diff --git a/.gitignore b/.gitignore index df1969c6..0c5c3755 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ### Linux ### *~ diff --git a/VERSION b/VERSION index f0bb29e7..6524bf7c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.0 +1.3.1.build_72173 diff --git a/data.tf b/data.tf index 07fb2792..f28eb22f 100644 --- a/data.tf +++ b/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "local_file" "version" { filename = "${path.module}/VERSION" } diff --git a/examples/bitbucket+tf_enterprise/main.tf b/examples/bitbucket+tf_enterprise/main.tf index 6470dbab..e686f55c 100644 --- a/examples/bitbucket+tf_enterprise/main.tf +++ b/examples/bitbucket+tf_enterprise/main.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# module "aft" { source = "github.com/aws-ia/terraform-aws-control_tower_account_factory" # Required Vars diff --git a/examples/codecommit+tf_oss/main.tf b/examples/codecommit+tf_oss/main.tf index 2425d107..8db5185e 100644 --- a/examples/codecommit+tf_oss/main.tf +++ b/examples/codecommit+tf_oss/main.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# module "aft" { source = "github.com/aws-ia/terraform-aws-control_tower_account_factory" # Required Vars diff --git a/examples/github+tf_oss/main.tf b/examples/github+tf_oss/main.tf index d449a839..cc008140 100644 --- a/examples/github+tf_oss/main.tf +++ b/examples/github+tf_oss/main.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# module "aft" { source = "github.com/aws-ia/terraform-aws-control_tower_account_factory" # Required Vars diff --git a/examples/githubenterprise+tf_cloud/main.tf b/examples/githubenterprise+tf_cloud/main.tf index 3c032959..1a31290e 100644 --- a/examples/githubenterprise+tf_cloud/main.tf +++ b/examples/githubenterprise+tf_cloud/main.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# module "aft" { source = "github.com/aws-ia/terraform-aws-control_tower_account_factory" # Required Vars diff --git a/locals.tf b/locals.tf index 1a88a1b7..e2a7949b 100644 --- a/locals.tf +++ b/locals.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { aft_version = chomp(trimspace(data.local_file.version.content)) aft_account_provisioning_customizations_sfn_name = "aft-account-provisioning-customizations" diff --git a/main.tf b/main.tf index 2aa89f9b..8394cda7 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# module "packaging" { source = "./modules/aft-archives" } @@ -167,6 +170,8 @@ module "aft_lambda_layer" { aft_vpc_private_subnets = module.aft_account_request_framework.aft_vpc_private_subnets aft_vpc_default_sg = module.aft_account_request_framework.aft_vpc_default_sg s3_bucket_name = module.aft_customizations.aft_codepipeline_customizations_bucket_name + builder_archive_path = module.packaging.builder_archive_path + builder_archive_hash = module.packaging.builder_archive_hash } module "aft_ssm_parameters" { diff --git a/modules/aft-account-provisioning-framework/data.tf b/modules/aft-account-provisioning-framework/data.tf index eb260877..77f0470a 100644 --- a/modules/aft-account-provisioning-framework/data.tf +++ b/modules/aft-account-provisioning-framework/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_region" "aft_management" {} data "aws_caller_identity" "aft_management" {} data "aws_iam_policy" "AWSLambdaBasicExecutionRole" { diff --git a/modules/aft-account-provisioning-framework/iam.tf b/modules/aft-account-provisioning-framework/iam.tf index ed54dd8c..22dce71b 100644 --- a/modules/aft-account-provisioning-framework/iam.tf +++ b/modules/aft-account-provisioning-framework/iam.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ######### invoke_aft_account_provisioning_framework ######### # Validate Request Lambda Permissions diff --git a/modules/aft-account-provisioning-framework/lambda.tf b/modules/aft-account-provisioning-framework/lambda.tf index 3b70eb34..5e77ad46 100644 --- a/modules/aft-account-provisioning-framework/lambda.tf +++ b/modules/aft-account-provisioning-framework/lambda.tf @@ -1,4 +1,6 @@ - +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ### VALIDATE REQUEST FUNCTION resource "aws_lambda_function" "validate_request" { diff --git a/modules/aft-account-provisioning-framework/locals.tf b/modules/aft-account-provisioning-framework/locals.tf index 59c5315e..87d9f036 100644 --- a/modules/aft-account-provisioning-framework/locals.tf +++ b/modules/aft-account-provisioning-framework/locals.