feat: updated namespace definition. Namespace only gets set once. No longer creating one for each stage as this doesn't change.

Created new  templates for shared infra, splitting namespaces from images bucket.
Updated templates with references to SSM parameters.

Author: sliedig

unicorn_contracts/integration/event-schemas.yaml

@@ -20,7 +20,7 @@ Resources:
     Properties:
       Description: 'Event schemas for Unicorn Contracts'
       RegistryName:
-        Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}-${Stage}"
+        Fn::Sub: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}-${Stage}"
 
   EventRegistryPolicy:
     Type: AWS::EventSchemas::RegistryPolicy

unicorn_contracts/integration/subscriber-policies.yaml

@@ -47,6 +47,6 @@ Resources:
             "events:creatorAccount": "${aws:PrincipalAccount}"
           StringEquals:
             "events:source":
-              - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+              - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
           "Null":
             "events:source": "false"

unicorn_contracts/template.yaml

@@ -54,18 +54,18 @@ Globals:
     Environment:
       Variables:
         DYNAMODB_TABLE: !Ref ContractsTable
-        SERVICE_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
-        POWERTOOLS_SERVICE_NAME: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+        SERVICE_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
+        POWERTOOLS_SERVICE_NAME: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
         POWERTOOLS_TRACE_DISABLED: "false" # Explicitly disables tracing, default
         POWERTOOLS_LOGGER_LOG_EVENT: !If [IsProd, "false", "true"] # Logs incoming event, default
         POWERTOOLS_LOGGER_SAMPLE_RATE: !If [IsProd, "0.1", "0"] # Debug log sampling percentage, default
-        POWERTOOLS_METRICS_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+        POWERTOOLS_METRICS_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
         POWERTOOLS_LOG_LEVEL: INFO # Log level for Logger (INFO, DEBUG, etc.), default
         LOG_LEVEL: INFO # Log level for Logger
     Tags:
       stage: !Ref Stage
       project: !FindInMap [Constants, ProjectName, Value]
-      namespace: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+      namespace: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
 
 Resources:
   #### SSM PARAMETERS
@@ -148,7 +148,7 @@ Resources:
       Tags:
         stage: !Ref Stage
         project: !FindInMap [Constants, ProjectName, Value]
-        namespace: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+        namespace: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
 
   UnicornContractsApiLogGroup:
     Type: AWS::Logs::LogGroup
@@ -216,7 +216,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
 
   #### DEAD LETTER QUEUES
   # DeadLetterQueue for UnicornContractsIngestQueue. Contains messages that failed to be processed
@@ -234,7 +234,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
 
   #### DYNAMODB TABLE
   # Persist Contracts information in DynamoDB
@@ -258,7 +258,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
 
   #### EVENT BUS
   # Event bus for Unicorn Contract Service used to publish and consume events
@@ -283,7 +283,7 @@ Resources:
         Condition:
           StringEquals:
             events:source:
-              - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+              - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
 
   # Catchall rule used for development purposes.
   UnicornContractsCatchAllRule:
@@ -296,9 +296,9 @@ Resources:
         account:
           - !Ref AWS::AccountId
         source:
-          - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
-          - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
-          - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}"
       State: ENABLED #You may want to disable this rule in production
       Targets:
         - Arn: !GetAtt UnicornContractsCatchAllLogGroup.Arn
@@ -313,7 +313,7 @@ Resources:
       LogGroupName: !Sub
         - "/aws/events/${Stage}/${NS}-catchall"
         - Stage: !Ref Stage
-          NS: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+          NS: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
       RetentionInDays: !FindInMap
         - LogsRetentionPeriodMap
         - !Ref Stage
@@ -374,7 +374,7 @@ Resources:
       Target: !GetAtt UnicornContractsEventBus.Arn
       TargetParameters:
         EventBridgeEventBusParameters:
-          Source: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+          Source: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
           DetailType: ContractStatusChanged
         InputTemplate: !ToJsonString
           property_id: "<$.dynamodb.NewImage.property_id.S>"
@@ -430,7 +430,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
 
