Parameter.Value" --output text)
+          TF_TOKEN=$(aws ssm get-parameter --name "/aft/config/terraform/token" --with-decryption --query "Parameter.Value" --output text)
+          TF_ENDPOINT=$(aws ssm get-parameter --name "/aft/config/terraform/api-endpoint" --query "Parameter.Value" --output text)
+          TF_WORKSPACE_NAME=$VENDED_ACCOUNT_ID-aft-account-customizations
+          TF_CONFIG_PATH="./temp_configuration_file.tar.gz"
+
+          cd $DEFAULT_PATH/$CUSTOMIZATION/terraform
+          for f in *.jinja; do jinja2 $f -D timestamp="$TIMESTAMP" -D provider_region=$CT_MGMT_REGION -D tf_distribution_type=$TF_DISTRIBUTION -D aft_admin_role_arn=$AFT_EXEC_ROLE_ARN -D target_admin_role_arn=$VENDED_EXEC_ROLE_ARN -D terraform_org_name=$TF_ORG_NAME -D terraform_workspace_name=$TF_WORKSPACE_NAME  >> ./$(basename $f .jinja).tf; done
+          for f in *.tf; do echo "\n \n"; echo $f; cat $f; done
+          
+          cd $DEFAULT_PATH/$CUSTOMIZATION
+          tar -czf temp_configuration_file.tar.gz -C terraform --exclude .git --exclude venv .
+          python3 $DEFAULT_PATH/aws-aft-core-framework/sources/scripts/workspace_manager.py --operation "deploy" --organization_name $TF_ORG_NAME --workspace_name $TF_WORKSPACE_NAME --assume_role_arn $AFT_ADMIN_ROLE_ARN --assume_role_session_name $ROLE_SESSION_NAME --api_endpoint $TF_ENDPOINT --api_token $TF_TOKEN --terraform_version $TF_VERSION --config_file $TF_CONFIG_PATH
         fi
   post_build:
+    on-failure: ABORT
     commands:
-      - echo "Post-Build"
+      - source $DEFAULT_PATH/api-helpers-venv/bin/activate
+      - export AWS_PROFILE=aft-target
+      - $DEFAULT_PATH/$CUSTOMIZATION/api_helpers/post-api-helpers.sh