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { lambda_managed_policies = [data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn, data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn] } diff --git a/modules/aft-account-provisioning-framework/outputs.tf b/modules/aft-account-provisioning-framework/outputs.tf index 00519a7f..439f1da0 100644 --- a/modules/aft-account-provisioning-framework/outputs.tf +++ b/modules/aft-account-provisioning-framework/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "state_machine_arn" { value = aws_sfn_state_machine.aft_account_provisioning_framework_sfn.arn } diff --git a/modules/aft-account-provisioning-framework/states.tf b/modules/aft-account-provisioning-framework/states.tf index 75bd93bd..555a9a7a 100644 --- a/modules/aft-account-provisioning-framework/states.tf +++ b/modules/aft-account-provisioning-framework/states.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { state_machine_source = "${path.module}/states/aft_account_provisioning_framework.asl.json" replacements_map = { diff --git a/modules/aft-account-provisioning-framework/variables.tf b/modules/aft-account-provisioning-framework/variables.tf index 6ae9eb24..11459944 100644 --- a/modules/aft-account-provisioning-framework/variables.tf +++ b/modules/aft-account-provisioning-framework/variables.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# variable "aft_account_provisioning_framework_sfn_name" { type = string } diff --git a/modules/aft-account-provisioning-framework/versions.tf b/modules/aft-account-provisioning-framework/versions.tf index fdb6c4e6..9378a10b 100644 --- a/modules/aft-account-provisioning-framework/versions.tf +++ b/modules/aft-account-provisioning-framework/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" } } } diff --git a/modules/aft-account-request-framework/backup.tf b/modules/aft-account-request-framework/backup.tf index 73dba658..51d2128c 100644 --- a/modules/aft-account-request-framework/backup.tf +++ b/modules/aft-account-request-framework/backup.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_backup_vault" "aft_controltower_backup_vault" { name = "aft-controltower-backup-vault" kms_key_arn = aws_kms_key.aft.arn diff --git a/modules/aft-account-request-framework/data.tf b/modules/aft-account-request-framework/data.tf index e5ba84e3..b5c32de9 100644 --- a/modules/aft-account-request-framework/data.tf +++ b/modules/aft-account-request-framework/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_region" "aft-management" {} data "aws_caller_identity" "aft-management" {} diff --git a/modules/aft-account-request-framework/ddb.tf b/modules/aft-account-request-framework/ddb.tf index 832af650..36f453e2 100644 --- a/modules/aft-account-request-framework/ddb.tf +++ b/modules/aft-account-request-framework/ddb.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# # Table that stores account-meta data resource "aws_dynamodb_table" "aft_request_metadata" { name = "aft-request-metadata" diff --git a/modules/aft-account-request-framework/eventbridge.tf b/modules/aft-account-request-framework/eventbridge.tf index b77bb368..50ce9372 100644 --- a/modules/aft-account-request-framework/eventbridge.tf +++ b/modules/aft-account-request-framework/eventbridge.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ######### Control Tower Event Bus ######### resource "aws_cloudwatch_event_bus" "aft_from_ct_management" { name = "aft-events-from-ct-management" diff --git a/modules/aft-account-request-framework/iam.tf b/modules/aft-account-request-framework/iam.tf index b19ca2e8..3c1c2cd7 100644 --- a/modules/aft-account-request-framework/iam.tf +++ b/modules/aft-account-request-framework/iam.