   #### CLOUDFORMATION NESTED STACKS
   # CloudFormation Stack with the Contracts Service Event Registry and Schemas

unicorn_properties/integration/event-schemas.yaml

@@ -18,7 +18,7 @@ Resources:
     Properties: 
       Description: 'Event schemas for Unicorn Properties'
       RegistryName:
-        Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}-${Stage}"
+        Fn::Sub: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}-${Stage}"
 
   EventRegistryPolicy:
     Type: AWS::EventSchemas::RegistryPolicy

unicorn_properties/integration/subscriber-policies.yaml

@@ -46,6 +46,6 @@ Resources:
             "events:creatorAccount": "${aws:PrincipalAccount}"
           StringEquals:
             "events:source":
-              - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+              - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
           "Null":
             "events:source": "false"

unicorn_properties/integration/subscriptions.yaml

@@ -23,7 +23,7 @@ Resources:
         Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsEventBusArn}}"
       EventPattern:
         source:
-          - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
         detail-type:
           - ContractStatusChanged
       State: ENABLED
@@ -32,7 +32,7 @@ Resources:
           Arn:
             Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}"
           RoleArn:
-            Fn::GetAtt: UnicornPropertiesSubscriptionRole.Arn
+            Fn::GetAtt: [ UnicornPropertiesSubscriptionRole, Arn ]
 
   #### UNICORN WEB EVENT SUBSCRIPTIONS
   PublicationApprovalRequestedSubscriptionRule:
@@ -44,7 +44,7 @@ Resources:
         Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebEventBusArn}}"
       EventPattern:
         source:
-          - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}"
         detail-type:
           - PublicationApprovalRequested
       State: ENABLED
@@ -53,7 +53,7 @@ Resources:
           Arn:
             Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}"
           RoleArn:
-            Fn::GetAtt: UnicornPropertiesSubscriptionRole.Arn
+            Fn::GetAtt: [ UnicornPropertiesSubscriptionRole, Arn ]
 
 
   # This IAM role allows EventBridge to assume the permissions necessary to send events 
@@ -81,9 +81,9 @@ Outputs:
   ContractStatusChangedSubscription:
     Description: Rule ARN for Contract service event subscription
     Value:
-      Fn::GetAtt: ContractStatusChangedSubscriptionRule.Arn
+      Fn::GetAtt: [ ContractStatusChangedSubscriptionRule, Arn ]
 
   PublicationApprovalRequestedSubscription:
     Description: Rule ARN for Web service event subscription
     Value:
-      Fn::GetAtt: PublicationApprovalRequestedSubscriptionRule.Arn
+      Fn::GetAtt: [ PublicationApprovalRequestedSubscriptionRule, Arn ]

unicorn_properties/template.yaml

@@ -54,18 +54,18 @@ Globals:
       Variables:
         CONTRACT_STATUS_TABLE: !Ref ContractStatusTable
         EVENT_BUS: !Ref UnicornPropertiesEventBus
-        SERVICE_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
-        POWERTOOLS_SERVICE_NAME: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+        SERVICE_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+        POWERTOOLS_SERVICE_NAME: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
         POWERTOOLS_TRACE_DISABLED: "false" # Explicitly disables tracing, default
         POWERTOOLS_LOGGER_LOG_EVENT: !If [IsProd, "false", "true"] # Logs incoming event, default
         POWERTOOLS_LOGGER_SAMPLE_RATE: !If [IsProd, "0.1", "0"] # Debug log sampling percentage, default
-        POWERTOOLS_METRICS_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+        POWERTOOLS_METRICS_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
         POWERTOOLS_LOG_LEVEL: INFO # Log level for Logger (INFO, DEBUG, etc.), default
         LOG_LEVEL: INFO # Log level for Logger
     Tags:
       stage: !Ref Stage
       project: !FindInMap [Constants, ProjectName, Value]
-      namespace: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+      namespace: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
 
