From 7b5ffc70bcbd32099a4d27f68998255e04e85dd2 Mon Sep 17 00:00:00 2001 From: Andreas Falkenberg Date: Fri, 5 Jan 2024 17:31:10 +0100 Subject: [PATCH 1/8] feat: add multi-org generate_params.py --- .../adf-build/shared/generate_params.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py index 3521d9b37..37251b5a0 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py @@ -118,6 +118,7 @@ class PipelineDefinition(TypedDict): DEPLOYMENT_ACCOUNT_REGION = os.environ["AWS_REGION"] PROJECT_NAME = os.environ["ADF_PROJECT_NAME"] EMPTY_PARAMS_DICT: ParametersAndTags = {'Parameters': {}, 'Tags': {}} +ADF_ORG_STAGE = os.getenv("ADF_ORG_STAGE", "dev") class Parameters: @@ -229,6 +230,7 @@ def create_parameter_files(self) -> None: i.e. "/devsecops/security_eu-west-1" 1. f"{organization_unit_path}" i.e. "/devsecops/security" 1. f"{global}_{region}" i.e. "global_eu-west-1" + 1. f"{global}_{stage}" i.e. "global_dev" 1. f"{global}" i.e. "global" It will then generate a JSON file that holds all the parameters per @@ -299,6 +301,15 @@ def create_parameter_files(self) -> None: ), current_params ) + # Compare account_region final to global_stage + adf_org_stage = ADF_ORG_STAGE # Fetch from Environ for Start + current_params = self._merge_params( + Parameters._parse( + params_root_path=self.cwd, + params_filename=f"global_{adf_org_stage}", + ), + current_params + ) # Compare account_region final to global current_params = self._merge_params( Parameters._parse( From e7a7d331b8d7d370e799a7c29ab28d212742077b Mon Sep 17 00:00:00 2001 From: Andreas Falkenberg Date: Fri, 19 Jan 2024 08:13:58 +0100 Subject: [PATCH 2/8] fix: update docs --- docs/user-guide.md | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index 68aa763a4..e2471a56f 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -646,13 +646,16 @@ each account under that OU. deployment map as a target. If only the account number is in the deployment map the corresponding OU parameter file will not be referenced. + + ```txt global.yml -└───deployment_account_region.yml (e.g. global_eu-west-1.yml) - └───ou.yml (e.g. ou-1a2b-3c4d5e.yml) - └───ou_region.yml (e.g. ou-1a2b-3c4d5e_eu-west-1.yml) - └───account.yml (e.g. dev-account-1.yml) - └───account_region.yml (e.g. dev-account-1_eu-west-1.yml) +└───deployment_org_stage.yml (e.g. global_dev.yml) + └───deployment_account_region.yml (e.g. global_eu-west-1.yml) + └───ou.yml (e.g. ou-1a2b-3c4d5e.yml) + └───ou_region.yml (e.g. ou-1a2b-3c4d5e_eu-west-1.yml) + └───account.yml (e.g. dev-account-1.yml) + └───account_region.yml (e.g. dev-account-1_eu-west-1.yml) ``` This concept also works for applying **Tags** to the resources within your @@ -712,6 +715,28 @@ the root of the repository. *Note:* Currently only Strings type values are supported as parameters to CloudFormation templates when deploying via AWS CodePipeline. +**CloudFormation Parameters in a Multi-Organization ADF Setup** +The CloudFormation Parameter generation feature is fully compatible with +the [Multi-Organization ADF Setup](./multi-organization-guide.md) approach. +Let's assume that we have a three AWS Org setup with a dev, int and prod +AWS Organization. This implies that the SSM param `/adf/org/stage` will have +one of the following three values: `[dev, int, prod]`; depending on the AWS +Organization you are in. Let's further assume that your application in scope +requires AWS Organization specific parameters.In that case, the `params` should +have the following content: + +```txt +params +└───global_dev.yml +└───global_int.yml +└───global_prod.yml +└───global.yml +``` + +When the application gets deployed, ADF will choose the right parameter file +based on the value of the SSM prameter "/adf/org/stage". + + ### Serverless Transforms If the template that is being deployed contains a transform, such as a From 2f82b34cd91e10e4605a7edd61d9608ebb1bad93 Mon Sep 17 00:00:00 2001 From: AndyEfaa <73257849+AndyEfaa@users.noreply.github.com> Date: Sat, 20 Jan 2024 15:54:02 +0100 Subject: [PATCH 3/8] Update docs/user-guide.md Co-authored-by: Simon Kok --- docs/user-guide.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index e2471a56f..738f8b3b3 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -646,8 +646,6 @@ each account under that OU. deployment map as a target. If only the account number is in the deployment map the corresponding OU parameter file will not be referenced. - - ```txt global.yml └───deployment_org_stage.yml (e.g. global_dev.yml) From 801486784b84ea91501fd934cdcf79a1e01976f4 Mon Sep 17 00:00:00 2001 From: AndyEfaa <73257849+AndyEfaa@users.noreply.github.com> Date: Sat, 20 Jan 2024 15:54:17 +0100 Subject: [PATCH 4/8] Update docs/user-guide.md Co-authored-by: Simon Kok --- docs/user-guide.