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ######### Control Tower Events - CT Management ######### resource "aws_iam_role" "aft_control_tower_events" { provider = aws.ct_management diff --git a/modules/aft-account-request-framework/kms.tf b/modules/aft-account-request-framework/kms.tf index d992f42f..544ef940 100644 --- a/modules/aft-account-request-framework/kms.tf +++ b/modules/aft-account-request-framework/kms.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_kms_key" "aft" { description = "AFT KMS key" enable_key_rotation = "true" diff --git a/modules/aft-account-request-framework/lambda.tf b/modules/aft-account-request-framework/lambda.tf index fd53faaa..2f30656a 100644 --- a/modules/aft-account-request-framework/lambda.tf +++ b/modules/aft-account-request-framework/lambda.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ######## aft_account_request_audit_trigger ######## resource "aws_lambda_function" "aft_account_request_audit_trigger" { @@ -27,11 +30,12 @@ resource "time_sleep" "wait_60_seconds" { } resource "aws_lambda_event_source_mapping" "aft_account_request_audit_trigger" { - depends_on = [time_sleep.wait_60_seconds] - event_source_arn = aws_dynamodb_table.aft_request.stream_arn - function_name = aws_lambda_function.aft_account_request_audit_trigger.arn - starting_position = "LATEST" - batch_size = 1 + depends_on = [time_sleep.wait_60_seconds] + event_source_arn = aws_dynamodb_table.aft_request.stream_arn + function_name = aws_lambda_function.aft_account_request_audit_trigger.arn + starting_position = "LATEST" + batch_size = 1 + maximum_retry_attempts = 1 } resource "aws_cloudwatch_log_group" "aft_account_request_audit_trigger" { @@ -64,10 +68,11 @@ resource "aws_lambda_function" "aft_account_request_action_trigger" { } resource "aws_lambda_event_source_mapping" "aft_account_request_action_trigger" { - event_source_arn = aws_dynamodb_table.aft_request.stream_arn - function_name = aws_lambda_function.aft_account_request_action_trigger.arn - starting_position = "LATEST" - batch_size = 1 + event_source_arn = aws_dynamodb_table.aft_request.stream_arn + function_name = aws_lambda_function.aft_account_request_action_trigger.arn + starting_position = "LATEST" + batch_size = 1 + maximum_retry_attempts = 1 } resource "aws_cloudwatch_log_group" "aft_account_request_action_trigger" { diff --git a/modules/aft-account-request-framework/locals.tf b/modules/aft-account-request-framework/locals.tf index 59c5315e..87d9f036 100644 --- a/modules/aft-account-request-framework/locals.tf +++ b/modules/aft-account-request-framework/locals.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { lambda_managed_policies = [data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn, data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn] } diff --git a/modules/aft-account-request-framework/outputs.tf b/modules/aft-account-request-framework/outputs.tf index ec9e857f..45d65f82 100644 --- a/modules/aft-account-request-framework/outputs.tf +++ b/modules/aft-account-request-framework/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "sns_topic_arn" { description = "arn of aft notifications sns topic" value = aws_sns_topic.aft_notifications.arn diff --git a/modules/aft-account-request-framework/sns.tf b/modules/aft-account-request-framework/sns.tf index 8f3e6bfe..bb50d33a 100644 --- a/modules/aft-account-request-framework/sns.tf +++ b/modules/aft-account-request-framework/sns.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_sns_topic" "aft_notifications" { name = "aft-notifications" kms_master_key_id = "alias/aws/sns" diff --git a/modules/aft-account-request-framework/sqs.tf b/modules/aft-account-request-framework/sqs.tf index 2b593fd8..cde5cc8b 100644 --- a/modules/aft-account-request-framework/sqs.tf +++ b/modules/aft-account-request-framework/sqs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_sqs_queue" "aft_account_request" { name = "aft-account-request.fifo" fifo_queue = true diff --git a/modules/aft-account-request-framework/variables.tf b/modules/aft-account-request-framework/variables.tf index e8f7ea1b..c958922a 100644 --- a/modules/aft-account-request-framework/variables.tf +++ b/modules/aft-account-request-framework/variables.