Release: 2.3.0

Author: AWS

.github/ISSUE_TEMPLATE/documentation-improvements.md

@@ -1,5 +1,7 @@
-*Issue #, if available:*
+# Contributing to Customizations for AWS Control Tower (CfCT).
 
-*Description of changes:*
+Thank you for your interest in contributing to Customizations for AWS Control Tower (CfCT).
+
+At this time, we are not accepting contributions. If contributions are accepted in the future, Customizations for AWS Control Tower (CfCT) is released under the [Apache license](http://aws.amazon.com/apache2.0/) and any code submitted will be released under that license.
 
 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,38 +1,26 @@
+# Development
 .DS_Store
 .idea/
 *.pyc
+*.so
 .eggs
 *.egg-info
 .cache
 *.sonarlint
-source/tests/__pycache__/
-source/lib/__pycache__/
+.python-version
+__pycache__
+.pytest_cache
+
+# Ignore virtual environments
+venv
+.venv
+testing-venv
+
+# Ignore installed dependencies
+dist
+source/src/build
+
+/deployment/open-source
 /deployment/state_machines/sample_events/
-/source/scratch/
-/source/bin/build_scripts/CHANGELOG.json
 /deployment/global-s3-assets/
-/deployment/regional-s3-assets/
-/source/parse*
-/source/dateutil/
-/source/python_dateutil*
-/source/docutils*
-/source/futures-*
-/source/jmespath*
-/source/concurrent/
-/source/s3transfer*
-/source/six-*
-/source/urllib3*
-/source/six.py
-/source/chardet*
-/source/certifi*
-/source/idna*
-/source/requests*
-/source/yorm*
-/source/yaml*
-/source/jinja2*
-/source/markupsafe*
-/source/simplejson*
-/source/PyYAML*
-/source/_yaml/
-/source/pathlib2-2.3.6.dist-info/
-/source/pathlib2/
+/deployment/regional-s3-assets/

.gitignore

@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.3.0] - 2022-04-20
+- Pinned version for MarkupSafe dependency to 2.0.1 due to https://github.com/pallets/jinja/issues/1585
+- Pinned version of Amazon Corretto to java-1.8.0-amazon-corretto-jdk due to https://github.com/aws-solutions/aws-control-tower-customizations/issues/102
+- Moved python code into its own package
+- Building the solution from source now requires Python 3.6 or higher
+- Customers should now download the [Customizations for AWS Control Tower CloudFormation Template](https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/customizations-for-aws-control-tower.template) from GitHub instead of S3
+
 ## [2.2.0] - 2021-12-09
 ### Added 
 - Added support for organization Root as an OU for manifest schema version "2021-03-15". [#8](https://github.com/aws-solutions/aws-control-tower-customizations/pull/8)

CHANGELOG.md

@@ -1,61 +1,5 @@
-# Contributing Guidelines 
- 
-Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 
-documentation, we greatly value feedback and contributions from our community. 
- 
-Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 
-information to effectively respond to your bug report or contribution. 
- 
- 
-## Reporting Bugs/Feature Requests 
- 
-We welcome you to use the GitHub issue tracker to report bugs or suggest features. 
- 
-When filing an issue, please check [existing open](https://github.com/aws-solutions/aws-control-tower-customizations/issues), or [recently closed](https://github.com/aws-solutions/aws-control-tower-customizations/issues?q=is%3Aissue+is%3Aclosed), issues to make sure somebody else hasn't already 
-reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 
- 
-* A reproducible test case or series of steps 
-* The version of our code being used 
-* Any modifications you've made relevant to the bug 
-* Anything unusual about your environment or deployment 
- 
- 
-## Contributing via Pull Requests 
-Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 
- 
-1. You are working against the latest source on the *main* branch. 
-2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 
-3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 
- 
-To send us a pull request, please: 
- 
-1. Fork the repository. 
-2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 
-3. Ensure local tests pass. 
-4. Commit to your fork using clear commit messages. 
-5. Send us a pull request, answering any default questions in the pull request interface. 
-6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 
- 
-GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 
-[creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 
- 
- 
-## Finding contributions to work on 
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/aws-control-tower-customizations/labels/help%20wanted) issues is a great place to start. 
- 
- 
-## Code of Conduct 
-This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
-For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
-opensource-codeofconduct@amazon.com with any additional questions or comments. 
- 
- 
-## Security issue notifications 
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 
- 
- 
-## Licensing 
-See the [LICENSE](https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 
- 
- 
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes. 
+# Contributing to Customizations for AWS Control Tower (CfCT).
+
+Thank you for your interest in contributing to Customizations for AWS Control Tower (CfCT).
+
+At this time, we are not accepting contributions. If contributions are accepted in the future, Customizations for AWS Control Tower (CfCT) is released under the [Apache license](http://aws.amazon.com/apache2.0/) and any code submitted will be released under that license.

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment based on AWS best practices. Customers can easily add customizations to their AWS Control Tower landing zone using an AWS CloudFormation template and service control policies (SCPs). Customers can deploy their custom template and policies to both individual accounts and organizational units (OUs) within their organization. Customizations for AWS Control Tower integrates with AWS Control Tower lifecycle events to ensure that resource deployments stay in sync with the customer's landing zone. For example, when a new account is created using the AWS Control Tower account factory, the solution ensures that all resources attached to the account's OUs will be automatically deployed. Before deploying this solution, customers need to have an AWS Control Tower landing zone deployed in their account.
 