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index 738f8b3b3..f33146007 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -713,7 +713,8 @@ the root of the repository. *Note:* Currently only Strings type values are supported as parameters to CloudFormation templates when deploying via AWS CodePipeline. -**CloudFormation Parameters in a Multi-Organization ADF Setup** +#### CloudFormation Parameters in a Multi-Organization ADF Setup + The CloudFormation Parameter generation feature is fully compatible with the [Multi-Organization ADF Setup](./multi-organization-guide.md) approach. Let's assume that we have a three AWS Org setup with a dev, int and prod From 143b283486fd21fd9518d877f11e8f1dd9200eb2 Mon Sep 17 00:00:00 2001 From: AndyEfaa <73257849+AndyEfaa@users.noreply.github.com> Date: Sat, 20 Jan 2024 15:54:41 +0100 Subject: [PATCH 5/8] Update docs/user-guide.md Co-authored-by: Simon Kok --- docs/user-guide.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index f33146007..13b2876a0 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -717,12 +717,14 @@ CloudFormation templates when deploying via AWS CodePipeline. The CloudFormation Parameter generation feature is fully compatible with the [Multi-Organization ADF Setup](./multi-organization-guide.md) approach. -Let's assume that we have a three AWS Org setup with a dev, int and prod -AWS Organization. This implies that the SSM param `/adf/org/stage` will have -one of the following three values: `[dev, int, prod]`; depending on the AWS -Organization you are in. Let's further assume that your application in scope -requires AWS Organization specific parameters.In that case, the `params` should -have the following content: + +For example, in a setup with three AWS Organizations; with a separate +`dev`, an `int`, and a `prod` AWS Organization. This implies that the +SSM parameter `/adf/org/stage` will have one of the following three +values: `dev`, `int`, or `prod`; depending on the AWS organization +you are in. Let's further assume that your application in scope +requires AWS Organization specific parameters. In that case, +the `params` folder should have the following content: ```txt params From d38f430e3e09fd6b44788f203894a969d0892b34 Mon Sep 17 00:00:00 2001 From: AndyEfaa <73257849+AndyEfaa@users.noreply.github.com> Date: Sat, 20 Jan 2024 15:55:09 +0100 Subject: [PATCH 6/8] Update docs/user-guide.md Co-authored-by: Simon Kok --- docs/user-guide.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index 13b2876a0..ae26419fe 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -734,9 +734,9 @@ params └───global.yml ``` -When the application gets deployed, ADF will choose the right parameter file -based on the value of the SSM prameter "/adf/org/stage". - +Where it will prefer the AWS Organization specific configuration +`global_${org_stage}` over the `global` parameters in case they both +match the same parameter or tag. ### Serverless Transforms From f2a09b6643464ca0afffac08e84501b2b91396a4 Mon Sep 17 00:00:00 2001 From: AndyEfaa <73257849+AndyEfaa@users.noreply.github.com> Date: Sat, 20 Jan 2024 15:55:36 +0100 Subject: [PATCH 7/8] Update src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py Co-authored-by: Simon Kok --- .../bootstrap_repository/adf-build/shared/generate_params.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py index 37251b5a0..0500a6828 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/generate_params.py @@ -302,13 +302,12 @@ def create_parameter_files(self) -> None: current_params ) # Compare account_region final to global_stage - adf_org_stage = ADF_ORG_STAGE # Fetch from Environ for Start current_params = self._merge_params( Parameters._parse( params_root_path=self.cwd, - params_filename=f"global_{adf_org_stage}", + params_filename=f"global_{ADF_ORG_STAGE}", ), - current_params + current_params, ) # Compare account_region final to global current_params = self._merge_params( From 004d98790bcbf86d1d1fd315bb46eb6da8c94625 Mon Sep 17 00:00:00 2001 From: Simon Kok Date: Sat, 20 Jan 2024 16:08:26 +0100 Subject: [PATCH 8/8] Remove trailing white spaces in docs/user-guide.md --- docs/user-guide.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/user-guide.md b/docs/user-guide.md index ae26419fe..d2e7da23d 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -715,16 +715,16 @@ CloudFormation templates when deploying via AWS CodePipeline. #### CloudFormation Parameters in a Multi-Organization ADF Setup -The CloudFormation Parameter generation feature is fully compatible with -the [Multi-Organization ADF Setup](./multi-organization-guide.md) approach. +The CloudFormation Parameter generation feature is fully compatible with +the [Multi-Organization ADF Setup](./multi-organization-guide.md) approach. For example, in a setup with three AWS Organizations; with a separate `dev`, an `int`, and a `prod` AWS Organization. This implies that the SSM parameter `/adf/org/stage` will have one of the following three -values: `dev`, `int`, or `prod`; depending on the AWS organization -you are in. Let's further assume that your application in scope +values: `dev`, `int`, or `prod`; depending on the AWS organization +you are in. Let's further assume that your application in scope requires AWS Organization specific parameters. In that case, -the `params` folder should have the following content: +the `params` folder should have the following content: ```txt params