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# variable "account_factory_product_name" { type = string } diff --git a/modules/aft-account-request-framework/versions.tf b/modules/aft-account-request-framework/versions.tf index 692fcc2b..b5109474 100755 --- a/modules/aft-account-request-framework/versions.tf +++ b/modules/aft-account-request-framework/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" configuration_aliases = [aws.ct_management] } } diff --git a/modules/aft-account-request-framework/vpc.tf b/modules/aft-account-request-framework/vpc.tf index 65fc7b5c..7b73b6da 100644 --- a/modules/aft-account-request-framework/vpc.tf +++ b/modules/aft-account-request-framework/vpc.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_vpc" "aft_vpc" { cidr_block = var.aft_vpc_cidr enable_dns_support = true diff --git a/modules/aft-archives/data.tf b/modules/aft-archives/data.tf index 3f647146..099e78e2 100644 --- a/modules/aft-archives/data.tf +++ b/modules/aft-archives/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "archive_file" "provisioning_framework" { type = "zip" source_dir = "${path.module}/../../src/aft_lambda/aft_account_provisioning_framework" @@ -20,3 +23,9 @@ data "archive_file" "feature_options" { source_dir = "${path.module}/../../src/aft_lambda/aft_feature_options" output_path = "${path.module}/../../src/aft_lambda/aft_feature_options.zip" } + +data "archive_file" "builder" { + type = "zip" + source_dir = "${path.module}/../../src/aft_lambda/aft_builder" + output_path = "${path.module}/../../src/aft_lambda/aft_builder.zip" +} diff --git a/modules/aft-archives/outputs.tf b/modules/aft-archives/outputs.tf index 1a03f728..c4292508 100644 --- a/modules/aft-archives/outputs.tf +++ b/modules/aft-archives/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "provisioning_framework_archive_path" { value = data.archive_file.provisioning_framework.output_path } @@ -29,3 +32,11 @@ output "feature_options_archive_path" { output "feature_options_archive_hash" { value = data.archive_file.feature_options.output_base64sha256 } + +output "builder_archive_path" { + value = data.archive_file.builder.output_path +} + +output "builder_archive_hash" { + value = data.archive_file.builder.output_base64sha256 +} diff --git a/modules/aft-backend/main.tf b/modules/aft-backend/main.tf index ca25ab21..86943e53 100644 --- a/modules/aft-backend/main.tf +++ b/modules/aft-backend/main.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_caller_identity" "current" { provider = aws.primary_region } diff --git a/modules/aft-backend/outputs.tf b/modules/aft-backend/outputs.tf index 13868ad3..01b00552 100644 --- a/modules/aft-backend/outputs.tf +++ b/modules/aft-backend/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "bucket_id" { description = "The name of the primary bucket." value = aws_s3_bucket.primary-backend-bucket.id diff --git a/modules/aft-backend/variables.tf b/modules/aft-backend/variables.tf index db4af0af..82c8b211 100644 --- a/modules/aft-backend/variables.tf +++ b/modules/aft-backend/variables.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# variable "primary_region" { type = string } diff --git a/modules/aft-backend/versions.tf b/modules/aft-backend/versions.tf index cf4b8129..78de365a 100755 --- a/modules/aft-backend/versions.tf +++ b/modules/aft-backend/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" configuration_aliases = [aws.primary_region, aws.secondary_region] } } diff --git a/modules/aft-code-repositories/buildspecs/ct-aft-account-provisioning-customizations.yml b/modules/aft-code-repositories/buildspecs/ct-aft-account-provisioning-customizations.yml index e7c58197..31979624 100644 --- a/modules/aft-code-repositories/buildspecs/ct-aft-account-provisioning-customizations.yml +++ b/modules/aft-code-repositories/buildspecs/ct-aft-account-provisioning-customizations.yml @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: diff --git a/modules/aft-code-repositories/buildspecs/ct-aft-account-request.yml b/modules/aft-code-repositories/buildspecs/ct-aft-account-request.yml index c4d810f8..923995aa 100644 --- a/modules/aft-code-repositories/buildspecs/ct-aft-account-request.yml +++ b/modules/aft-code-repositories/buildspecs/ct-aft-account-request.yml @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: diff --git a/modules/aft-code-repositories/codebuild.tf b/modules/aft-code-repositories/codebuild.tf index dc7041fb..5c076b27 100644 --- a/modules/aft-code-repositories/codebuild.tf +++ b/modules/aft-code-repositories/codebuild.