 Resources:
   #### SSM PARAMETERS
@@ -104,7 +104,7 @@ Resources:
             EventBusName: !GetAtt UnicornPropertiesEventBus.Name
             Pattern:
               source:
-                - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
+                - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
               detail-type:
                 - ContractStatusChanged
             RetryPolicy:
@@ -277,7 +277,7 @@ Resources:
             EventBusName: !GetAtt UnicornPropertiesEventBus.Name
             Pattern:
               source:
-                - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}"
+                - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}"
               detail-type:
                 - PublicationApprovalRequested
             RetryPolicy:
@@ -292,7 +292,7 @@ Resources:
         ContentIntegrityValidator: !GetAtt ContentIntegrityValidatorFunction.Arn
         ImageUploadBucketName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/ImagesBucket}}"
         EventBusName: !GetAtt UnicornPropertiesEventBus.Name
-        ServiceName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+        ServiceName: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
 
   # Store ApprovalStateMachineLogGroup workflow execution logs
   ApprovalStateMachineLogGroup:
@@ -316,7 +316,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
         - Key: stage
           Value: !Ref Stage
 
@@ -332,7 +332,7 @@ Resources:
         - Key: project
           Value: !FindInMap [Constants, ProjectName, Value]
         - Key: namespace
-          Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
         - Key: stage
           Value: !Ref Stage
 
@@ -355,7 +355,7 @@ Resources:
         - Key: project
           Value: !FindInMap [ Constants, ProjectName, Value ]
         - Key: namespace
-          Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+          Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
         - Key: stage
           Value: !Ref Stage
 
@@ -382,7 +382,7 @@ Resources:
         Condition:
           StringEquals:
             events:source:
-              - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+              - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
 
   # Catchall rule used for development purposes. Logs all events matching any of the services to CloudWatch Logs
   UnicornPropertiesCatchAllRule:
@@ -395,9 +395,9 @@ Resources:
         account:
           - !Ref AWS::AccountId
         source:
-          - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
-          - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
-          - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
+          - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}"
       State: ENABLED #You may want to disable this rule in production
       Targets:
         - Arn: !GetAtt UnicornPropertiesCatchAllLogGroup.Arn
@@ -412,7 +412,7 @@ Resources:
       LogGroupName: !Sub
         - "/aws/events/${Stage}/${NS}-catchall"
         - Stage: !Ref Stage
-          NS: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}"
+          NS: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}"
       RetentionInDays: !FindInMap [LogsRetentionPeriodMap, !Ref Stage, Days]
 
   # Permissions to allow EventBridge to send logs to CloudWatch

unicorn_shared/Makefile

@@ -0,0 +1,34 @@
+.ONESHELL:
+
+ENVIRONMENTS = local dev prod
+
+.PHONY: deploy-namespaces deploy-images delete-namespaces delete-images
+
+deploy-namespaces:  ## Deploys global Unicorn Properties namespaces for all Stages
+	aws cloudformation create-stack --stack-name uni-prop-namespaces --template-body file://uni-prop-namespaces.yaml --capabilities CAPABILITY_AUTO_EXPAND
+
+deploy-images:  	## Deploys shared images stack for local dev prod stages
+	@for env in $(ENVIRONMENTS); do \
+		stage=$$env; \
+		if ! aws cloudformation describe-stacks --stack-name "uni-prop-$$env-images" >/dev/null 2>&1; then \
+			echo "Creating shared images stack for $$env environment"; \
+			aws cloudformation create-stack \
+				--stack-name "uni-prop-$$env-images" \
+				--template-body file://uni-prop-images.yaml \
+				--parameters ParameterKey=Stage,ParameterValue=$$stage \
+				--capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND || echo "Stack creation failed!"; \
+		fi; \
+	done
+
+delete-namespaces: ## Depletes Unicorn Properties namespaces
+	aws cloudformation delete-stack --stack-name uni-prop-namespaces
+
+delete-images: ## Deletes all shared images stacks
+	@for env in $(ENVIRONMENTS); do \
+			stage=$$env; \
+			if aws cloudformation describe-stacks --stack-name "uni-prop-$$env-images" >/dev/null 2>&1; then \
+				echo "Deleting shared images stack for $$env environment"; \
+				aws cloudformation delete-stack \
+					--stack-name "uni-prop-$$env-images"; \
+			fi; \
+		done