modules/aft-customizations/buildspecs/aft-account-customizations-terraform.yml

@@ -4,11 +4,21 @@
 version: 0.2
 
 phases:
-  pre_build:
+  install:
     commands:
+      - set -e
+      # Populate Required Variables
       - DEFAULT_PATH=$(pwd)
-      - AWS_MODULE_SOURCE=$(aws ssm get-parameter --name $SSM_AWS_MODULE_SOURCE --query "Parameter.Value" --output text)
-      - AWS_MODULE_GIT_REF=$(aws ssm get-parameter --name $SSM_AWS_MODULE_GIT_REF --query "Parameter.Value" --output text)
+      - TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
+      - TF_S3_BUCKET=$(aws ssm get-parameter --name $SSM_TF_S3_BUCKET --query "Parameter.Value" --output text)
+      - TF_S3_KEY=$VENDED_ACCOUNT_ID-customizations-pipeline/terraform.tfstate
+      - TF_BACKEND_REGION=$(aws ssm get-parameter --name $SSM_TF_BACKEND_REGION --query "Parameter.Value" --output text)
+      - TF_KMS_KEY_ID=$(aws ssm get-parameter --name $SSM_TF_KMS_KEY_ID --query "Parameter.Value" --output text)
+      - TF_DDB_TABLE=$(aws ssm get-parameter --name $SSM_TF_DDB_TABLE --query "Parameter.Value" --output text)
+      - TF_VERSION=$(aws ssm get-parameter --name $SSM_TF_VERSION --query "Parameter.Value" --output text)
+
+
+      # Configure Development SSH Key
       - |
         ssh_key_parameter=$(aws ssm get-parameter --name /aft/config/aft-ssh-key --with-decryption 2> /dev/null || echo "None")
         if [[ $ssh_key_parameter != "None" ]]; then
@@ -23,34 +33,40 @@ phases:
           eval "$(ssh-agent -s)"
           ssh-add ~/.ssh/ssh_key
         fi
-      - TF_S3_BUCKET=$(aws ssm get-parameter --name $SSM_TF_S3_BUCKET --query "Parameter.Value" --output text)
-      - TF_S3_KEY=$VENDED_ACCOUNT_ID-customizations-pipeline/terraform.tfstate
-      - TF_BACKEND_REGION=$(aws ssm get-parameter --name $SSM_TF_BACKEND_REGION --query "Parameter.Value" --output text)
-      - TF_KMS_KEY_ID=$(aws ssm get-parameter --name $SSM_TF_KMS_KEY_ID --query "Parameter.Value" --output text)
-      - TF_DDB_TABLE=$(aws ssm get-parameter --name $SSM_TF_DDB_TABLE --query "Parameter.Value" --output text)
-      - TF_VERSION=$(aws ssm get-parameter --name $SSM_TF_VERSION --query "Parameter.Value" --output text)
+
+      # Clone AFT
+      - AWS_MODULE_SOURCE=$(aws ssm get-parameter --name $SSM_AWS_MODULE_SOURCE --query "Parameter.Value" --output text)
+      - AWS_MODULE_GIT_REF=$(aws ssm get-parameter --name $SSM_AWS_MODULE_GIT_REF --query "Parameter.Value" --output text)
       - git config --global credential.helper '!aws codecommit credential-helper $@'
       - git config --global credential.UseHttpPath true
-      - git clone -b $AWS_MODULE_GIT_REF $AWS_MODULE_SOURCE aws-aft-core-framework
-      - chmod +x ./aws-aft-core-framework/sources/scripts/creds.sh
-      - ./aws-aft-core-framework/sources/scripts/creds.sh --aft-mgmt
-      - TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
+      - git clone --quiet -b $AWS_MODULE_GIT_REF $AWS_MODULE_SOURCE aws-aft-core-framework
+
+      # Generate session profiles
+      - chmod +x $DEFAULT_PATH/aws-aft-core-framework/sources/scripts/creds.sh
+      - $DEFAULT_PATH/aws-aft-core-framework/sources/scripts/creds.sh
+
+      # Install Terraform
       - cd /tmp
       - echo "Installing Terraform"
-      - curl -o terraform_${TF_VERSION}_linux_amd64.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
-      - unzip -o terraform_${TF_VERSION}_linux_amd64.zip && mv terraform /usr/bin
+      - curl -q -o terraform_${TF_VERSION}_linux_amd64.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
+      - unzip -q -o terraform_${TF_VERSION}_linux_amd64.zip && mv terraform /usr/bin
       - terraform --version
-      - cd $DEFAULT_PATH
-      - cd ./aws-aft-core-framework/sources/aft-customizations-common/templates/customizations_pipeline
+
+      # Install Python Dependencies
       - python3 -m venv ./venv
       - source ./venv/bin/activate
+      - pip install pip==22.1.2
       - pip install jinja2-cli==0.7.0 Jinja2==3.0.1
+
+  pre_build:
+    on-failure: ABORT
+    commands:
+      - cd $DEFAULT_PATH/aws-aft-core-framework/sources/aft-customizations-common/templates/customizations_pipeline
       - for f in *.jinja; do jinja2 $f -D timestamp="$TIMESTAMP" -D region=$TF_BACKEND_REGION -D bucket=$TF_S3_BUCKET -D key=$TF_S3_KEY -D dynamodb_table=$TF_DDB_TABLE -D kms_key_id=$TF_KMS_KEY_ID >> $(basename $f .jinja).tf; done
       - for f in *.tf; do echo "\n \n"; echo $f; cat $f; done
-      - terraform init
   build:
+    on-failure: ABORT
     commands:
+      - export AWS_PROFILE=aft-management-admin
+      - terraform init
       - terraform apply -var="account_id=$VENDED_ACCOUNT_ID" --auto-approve
-  post_build:
-    commands:
-      - echo "Post-Build"