From 4d460b57cd47156027e6805cb9812cb9fa15bc7c Mon Sep 17 00:00:00 2001 From: Stephen Liedig Date: Thu, 11 Jan 2024 22:09:51 +0800 Subject: [PATCH 1/5] chore: updated git ignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 8ec6b06..a5170c6 100755 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ **/.aws-sam/ .vscode/* .vscode/settings.json +**/cdk.out/ \ No newline at end of file From 50cfaa6f0af2abdf1a4f0f69f3c3c748d2c02097 Mon Sep 17 00:00:00 2001 From: Stephen Liedig Date: Fri, 12 Jan 2024 09:30:30 +0800 Subject: [PATCH 2/5] fix: minor policy updates for nested stacks --- unicorn_contracts/template.yaml | 8 ++++++-- unicorn_properties/template.yaml | 11 +++++++++-- unicorn_web/template.yaml | 10 ++++++++-- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/unicorn_contracts/template.yaml b/unicorn_contracts/template.yaml index 4606ccc..7394679 100644 --- a/unicorn_contracts/template.yaml +++ b/unicorn_contracts/template.yaml @@ -12,10 +12,10 @@ Metadata: config: ignore_checks: - ES4000 # Rule disabled because the CatchAll Rule doesn't need a DLQ - - ES6000 # Rule disabled because SQS DLOs don't need a RedrivePolicy + - ES6000 # Rule disabled because SQS DLQs don't need a RedrivePolicy - WS2001 # Rule disabled because check does not support !ToJsonString transform - ES1001 # Rule disabled because our Lambda functions don't need DestinationConfig.OnFailure - - W3002 + - W3002 # Rule disabled as nested templates are being packaged Parameters: Stage: @@ -438,6 +438,8 @@ Resources: # CloudFormation Stack with the Contracts Service Event Registry and Schemas EventSchemasStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Properties: Location: "integration/event-schemas.yaml" Parameters: @@ -446,6 +448,8 @@ Resources: # CloudFormation Stack with the Cross-service EventBus policy for Contracts Service SubscriberPoliciesStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete DependsOn: - UnicornContractsEventBusNameParam Properties: diff --git a/unicorn_properties/template.yaml b/unicorn_properties/template.yaml index d4a6c0c..21e268c 100644 --- a/unicorn_properties/template.yaml +++ b/unicorn_properties/template.yaml @@ -12,10 +12,11 @@ Metadata: config: ignore_checks: - ES4000 # Rule disabled because the CatchAll Rule doesn't need a DLQ - - ES6000 # Rule disabled because SQS DLOs don't need a RedrivePolicy + - ES6000 # Rule disabled because SQS DLQs don't need a RedrivePolicy - E0001 # Rule disabled because cfn-lint cannot parse SAM Policy templates without arguments (ComprehendBasicAccessPolicy, RekognitionDetectOnlyPolicy) - WS2001 # Rule disabled because check does not support !ToJsonString transform - ES1001 # Rule disabled because our Lambda functions don't need DestinationConfig.OnFailure + - W3002 # Rule disabled as nested templates are being packaged Parameters: Stage: @@ -270,7 +271,7 @@ Resources: Level: ALL IncludeExecutionData: true Events: - PubApproReqEvent: + PublicationApprovalRequestedEvent: Type: EventBridgeRule Properties: RuleName: unicorn.properties-PublicationApprovalRequested @@ -448,6 +449,8 @@ Resources: # CloudFormation Stack with the Properties Service Event Registry and Schemas EventSchemasStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Properties: Location: "integration/event-schemas.yaml" Parameters: @@ -456,6 +459,8 @@ Resources: # CloudFormation Stack with the Cross-service EventBus policy for Properties Service SubscriberPoliciesStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete DependsOn: - UnicornPropertiesEventBusNameParam Properties: @@ -466,6 +471,8 @@ Resources: # CloudFormation Stack with the Cross-service EventBus Rules for Properties Service SubscriptionsStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete DependsOn: - UnicornPropertiesEventBusArnParam Properties: diff --git a/unicorn_web/template.yaml b/unicorn_web/template.yaml index e0809bd..798ec23 100644 --- a/unicorn_web/template.yaml +++ b/unicorn_web/template.yaml @@ -12,10 +12,10 @@ Metadata: config: ignore_checks: - ES4000 # Rule disabled because the CatchAll Rule doesn't need a DLQ - - ES6000 # Rule disabled because SQS DLOs don't need a RedrivePolicy + - ES6000 # Rule disabled because SQS DLQs don't need a RedrivePolicy - WS2001 # Rule disabled because check does not support !ToJsonString transform - ES1001 # Rule disabled because our Lambda functions don't need DestinationConfig.OnFailure - - W3002 + - W3002 # Rule disabled as nested templates are being packaged Parameters: Stage: @@ -424,6 +424,8 @@ Resources: # CloudFormation Stack with the Web Service Event Registry and Schemas EventSchemasStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete Properties: Location: "integration/event-schemas.yaml" Parameters: @@ -432,6 +434,8 @@ Resources: # CloudFormation Stack with the Cross-service EventBus policy for Web Service SubscriberPoliciesStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete DependsOn: - UnicornWebEventBusParam Properties: @@ -442,6 +446,8 @@ Resources: # CloudFormation Stack with the Cross-service EventBus Rules for Web Service SubscriptionsStack: Type: AWS::Serverless::Application + UpdateReplacePolicy: Delete + DeletionPolicy: Delete DependsOn: - UnicornWebEventBusArnParam Properties: From 1a811b7e5159541f9abb5e7aef8b688311bacb15 Mon Sep 17 00:00:00 2001 From: Stephen Liedig Date: Mon, 15 Jan 2024 15:38:20 +0800 Subject: [PATCH 3/5] feat: updated namespace definition. Namespace only gets set once. No longer creating one for each stage as this doesn't change. Created new templates for shared infra, splitting namespaces from images bucket. Updated templates with references to SSM parameters. --- .../integration/event-schemas.yaml | 2 +- .../integration/subscriber-policies.yaml | 2 +- unicorn_contracts/template.yaml | 30 +++++----- .../integration/event-schemas.yaml | 2 +- .../integration/subscriber-policies.yaml | 2 +- .../integration/subscriptions.yaml | 12 ++-- unicorn_properties/template.yaml | 30 +++++----- unicorn_shared/Makefile | 34 +++++++++++ unicorn_shared/samconfig.yaml | 16 ------ .../{template.yaml => uni-prop-images.yaml} | 54 +++++++----------- unicorn_shared/uni-prop-namespaces.yaml | 56 +++++++++++++++++++ unicorn_web/integration/event-schemas.yaml | 2 +- .../integration/subscriber-policies.yaml | 2 +- unicorn_web/integration/subscriptions.yaml | 2 +- unicorn_web/template.yaml | 26 ++++----- 15 files changed, 167 insertions(+), 105 deletions(-) create mode 100644 unicorn_shared/Makefile delete mode 100644 unicorn_shared/samconfig.yaml rename unicorn_shared/{template.yaml => uni-prop-images.yaml} (79%) create mode 100644 unicorn_shared/uni-prop-namespaces.yaml diff --git a/unicorn_contracts/integration/event-schemas.yaml b/unicorn_contracts/integration/event-schemas.yaml index d68042e..e5e4fe5 100644 --- a/unicorn_contracts/integration/event-schemas.yaml +++ b/unicorn_contracts/integration/event-schemas.yaml @@ -20,7 +20,7 @@ Resources: Properties: Description: 'Event schemas for Unicorn Contracts' RegistryName: - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}-${Stage}" + Fn::Sub: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}-${Stage}" EventRegistryPolicy: Type: AWS::EventSchemas::RegistryPolicy diff --git a/unicorn_contracts/integration/subscriber-policies.yaml b/unicorn_contracts/integration/subscriber-policies.yaml index b76065e..3307c04 100644 --- a/unicorn_contracts/integration/subscriber-policies.yaml +++ b/unicorn_contracts/integration/subscriber-policies.yaml @@ -47,6 +47,6 @@ Resources: "events:creatorAccount": "${aws:PrincipalAccount}" StringEquals: "events:source": - - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" "Null": "events:source": "false" diff --git a/unicorn_contracts/template.yaml b/unicorn_contracts/template.yaml index 7394679..e35b899 100644 --- a/unicorn_contracts/template.yaml +++ b/unicorn_contracts/template.yaml @@ -54,19 +54,19 @@ Globals: Environment: Variables: DYNAMODB_TABLE: !Ref ContractsTable - SERVICE_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + SERVICE_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" POWERTOOLS_LOGGER_CASE: PascalCase - POWERTOOLS_SERVICE_NAME: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + POWERTOOLS_SERVICE_NAME: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" POWERTOOLS_TRACE_DISABLED: "false" # Explicitly disables tracing, default POWERTOOLS_LOGGER_LOG_EVENT: !If [IsProd, "false", "true"] # Logs incoming event, default POWERTOOLS_LOGGER_SAMPLE_RATE: !If [IsProd, "0.1", "0"] # Debug log sampling percentage, default - POWERTOOLS_METRICS_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + POWERTOOLS_METRICS_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" POWERTOOLS_LOG_LEVEL: INFO # Log level for Logger (INFO, DEBUG, etc.), default LOG_LEVEL: INFO # Log level for Logger Tags: stage: !Ref Stage project: !FindInMap [Constants, ProjectName, Value] - namespace: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + namespace: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" Resources: #### SSM PARAMETERS @@ -149,7 +149,7 @@ Resources: Tags: stage: !Ref Stage project: !FindInMap [Constants, ProjectName, Value] - namespace: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + namespace: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" # API GW Cloudwatch Log Group UnicornContractsApiLogGroup: @@ -218,7 +218,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" #### DEAD LETTER QUEUES # DeadLetterQueue for UnicornContractsIngestQueue. Contains messages that failed to be processed @@ -236,7 +236,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" #### DYNAMODB TABLE # Persist Contracts information in DynamoDB @@ -260,7 +260,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" #### EVENT BUS # Event bus for Unicorn Contract Service used to publish and consume events @@ -285,7 +285,7 @@ Resources: Condition: StringEquals: events:source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" # Catchall rule used for development purposes. UnicornContractsCatchAllRule: @@ -298,9 +298,9 @@ Resources: account: - !Ref AWS::AccountId source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" State: ENABLED #You may want to disable this rule in production Targets: - Arn: !GetAtt UnicornContractsCatchAllLogGroup.Arn @@ -315,7 +315,7 @@ Resources: LogGroupName: !Sub - "/aws/events/${Stage}/${NS}-catchall" - Stage: !Ref Stage - NS: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + NS: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" RetentionInDays: !FindInMap - LogsRetentionPeriodMap - !Ref Stage @@ -376,7 +376,7 @@ Resources: Target: !GetAtt UnicornContractsEventBus.Arn TargetParameters: EventBridgeEventBusParameters: - Source: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + Source: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" DetailType: ContractStatusChanged InputTemplate: !ToJsonString property_id: "<$.dynamodb.NewImage.property_id.S>" @@ -432,7 +432,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" #### CLOUDFORMATION NESTED STACKS # CloudFormation Stack with the Contracts Service Event Registry and Schemas diff --git a/unicorn_properties/integration/event-schemas.yaml b/unicorn_properties/integration/event-schemas.yaml index 535978b..e5e62db 100644 --- a/unicorn_properties/integration/event-schemas.yaml +++ b/unicorn_properties/integration/event-schemas.yaml @@ -18,7 +18,7 @@ Resources: Properties: Description: 'Event schemas for Unicorn Properties' RegistryName: - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}-${Stage}" + Fn::Sub: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}-${Stage}" EventRegistryPolicy: Type: AWS::EventSchemas::RegistryPolicy diff --git a/unicorn_properties/integration/subscriber-policies.yaml b/unicorn_properties/integration/subscriber-policies.yaml index 9742307..265c6d4 100644 --- a/unicorn_properties/integration/subscriber-policies.yaml +++ b/unicorn_properties/integration/subscriber-policies.yaml @@ -46,6 +46,6 @@ Resources: "events:creatorAccount": "${aws:PrincipalAccount}" StringEquals: "events:source": - - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" "Null": "events:source": "false" diff --git a/unicorn_properties/integration/subscriptions.yaml b/unicorn_properties/integration/subscriptions.yaml index 1001e7d..6569e12 100644 --- a/unicorn_properties/integration/subscriptions.yaml +++ b/unicorn_properties/integration/subscriptions.yaml @@ -23,7 +23,7 @@ Resources: Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsEventBusArn}}" EventPattern: source: - - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" detail-type: - ContractStatusChanged State: ENABLED @@ -32,7 +32,7 @@ Resources: Arn: Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}" RoleArn: - Fn::GetAtt: UnicornPropertiesSubscriptionRole.Arn + Fn::GetAtt: [ UnicornPropertiesSubscriptionRole, Arn ] #### UNICORN WEB EVENT SUBSCRIPTIONS PublicationApprovalRequestedSubscriptionRule: @@ -44,7 +44,7 @@ Resources: Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebEventBusArn}}" EventPattern: source: - - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" detail-type: - PublicationApprovalRequested State: ENABLED @@ -53,7 +53,7 @@ Resources: Arn: Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}" RoleArn: - Fn::GetAtt: UnicornPropertiesSubscriptionRole.Arn + Fn::GetAtt: [ UnicornPropertiesSubscriptionRole, Arn ] # This IAM role allows EventBridge to assume the permissions necessary to send events @@ -81,9 +81,9 @@ Outputs: ContractStatusChangedSubscription: Description: Rule ARN for Contract service event subscription Value: - Fn::GetAtt: ContractStatusChangedSubscriptionRule.Arn + Fn::GetAtt: [ ContractStatusChangedSubscriptionRule, Arn ] PublicationApprovalRequestedSubscription: Description: Rule ARN for Web service event subscription Value: - Fn::GetAtt: PublicationApprovalRequestedSubscriptionRule.Arn + Fn::GetAtt: [ PublicationApprovalRequestedSubscriptionRule, Arn ] diff --git a/unicorn_properties/template.yaml b/unicorn_properties/template.yaml index 21e268c..65b4b50 100644 --- a/unicorn_properties/template.yaml +++ b/unicorn_properties/template.yaml @@ -54,19 +54,19 @@ Globals: Variables: CONTRACT_STATUS_TABLE: !Ref ContractStatusTable EVENT_BUS: !Ref UnicornPropertiesEventBus - SERVICE_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + SERVICE_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" POWERTOOLS_LOGGER_CASE: PascalCase - POWERTOOLS_SERVICE_NAME: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + POWERTOOLS_SERVICE_NAME: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" POWERTOOLS_TRACE_DISABLED: "false" # Explicitly disables tracing, default POWERTOOLS_LOGGER_LOG_EVENT: !If [IsProd, "false", "true"] # Logs incoming event, default POWERTOOLS_LOGGER_SAMPLE_RATE: !If [IsProd, "0.1", "0"] # Debug log sampling percentage, default - POWERTOOLS_METRICS_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + POWERTOOLS_METRICS_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" POWERTOOLS_LOG_LEVEL: INFO # Log level for Logger (INFO, DEBUG, etc.), default LOG_LEVEL: INFO # Log level for Logger Tags: stage: !Ref Stage project: !FindInMap [Constants, ProjectName, Value] - namespace: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + namespace: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" Resources: #### SSM PARAMETERS @@ -105,7 +105,7 @@ Resources: EventBusName: !GetAtt UnicornPropertiesEventBus.Name Pattern: source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" detail-type: - ContractStatusChanged RetryPolicy: @@ -278,7 +278,7 @@ Resources: EventBusName: !GetAtt UnicornPropertiesEventBus.Name Pattern: source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" detail-type: - PublicationApprovalRequested RetryPolicy: @@ -293,7 +293,7 @@ Resources: ContentIntegrityValidator: !GetAtt ContentIntegrityValidatorFunction.Arn ImageUploadBucketName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/ImagesBucket}}" EventBusName: !GetAtt UnicornPropertiesEventBus.Name - ServiceName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + ServiceName: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" # Store ApprovalStateMachineLogGroup workflow execution logs ApprovalStateMachineLogGroup: @@ -317,7 +317,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" - Key: stage Value: !Ref Stage @@ -333,7 +333,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" - Key: stage Value: !Ref Stage @@ -356,7 +356,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" - Key: stage Value: !Ref Stage @@ -383,7 +383,7 @@ Resources: Condition: StringEquals: events:source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" # Catchall rule used for development purposes. Logs all events matching any of the services to CloudWatch Logs UnicornPropertiesCatchAllRule: @@ -396,9 +396,9 @@ Resources: account: - !Ref AWS::AccountId source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" State: ENABLED #You may want to disable this rule in production Targets: - Arn: !GetAtt UnicornPropertiesCatchAllLogGroup.Arn @@ -413,7 +413,7 @@ Resources: LogGroupName: !Sub - "/aws/events/${Stage}/${NS}-catchall" - Stage: !Ref Stage - NS: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + NS: "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" RetentionInDays: !FindInMap [LogsRetentionPeriodMap, !Ref Stage, Days] # Permissions to allow EventBridge to send logs to CloudWatch diff --git a/unicorn_shared/Makefile b/unicorn_shared/Makefile new file mode 100644 index 0000000..ffc3833 --- /dev/null +++ b/unicorn_shared/Makefile @@ -0,0 +1,34 @@ +.ONESHELL: + +ENVIRONMENTS = local dev prod + +.PHONY: deploy-namespaces deploy-images delete-namespaces delete-images + +deploy-namespaces: ## Deploys global Unicorn Properties namespaces for all Stages + aws cloudformation create-stack --stack-name uni-prop-namespaces --template-body file://uni-prop-namespaces.yaml --capabilities CAPABILITY_AUTO_EXPAND + +deploy-images: ## Deploys shared images stack for local dev prod stages + @for env in $(ENVIRONMENTS); do \ + stage=$$env; \ + if ! aws cloudformation describe-stacks --stack-name "uni-prop-$$env-images" >/dev/null 2>&1; then \ + echo "Creating shared images stack for $$env environment"; \ + aws cloudformation create-stack \ + --stack-name "uni-prop-$$env-images" \ + --template-body file://uni-prop-images.yaml \ + --parameters ParameterKey=Stage,ParameterValue=$$stage \ + --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND || echo "Stack creation failed!"; \ + fi; \ + done + +delete-namespaces: ## Depletes Unicorn Properties namespaces + aws cloudformation delete-stack --stack-name uni-prop-namespaces + +delete-images: ## Deletes all shared images stacks + @for env in $(ENVIRONMENTS); do \ + stage=$$env; \ + if aws cloudformation describe-stacks --stack-name "uni-prop-$$env-images" >/dev/null 2>&1; then \ + echo "Deleting shared images stack for $$env environment"; \ + aws cloudformation delete-stack \ + --stack-name "uni-prop-$$env-images"; \ + fi; \ + done diff --git a/unicorn_shared/samconfig.yaml b/unicorn_shared/samconfig.yaml deleted file mode 100644 index b77e6c9..0000000 --- a/unicorn_shared/samconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -version: 0.1 - -default: - global: - parameters: - stack_name: uni-prop-local-shared - s3_prefix: uni-prop-local-shared - resolve_s3: true - deploy: - parameters: - confirm_changeset: false - fail_on_empty_changeset: false - on_failure: ROLLBACK - capabilities: CAPABILITY_IAM - parameter_overrides: - - "Stage=local" diff --git a/unicorn_shared/template.yaml b/unicorn_shared/uni-prop-images.yaml similarity index 79% rename from unicorn_shared/template.yaml rename to unicorn_shared/uni-prop-images.yaml index ef2e1b3..ecd14dd 100644 --- a/unicorn_shared/template.yaml +++ b/unicorn_shared/uni-prop-images.yaml @@ -1,11 +1,14 @@ -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: MIT-0 AWSTemplateFormatVersion: "2010-09-09" -Transform: - - AWS::Serverless-2016-10-31 +Transform: AWS::Serverless-2016-10-31 Description: > - Base infrastructure that will set up the central event bus and S3 image upload bucket. + Base infrastructure that will set up the central event bus and S3 image upload bucket per stage. +Metadata: + cfn-lint: + config: + ignore_checks: + - ES6000 + - WS1004 Parameters: Stage: @@ -16,12 +19,11 @@ Parameters: - dev - prod - Globals: Function: Timeout: 15 Runtime: python3.11 - MemorySize: 128 + MemorySize: 512 Tracing: Active Architectures: - arm64 @@ -30,30 +32,11 @@ Globals: project: AWS Serverless Developer Experience service: Unicorn Base Infrastructure - Resources: + #### SSM PARAMETERS - # Service Namespaces - UnicornContractsNamespaceParam: - Type: AWS::SSM::Parameter - Properties: - Type: String - Name: !Sub /uni-prop/${Stage}/UnicornContractsNamespace - Value: "unicorn.contracts" - UnicornPropertiesNamespaceParam: - Type: AWS::SSM::Parameter - Properties: - Type: String - Name: !Sub /uni-prop/${Stage}/UnicornPropertiesNamespace - Value: "unicorn.properties" - UnicornWebNamespaceParam: - Type: AWS::SSM::Parameter - Properties: - Type: String - Name: !Sub /uni-prop/${Stage}/UnicornWebNamespace - Value: "unicorn.web" - # Images S3 Bucket + UnicornPropertiesImagesBucketParam: Type: AWS::SSM::Parameter Properties: @@ -61,19 +44,18 @@ Resources: Name: !Sub /uni-prop/${Stage}/ImagesBucket Value: !Ref UnicornPropertiesImagesBucket - #### S3 PROPERTY IMAGES BUCKET UnicornPropertiesImagesBucket: Type: AWS::S3::Bucket Properties: - BucketName: !Sub