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "local_file" "account_request_buildspec" { filename = "${path.module}/buildspecs/ct-aft-account-request.yml" } @@ -18,7 +21,7 @@ resource "aws_codebuild_project" "account_request" { } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" @@ -61,7 +64,7 @@ resource "aws_codebuild_project" "account_provisioning_customizations_pipeline" } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" diff --git a/modules/aft-code-repositories/codecommit.tf b/modules/aft-code-repositories/codecommit.tf index 1c527ad4..d893e2d5 100644 --- a/modules/aft-code-repositories/codecommit.tf +++ b/modules/aft-code-repositories/codecommit.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_codecommit_repository" "global_customizations" { count = local.vcs.is_codecommit ? 1 : 0 repository_name = var.global_customizations_repo_name diff --git a/modules/aft-code-repositories/codepipeline.tf b/modules/aft-code-repositories/codepipeline.tf index e7fb91b2..67f4f36a 100644 --- a/modules/aft-code-repositories/codepipeline.tf +++ b/modules/aft-code-repositories/codepipeline.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ############################################################## # CodeCommit - account-request ############################################################## diff --git a/modules/aft-code-repositories/codestar.tf b/modules/aft-code-repositories/codestar.tf index 28ece6e8..8bd63e00 100644 --- a/modules/aft-code-repositories/codestar.tf +++ b/modules/aft-code-repositories/codestar.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_codestarconnections_connection" "bitbucket" { count = local.vcs.is_bitbucket ? 1 : 0 name = "ct-aft-bitbucket-connection" diff --git a/modules/aft-code-repositories/data.tf b/modules/aft-code-repositories/data.tf index eb58f218..222eaf53 100644 --- a/modules/aft-code-repositories/data.tf +++ b/modules/aft-code-repositories/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_region" "current" {} data "aws_caller_identity" "current" {} diff --git a/modules/aft-code-repositories/iam.tf b/modules/aft-code-repositories/iam.tf index 78f6d3a5..0c2a782a 100644 --- a/modules/aft-code-repositories/iam.tf +++ b/modules/aft-code-repositories/iam.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# # CodePipeline Roles resource "aws_iam_role" "account_request_codepipeline_role" { diff --git a/modules/aft-code-repositories/locals.tf b/modules/aft-code-repositories/locals.tf index db85b480..e2df281e 100644 --- a/modules/aft-code-repositories/locals.tf +++ b/modules/aft-code-repositories/locals.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { vcs = { is_codecommit = lower(var.vcs_provider) == "codecommit" ? true : false diff --git a/modules/aft-code-repositories/outputs.tf b/modules/aft-code-repositories/outputs.tf index 81d37e56..b098487f 100644 --- a/modules/aft-code-repositories/outputs.tf +++ b/modules/aft-code-repositories/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "codestar_connection_arn" { value = lookup(local.connection_arn, var.vcs_provider) } diff --git a/modules/aft-code-repositories/s3.tf b/modules/aft-code-repositories/s3.tf index e69de29b..ef31cbbc 100644 --- a/modules/aft-code-repositories/s3.tf +++ b/modules/aft-code-repositories/s3.tf @@ -0,0 +1,3 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# diff --git a/modules/aft-code-repositories/variables.tf b/modules/aft-code-repositories/variables.tf index 3cae2c5c..0a9bdf35 100644 --- a/modules/aft-code-repositories/variables.tf +++ b/modules/aft-code-repositories/variables.