The AWS Deployment Framework (ADF) is an extensive and flexible framework to manage and deploy resources across multiple AWS accounts and regions based on AWS Organizations.
Apache License 2.0
668
stars
226
forks
source link
Add /adf params prefix and other SSM Parameter improvements #695
When installing ADF the first time, the global IAM bootstrap stack that gets
deployed is sourced from the adf-bootstrap/global-iam.yml.
The reason for this behaviour is the absence of the global-iam.yml file
in the deployment OU bootstrap folder
(adf-bootstrap/deployment/global-iam.yml).
It iterates to the parent directory until it finds a global-iam.yml to
deploy. Hence, when the adf-bootstrap/global-iam.yml gets deployed in the
deployment account, it was looking for the deployment_account_id SSM
parameter. That did not get deployed in the deployment account.
Pytest failures were ignored due to a change in the Makefile
used to execute tests. The ADF CI GitHub Workflow would result in a
success, even when a test case failed.
Some of the parameters ADF created would be placed in the
root of the SSM Parameter Store while others were neatly located in the /adf path.
What?
Add the creation of the deployment_account_id in the deployment account,
so if the global IAM bootstrap stack failed to deploy before, it will work
in the next release. This would be the case if the previous deployment failed
but the same aws-deployment-framework-bootstrap repository is used in the
upgrade.
When installing the first time, it creates the bootstrap repository.
At the time of creation, it will copy the
adf-bootstrap/deployment/example-global-iam.yml to
adf-bootstrap/deployment/global-iam.yml.
The same logic as how ADF creates the initial adf-bootstrap/global-iam.yml.
Fixed by exiting on the first failure using Makefile foreach instead.
Add a /adf/ prefix to parameter names to ease access management and making
it easier to distinguish ADF parameters from other solutions.
To enable upgrades, the account handler function that performs the lookup
or creation of the deployment account is updated to rely on the
AWS Organizations API to check if there are any deployment accounts in the
/deployment organization unit path.
Upon an update, it will use the AWS account if only one is in that specific OU.
If there are more, it will error and instruct the user to move unnecessary
accounts out of the /deployment organization unit first and try again.
Refactor master references to management or main.
Fix default_scm_codecommit_account_id and other scm related params under the /adf/scm path. Changed param name to underscores for consistency.
By submitting this pull request, I confirm that you can use, modify, copy, and
redistribute this contribution, under the terms of your choice.
Why?
Issues: #659 and #594.
When installing ADF the first time, the global IAM bootstrap stack that gets deployed is sourced from the
adf-bootstrap/global-iam.yml.The reason for this behaviour is the absence of the
global-iam.ymlfile in the deployment OU bootstrap folder (adf-bootstrap/deployment/global-iam.yml).It iterates to the parent directory until it finds a
global-iam.ymlto deploy. Hence, when theadf-bootstrap/global-iam.ymlgets deployed in the deployment account, it was looking for thedeployment_account_idSSM parameter. That did not get deployed in the deployment account.Pytest failures were ignored due to a change in the Makefile used to execute tests. The ADF CI GitHub Workflow would result in a success, even when a test case failed.
Some of the parameters ADF created would be placed in the root of the SSM Parameter Store while others were neatly located in the
/adfpath.What?
deployment_account_idin the deployment account, so if the global IAM bootstrap stack failed to deploy before, it will work in the next release. This would be the case if the previous deployment failed but the sameaws-deployment-framework-bootstraprepository is used in the upgrade.adf-bootstrap/deployment/example-global-iam.ymltoadf-bootstrap/deployment/global-iam.yml. The same logic as how ADF creates the initialadf-bootstrap/global-iam.yml.Fixed by exiting on the first failure using Makefile foreach instead.
Add a
/adf/prefix to parameter names to ease access management and making it easier to distinguish ADF parameters from other solutions.To enable upgrades, the account handler function that performs the lookup or creation of the deployment account is updated to rely on the AWS Organizations API to check if there are any deployment accounts in the
/deploymentorganization unit path.Upon an update, it will use the AWS account if only one is in that specific OU. If there are more, it will error and instruct the user to move unnecessary accounts out of the
/deploymentorganization unit first and try again.Refactor master references to management or main.
Fix default_scm_codecommit_account_id and other scm related params under the /adf/scm path. Changed param name to underscores for consistency.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.