uni-prop-${Stage}-images-${AWS::AccountId} - + BucketName: !Sub "uni-prop-${Stage}-images-${AWS::AccountId}-${AWS::Region}" #### IMAGE UPLOAD CUSTOM RESOURCE FUNCTION ImageUploadFunction: Type: AWS::Serverless::Function Properties: Handler: index.lambda_handler + Runtime: python3.11 Policies: - S3CrudPolicy: BucketName: !Ref UnicornPropertiesImagesBucket @@ -111,7 +93,7 @@ Resources: print('file unzipped') - # upload to s3 + #### upload to s3 for root,_,files in os.walk('/tmp/property_images'): for file in files: print(f"file: {os.path.join(root, file)}") @@ -131,6 +113,12 @@ Resources: except Exception as e: print(e) cfnresponse.send(event, context, cfnresponse.SUCCESS, dict()) + ImageUploadFunctionLogGroup: + Type: AWS::Logs::LogGroup + DeletionPolicy: Delete + UpdateReplacePolicy: Delete + Properties: + LogGroupName: !Sub "/aws/lambda/${ImageUploadFunction}" ImageUpload: Type: Custom::ImageUpload @@ -138,7 +126,7 @@ Resources: ServiceToken: !GetAtt ImageUploadFunction.Arn DestinationBucket: !Ref UnicornPropertiesImagesBucket -# OUTPUTS Outputs: ImageUploadBucketName: Value: !Ref UnicornPropertiesImagesBucket + Description: "S3 bucket for property images" \ No newline at end of file diff --git a/unicorn_shared/uni-prop-namespaces.yaml b/unicorn_shared/uni-prop-namespaces.yaml new file mode 100644 index 0000000..55602fb --- /dev/null +++ b/unicorn_shared/uni-prop-namespaces.yaml @@ -0,0 +1,56 @@ +AWSTemplateFormatVersion: "2010-09-09" +Transform: AWS::Serverless-2016-10-31 +Description: > + Global namespaces for Unicorn Properties applications and services. + This only needs to be deployed once. + + +Resources: + + UnicornContractsNamespaceParam: + Type: AWS::SSM::Parameter + Properties: + Type: String + Name: !Sub /uni-prop/UnicornContractsNamespace + Value: "unicorn.contracts" + + UnicornPropertiesNamespaceParam: + Type: AWS::SSM::Parameter + Properties: + Type: String + Name: !Sub /uni-prop/UnicornPropertiesNamespace + Value: "unicorn.properties" + + UnicornWebNamespaceParam: + Type: AWS::SSM::Parameter + Properties: + Type: String + Name: !Sub /uni-prop/UnicornWebNamespace + Value: "unicorn.web" + + +Outputs: + + UnicornContractsNamespace: + Description: Unicorn Contracts namespace parameter + Value: !Ref UnicornContractsNamespaceParam + + UnicornPropertiesNamespace: + Description: Unicorn Properties namespace parameter + Value: !Ref UnicornPropertiesNamespaceParam + + UnicornWebNamespace: + Description: Unicorn Web namespace parameter + Value: !Ref UnicornWebNamespaceParam + + UnicornContractsNamespaceVale: + Description: Unicorn Contracts namespace parameter value + Value: !GetAtt UnicornContractsNamespaceParam.Value + + UnicornPropertiesNamespaceValue: + Description: Unicorn Properties namespace parameter value + Value: !GetAtt UnicornPropertiesNamespaceParam.Value + + UnicornWebNamespaceValue: + Description: Unicorn Web namespace parameter value + Value: !GetAtt UnicornWebNamespaceParam.Value \ No newline at end of file diff --git a/unicorn_web/integration/event-schemas.yaml b/unicorn_web/integration/event-schemas.yaml index f627d0d..dcc3ae0 100644 --- a/unicorn_web/integration/event-schemas.yaml +++ b/unicorn_web/integration/event-schemas.yaml @@ -18,7 +18,7 @@ Resources: Properties: Description: 'Event schemas for Unicorn Web' RegistryName: - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}-${Stage}" + Fn::Sub: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}-${Stage}" EventRegistryPolicy: Type: AWS::EventSchemas::RegistryPolicy diff --git a/unicorn_web/integration/subscriber-policies.yaml b/unicorn_web/integration/subscriber-policies.yaml index 53eb14b..88c485f 100644 --- a/unicorn_web/integration/subscriber-policies.yaml +++ b/unicorn_web/integration/subscriber-policies.yaml @@ -46,6 +46,6 @@ Resources: "events:creatorAccount": "${aws:PrincipalAccount}" StringEquals: "events:source": - - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" "Null": "events:source": "false" diff --git a/unicorn_web/integration/subscriptions.yaml b/unicorn_web/integration/subscriptions.yaml index 014c8c0..b8f6cd7 100644 --- a/unicorn_web/integration/subscriptions.yaml +++ b/unicorn_web/integration/subscriptions.yaml @@ -23,7 +23,7 @@ Resources: Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesEventBusArn}}" EventPattern: source: - - Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" detail-type: - PublicationEvaluationCompleted State: ENABLED diff --git a/unicorn_web/template.yaml b/unicorn_web/template.yaml index 798ec23..196abcc 100644 --- a/unicorn_web/template.yaml +++ b/unicorn_web/template.yaml @@ -55,19 +55,19 @@ Globals: Variables: DYNAMODB_TABLE: !Ref WebTable EVENT_BUS: !Ref UnicornWebEventBus - SERVICE_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + SERVICE_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" POWERTOOLS_LOGGER_CASE: PascalCase - POWERTOOLS_SERVICE_NAME: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + POWERTOOLS_SERVICE_NAME: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" POWERTOOLS_TRACE_DISABLED: "false" # Explicitly disables tracing, default POWERTOOLS_LOGGER_LOG_EVENT: !If [IsProd, "false", "true"] # Logs incoming event, default POWERTOOLS_LOGGER_SAMPLE_RATE: !If [IsProd, "0.1", "0"] # Debug log sampling percentage, default - POWERTOOLS_METRICS_NAMESPACE: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + POWERTOOLS_METRICS_NAMESPACE: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" POWERTOOLS_LOG_LEVEL: INFO # Log level for Logger (INFO, DEBUG, etc.), default LOG_LEVEL: INFO # Log level for Logger Tags: stage: !Ref Stage project: !FindInMap [Constants, ProjectName, Value] - namespace: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + namespace: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" Resources: #### SSM PARAMETERS @@ -157,7 +157,7 @@ Resources: EventBusName: !Ref UnicornWebEventBus Pattern: source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" detail-type: - PublicationEvaluationCompleted @@ -285,7 +285,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" # DeadLetterQueue for UnicornWebIngestQueue. Contains messages that failed to be processed UnicornWebIngestDLQ: @@ -302,7 +302,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" ##### DYNAMODB # Persists Property details in DynamoDB @@ -326,7 +326,7 @@ Resources: - Key: project Value: !FindInMap [Constants, ProjectName, Value] - Key: namespace - Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + Value: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" - Key: stage Value: !Ref Stage @@ -353,7 +353,7 @@ Resources: Condition: StringEquals: events:source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" # Catchall rule used for development purposes. UnicornWebCatchAllRule: @@ -371,9 +371,9 @@ Resources: account: - !Ref AWS::AccountId source: - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}" - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornPropertiesNamespace}}" - - !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornContractsNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornPropertiesNamespace}}" + - "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" State: ENABLED #You may want to disable this rule in production Targets: - Arn: !GetAtt UnicornWebCatchAllLogGroup.Arn @@ -388,7 +388,7 @@ Resources: LogGroupName: !Sub - "/aws/events/${Stage}/${NS}-catchall" - Stage: !Ref Stage - NS: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebNamespace}}" + NS: "{{resolve:ssm:/uni-prop/UnicornWebNamespace}}" RetentionInDays: !FindInMap [LogsRetentionPeriodMap, !Ref Stage, Days] # Permissions to allow EventBridge to send logs to CloudWatch From abe50e5fb8690fadfa7836c4232daff5f18be20b Mon Sep 17 00:00:00 2001 From: Stephen Liedig Date: Mon, 22 Jan 2024 16:53:24 +0800 Subject: [PATCH 4/5] fix: standardizing on double quotes for yaml strings --- unicorn_contracts/template.yaml | 2 +- unicorn_properties/integration/event-schemas.yaml | 2 +- unicorn_properties/integration/subscriber-policies.yaml | 2 +- unicorn_properties/integration/subscriptions.yaml | 2 +- unicorn_properties/template.yaml | 2 +- unicorn_web/integration/event-schemas.yaml | 2 +- unicorn_web/integration/subscriber-policies.yaml | 2 +- unicorn_web/integration/subscriptions.yaml | 4 ++-- unicorn_web/template.yaml | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/unicorn_contracts/template.yaml b/unicorn_contracts/template.yaml index e35b899..ff15bc0 100644 --- a/unicorn_contracts/template.yaml +++ b/unicorn_contracts/template.