forked from aws-samples/bedrock-claude-chat
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy.yml
158 lines (156 loc) · 5.37 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
AWSTemplateFormatVersion: "2010-09-09"
Description: A template to deploy the Bedrock-Claude Chat application with customizable parameters.
Parameters:
AllowSelfRegister:
Type: String
Default: "true"
Ipv4Ranges:
Type: String
Default: '["0.0.0.0/1","128.0.0.0/1"]' # Set default values based on current config
Ipv6Ranges:
Type: String
Default: '["0000:0000:0000:0000:0000:0000:0000:0000/1","8000:0000:0000:0000:0000:0000:0000:0000/1"]' # Set default values based on current config
AllowedSignUpEmailDomains:
Type: String
Default: "[]"
Region:
Type: String
Default: "us-east-1"
Resources:
ProjectRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Version: "2012-10-17"
ManagedPolicyArns:
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- :iam::aws:policy/AdministratorAccess
ProjectRoleDefaultPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource:
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- ":logs:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- :log-group:/aws/codebuild/
- Ref: Project
- :*
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- ":logs:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- :log-group:/aws/codebuild/
- Ref: Project
- Action:
- codebuild:BatchPutCodeCoverages
- codebuild:BatchPutTestCases
- codebuild:CreateReport
- codebuild:CreateReportGroup
- codebuild:UpdateReport
Effect: Allow
Resource:
Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- ":codebuild:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- :report-group/
- Ref: Project
- -*
Version: "2012-10-17"
PolicyName: ProjectRoleDefaultPolicy
Roles:
- Ref: ProjectRole
Project:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: NO_ARTIFACTS
Cache:
Type: NO_CACHE
EncryptionKey: alias/aws/s3
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:7.0
ImagePullCredentialsType: CODEBUILD
PrivilegedMode: true
Type: LINUX_CONTAINER
EnvironmentVariables:
- Name: ALLOW_SELF_REGISTER
Value: !Ref AllowSelfRegister
- Name: IPV4_RANGES
Value: !Ref Ipv4Ranges
- Name: IPV6_RANGES
Value: !Ref Ipv6Ranges
- Name: ALLOWED_SIGN_UP_EMAIL_DOMAINS
Value: !Ref AllowedSignUpEmailDomains
- Name: REGION
Value: !Ref Region
ServiceRole:
Fn::GetAtt:
- ProjectRole
- Arn
Source:
BuildSpec: |-
{
"version": "0.2",
"phases": {
"install": {
"runtime-versions": {
"nodejs": "18"
},
"commands": [
"npm i -g aws-cdk"
],
"on-failure": "ABORT"
},
"build": {
"commands": [
"echo 'Build phase...'",
"git clone --branch v1 https://github.com/aws-samples/bedrock-claude-chat.git",
"cd bedrock-claude-chat",
"if [ \"$ALLOW_SELF_REGISTER\" = \"false\" ]; then sed -i 's/\"selfSignUpEnabled\": true,/\"selfSignUpEnabled\": false,/' cdk/cdk.json; fi",
"if [ ! -z \"$IPV4_RANGES\" ]; then jq --arg ipv4 \"$IPV4_RANGES\" '.context.allowedIpV4AddressRanges = ($ipv4 | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
"if [ ! -z \"$IPV6_RANGES\" ]; then jq --arg ipv6 \"$IPV6_RANGES\" '.context.allowedIpV6AddressRanges = ($ipv6 | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
"if [ ! -z \"$ALLOWED_SIGN_UP_EMAIL_DOMAINS\" ]; then jq --arg domains \"$ALLOWED_SIGN_UP_EMAIL_DOMAINS\" '.context.allowedSignUpEmailDomains = ($domains | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
"sed -i \"s/\\\"bedrockRegion\\\": \\\"[^\\\"]*\\\"/\\\"bedrockRegion\\\": \\\"${REGION}\\\"/\" cdk/cdk.json",
"cd cdk",
"npm ci",
"cdk bootstrap",
"cdk deploy --require-approval never --all"
]
}
}
}
Type: NO_SOURCE
Outputs:
ProjectName:
Value:
Ref: Project