 ## Getting Started 
-To get started with the Customizations for AWS Control Tower solution, please review the [solution documentation](https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/)
+To get started with Customizations for AWS Control Tower, please review the [documentation](https://docs.aws.amazon.com/controltower/latest/userguide/customize-landing-zone.html)
 
 ## Running unit tests for customization 
 * Clone the repository, then make the desired code changes 
@@ -14,20 +14,26 @@ chmod +x ./deployment/run-unit-tests.sh
 ``` 
 
 ## Building the customized solution
+* Building the solution from source requires Python 3.6 or higher
 * Configure the solution name, version number and bucket name of your target Amazon S3 distribution bucket 
+
 ``` 
 export DIST_OUTPUT_BUCKET_PREFIX=my-bucket-prefix # Prefix for the S3 bucket where customized code will be stored 
 export TEMPLATE_OUTPUT_BUCKET=my-bucket-name # Name for the S3 bucket where the template will be stored
-export SOLUTION_NAME= my-solution-name # name of the solution (e.g. customizations-for-aws-control-tower)
+export SOLUTION_NAME=my-solution-name # name of the solution (e.g. customizations-for-aws-control-tower)
 export VERSION=my-version # version number for the customized code  (e.g. 2.1.0)
-export REGION=aws-region-code # the AWS region to test the solution (e.g. us-east-1)
-``` 
-_Note:_ You would need to create one global bucket and one regional bucket. The global bucket TEMPLATE_OUTPUT_BUCKET, for example "my-bucket-name", is used to store the AWS CloudFormation template. The regional bucket $DIST_OUTPUT_BUCKET_PREFIX-$REGION, for example "my-bucket-name-us-east-1", is used to store your customized source code zip packages (lambda code). The solution's CloudFormation template will expect the source code to be located in a bucket matching that name. Also, the assets in bucket should be publicly accessible.
- 
+```
+
+* Update pip version to latest
+```
+python3 -m pip install -U pip
+```
+
+
 * Now build the distributable
 ``` 
-chmod +x ./build-s3-dist.sh
-./build-s3-dist.sh $DIST_OUTPUT_BUCKET_PREFIX $TEMPLATE_OUTPUT_BUCKET $SOLUTION_NAME $VERSION
+chmod +x ./deployment/build-s3-dist.sh
+./deployment/build-s3-dist.sh $DIST_OUTPUT_BUCKET_PREFIX $TEMPLATE_OUTPUT_BUCKET $SOLUTION_NAME $VERSION
 ``` 
 
 * Upload the distributable to an Amazon S3 bucket in your account.
@@ -46,54 +52,11 @@ chmod +x ./build-s3-dist.sh
 * Get the link of the custom-control-tower-initiation.template loaded to your Amazon S3 bucket. 
 * Deploy the Customizations for AWS Control Tower solution to your account by launching a new AWS CloudFormation stack using the link of the custom-control-tower-initiation.template.
 
-## File Structure
-The  File structure of the Customizations for AWS Control Tower solution consists of a deployment directory that contains AWS CloudFormation template and build scripts, and a source directory that contains python source code.
-
-```
-customizations-for-aws-control-tower
-├── deployment
-│   ├── build-s3-dist.sh                            [ shell script for packaging distribution assets ]
-│   ├── run-unit-tests.sh                           [ shell script for executing unit tests ]
-│   ├── custom-control-tower-initiation.template    [ solution CloudFormation deployment template ]
-│   └── custom_control_tower_configuration          [ custom configuration examples ]
-│       └── example-configuration
-└── source  
-    ├── aws                                         [ AWS services APIs and other utils used in the solution]
-    ├── bin                                         
-    │   ├── build_scripts                           [ python scripts for packaging the source code ]
-    │   └── codebuild_scripts                       [ shell and python scripts for codebuild project ]
-    ├── manifest                                    [ python code for processing manifest file]
-    ├── metrics                                     [ python code for sending anonymous solution operatioal metrics]
-    ├── tests                                       [ unit tests ]
-    ├── utils                                       [ dependencies used in the solution ]
-    ├── validation                                  [ shell and python scripts for validating manifest schema and cfn template]
-    ├── config_deployer.py                          [ Python code used by lambda to deploy configurations at solution deployment]
-    ├── lifecycle_event_handler.py                  [ Python code used by lambda to process AWS Control Tower lifecycle event]
-    ├── state_machine_handler.py                    [ Python code used by state machine to deploy SCPs and StackSets]
-    ├── state_machine_router.py                     [ Python code used by lambda to invoke state machine functions]
-    └── state_machine_trigger.py                    [ Python code used by CodePipeline to trigger state machine]
-```
-
-Below shows the file structure of a custom configuration package which can be found in the github source code. Note that this is an example, therefore file path, folder and file names can be modified by customers to match what is defined in the manifest file.
-
-```
-custom_control_tower_configuration
-├── manifest.yaml                       [ custom configuration file. Required ]
-├── parameters                        
-│   ├── create-ssm-parameter-keys-1.json   [ json file one containing input parameters used in the template file, if any. Optional ]
-│   └── create-ssm-parameter-keys-2.json   [ json file two containing input parameters used in the template file, if any. Optional ]
-├── policies
-│   └── preventive-guardrails.json             [ json file containing service control policies (preventive guardrails). required for SCPs ] 
-└── templates
-    ├── create-ssm-parameter-keys-1.template  [ CloudFormation template one for creating ssm parameter resources. required for StackSet ] 
-    └── create-ssm-parameter-keys-2.template  [ CloudFormation template two for creating ssm parameter resources. required for StackSet ] 
-```   
-***
 
 ## Collection of operational metrics
 
-This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/customizations-for-aws-control-tower/appendix-b.html).
+This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [documentation here](https://docs.aws.amazon.com/controltower/latest/userguide/cfct-metrics.html).
 
 ## License
 
-See license [here](https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/LICENSE.txt) 
+See license [here](https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/LICENSE.txt)