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: "2010-09-09" Transform: - AWS::LanguageExtensions - AWS::Serverless-2016-10-31 diff --git a/unicorn_properties/integration/event-schemas.yaml b/unicorn_properties/integration/event-schemas.yaml index e5e62db..1064bf4 100644 --- a/unicorn_properties/integration/event-schemas.yaml +++ b/unicorn_properties/integration/event-schemas.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Description: Event Schemas for use by the Properties Service Parameters: diff --git a/unicorn_properties/integration/subscriber-policies.yaml b/unicorn_properties/integration/subscriber-policies.yaml index 265c6d4..6dfd3b2 100644 --- a/unicorn_properties/integration/subscriber-policies.yaml +++ b/unicorn_properties/integration/subscriber-policies.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Description: > Defines the event bus policies that determine who can create rules on the event bus to subscribe to events published by Unicorn Properties Service. diff --git a/unicorn_properties/integration/subscriptions.yaml b/unicorn_properties/integration/subscriptions.yaml index 6569e12..100ecf8 100644 --- a/unicorn_properties/integration/subscriptions.yaml +++ b/unicorn_properties/integration/subscriptions.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Description: Defines the rule for the events (subscriptions) that Unicorn Properties wants to consume. Parameters: diff --git a/unicorn_properties/template.yaml b/unicorn_properties/template.yaml index 65b4b50..bb2d537 100644 --- a/unicorn_properties/template.yaml +++ b/unicorn_properties/template.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: "2010-09-09" Transform: - AWS::LanguageExtensions - AWS::Serverless-2016-10-31 diff --git a/unicorn_web/integration/event-schemas.yaml b/unicorn_web/integration/event-schemas.yaml index dcc3ae0..7df038c 100644 --- a/unicorn_web/integration/event-schemas.yaml +++ b/unicorn_web/integration/event-schemas.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Description: 'Event Schemas for use by the Web Service' Parameters: diff --git a/unicorn_web/integration/subscriber-policies.yaml b/unicorn_web/integration/subscriber-policies.yaml index 88c485f..b8ddc4d 100644 --- a/unicorn_web/integration/subscriber-policies.yaml +++ b/unicorn_web/integration/subscriber-policies.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Description: > Defines the event bus policies that determine who can create rules on the event bus to subscribe to events published by Unicorn Web Service. diff --git a/unicorn_web/integration/subscriptions.yaml b/unicorn_web/integration/subscriptions.yaml index b8f6cd7..756124a 100644 --- a/unicorn_web/integration/subscriptions.yaml +++ b/unicorn_web/integration/subscriptions.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: "2010-09-09" Description: Defines the rule for the events (subscriptions) that Unicorn Web wants to consume. Parameters: @@ -59,4 +59,4 @@ Outputs: PublicationEvaluationCompletedSubscription: Description: Rule ARN for Property service event subscription Value: - Fn::GetAtt: PublicationEvaluationCompletedSubscriptionRule.Arn + Fn::GetAtt: [ PublicationEvaluationCompletedSubscriptionRule, Arn ] diff --git a/unicorn_web/template.yaml b/unicorn_web/template.yaml index 196abcc..c63a36a 100644 --- a/unicorn_web/template.yaml +++ b/unicorn_web/template.yaml @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: "2010-09-09" Transform: - AWS::LanguageExtensions - AWS::Serverless-2016-10-31 From 5ee6c99ed3412f57c89d4075cf60529fa52c9f17 Mon Sep 17 00:00:00 2001 From: Stephen Liedig Date: Mon, 22 Jan 2024 22:58:03 +0800 Subject: [PATCH 5/5] fix: missed updates and sync with cookiecutters --- unicorn_web/integration/subscriptions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unicorn_web/integration/subscriptions.yaml b/unicorn_web/integration/subscriptions.yaml index 756124a..baa7d01 100644 --- a/unicorn_web/integration/subscriptions.yaml +++ b/unicorn_web/integration/subscriptions.yaml @@ -32,7 +32,7 @@ Resources: Arn: Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornWebEventBusArn}}" RoleArn: - Fn::GetAtt: UnicornPropertiesEventBusToUnicornWebEventBusRole.Arn + Fn::GetAtt: [ UnicornPropertiesEventBusToUnicornWebEventBusRole, Arn ] # This IAM role allows EventBridge to assume the permissions necessary to send events # from the publishing event bus, to the subscribing event bus (UnicornWebEventBusArn)