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# variable "vpc_id" { type = string } diff --git a/modules/aft-code-repositories/versions.tf b/modules/aft-code-repositories/versions.tf index fdb6c4e6..9378a10b 100755 --- a/modules/aft-code-repositories/versions.tf +++ b/modules/aft-code-repositories/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" } } } diff --git a/modules/aft-customizations/buildspecs/aft-account-customizations-api-helpers.yml b/modules/aft-customizations/buildspecs/aft-account-customizations-api-helpers.yml index c59ea517..941d6d84 100644 --- a/modules/aft-customizations/buildspecs/aft-account-customizations-api-helpers.yml +++ b/modules/aft-customizations/buildspecs/aft-account-customizations-api-helpers.yml @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: diff --git a/modules/aft-customizations/buildspecs/aft-account-customizations-terraform.yml b/modules/aft-customizations/buildspecs/aft-account-customizations-terraform.yml index 57360a85..61f62372 100644 --- a/modules/aft-customizations/buildspecs/aft-account-customizations-terraform.yml +++ b/modules/aft-customizations/buildspecs/aft-account-customizations-terraform.yml @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: diff --git a/modules/aft-customizations/buildspecs/aft-create-pipeline.yml b/modules/aft-customizations/buildspecs/aft-create-pipeline.yml index 22f73014..84b34a13 100644 --- a/modules/aft-customizations/buildspecs/aft-create-pipeline.yml +++ b/modules/aft-customizations/buildspecs/aft-create-pipeline.yml @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: diff --git a/modules/aft-customizations/buildspecs/aft-global-customizations-api-helpers.yml b/modules/aft-customizations/buildspecs/aft-global-customizations-api-helpers.yml index 2d180951..aedbfbeb 100644 --- a/modules/aft-customizations/buildspecs/aft-global-customizations-api-helpers.yml +++ b/modules/aft-customizations/buildspecs/aft-global-customizations-api-helpers.yml @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: diff --git a/modules/aft-customizations/buildspecs/aft-global-customizations-terraform.yml b/modules/aft-customizations/buildspecs/aft-global-customizations-terraform.yml index 78aa8031..9e26aa89 100644 --- a/modules/aft-customizations/buildspecs/aft-global-customizations-terraform.yml +++ b/modules/aft-customizations/buildspecs/aft-global-customizations-terraform.yml @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: diff --git a/modules/aft-customizations/codebuild.tf b/modules/aft-customizations/codebuild.tf index bfed95a7..d6975e86 100644 --- a/modules/aft-customizations/codebuild.tf +++ b/modules/aft-customizations/codebuild.tf @@ -1,4 +1,6 @@ - +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ##################################################### # AFT Global Customizations Terraform ##################################################### @@ -16,7 +18,7 @@ resource "aws_codebuild_project" "aft_global_customizations_terraform" { } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" @@ -68,7 +70,7 @@ resource "aws_codebuild_project" "aft_account_customizations_terraform" { } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" @@ -120,7 +122,7 @@ resource "aws_codebuild_project" "aft_global_customizations_api_helpers" { } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" @@ -172,7 +174,7 @@ resource "aws_codebuild_project" "aft_account_customizations_api_helpers" { } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" @@ -225,7 +227,7 @@ resource "aws_codebuild_project" "aft_create_pipeline" { } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" diff --git a/modules/aft-customizations/data.tf b/modules/aft-customizations/data.tf index 34c91b7c..f54cd7e1 100644 --- a/modules/aft-customizations/data.tf +++ b/modules/aft-customizations/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_region" "current" {} data "aws_caller_identity" "current" {} diff --git a/modules/aft-customizations/iam.tf b/modules/aft-customizations/iam.tf index d5c14b7d..19c7c705 100644 --- a/modules/aft-customizations/iam.tf +++ b/modules/aft-customizations/iam.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ################################################################### # CodePipeline IAM Resources ################################################################### diff --git a/modules/aft-customizations/lambda.tf b/modules/aft-customizations/lambda.tf index af664eb3..2f0a77f3 100644 --- a/modules/aft-customizations/lambda.tf +++ b/modules/aft-customizations/lambda.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ######## customizations_identify_targets ######## diff --git a/modules/aft-customizations/locals.tf b/modules/aft-customizations/locals.tf index 59c5315e..87d9f036 100644 --- a/modules/aft-customizations/locals.tf +++ b/modules/aft-customizations/locals.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { lambda_managed_policies = [data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn, data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn] } diff --git a/modules/aft-customizations/outputs.tf b/modules/aft-customizations/outputs.tf index f0fc2df5..96a2ba79 100644 --- a/modules/aft-customizations/outputs.tf +++ b/modules/aft-customizations/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "aft_customizations_identify_targets_function_arn" { value = aws_lambda_function.aft_customizations_identify_targets.arn } diff --git a/modules/aft-customizations/s3.tf b/modules/aft-customizations/s3.tf index 9cb0952b..cdbb1b6b 100644 --- a/modules/aft-customizations/s3.tf +++ b/modules/aft-customizations/s3.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_s3_bucket" "aft_codepipeline_customizations_bucket" { bucket = "aft-customizations-pipeline-${data.aws_caller_identity.current.account_id}" acl = "private" diff --git a/modules/aft-customizations/states.tf b/modules/aft-customizations/states.tf index 0ab3583b..3e748d4c 100644 --- a/modules/aft-customizations/states.tf +++ b/modules/aft-customizations/states.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { state_machine_source = "${path.module}/states/invoke_customizations.asl.json" replacements_map = { diff --git a/modules/aft-customizations/variables.tf b/modules/aft-customizations/variables.tf index a0293876..474fc3db 100644 --- a/modules/aft-customizations/variables.tf +++ b/modules/aft-customizations/variables.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# variable "aft_config_backend_kms_key_id" { type = string } diff --git a/modules/aft-customizations/versions.tf b/modules/aft-customizations/versions.tf index fdb6c4e6..9378a10b 100755 --- a/modules/aft-customizations/versions.tf +++ b/modules/aft-customizations/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" } } } diff --git a/modules/aft-feature-options/data.tf b/modules/aft-feature-options/data.tf index 95484763..ff628e9f 100644 --- a/modules/aft-feature-options/data.tf +++ b/modules/aft-feature-options/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_region" "current" { provider = aws.aft_management } diff --git a/modules/aft-feature-options/iam.tf b/modules/aft-feature-options/iam.tf index 8612df9e..ec964dbd 100644 --- a/modules/aft-feature-options/iam.tf +++ b/modules/aft-feature-options/iam.tf @@ -1,4 +1,6 @@ - +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ################################################################### # Step Functions - AFT Features ################################################################### diff --git a/modules/aft-feature-options/kms.tf b/modules/aft-feature-options/kms.tf index b409cfaf..0aa95d09 100644 --- a/modules/aft-feature-options/kms.tf +++ b/modules/aft-feature-options/kms.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_kms_key" "aft_log_key" { provider = aws.log_archive description = "KMS key for encrypt/decrypt log files" diff --git a/modules/aft-feature-options/lambda.tf b/modules/aft-feature-options/lambda.tf index 56ba1c3e..bb09c4a3 100644 --- a/modules/aft-feature-options/lambda.tf +++ b/modules/aft-feature-options/lambda.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ######## aft_delete_default_vpc ######## resource "aws_lambda_function" "aft_delete_default_vpc" { provider = aws.aft_management diff --git a/modules/aft-feature-options/locals.tf b/modules/aft-feature-options/locals.tf index 59c5315e..87d9f036 100644 --- a/modules/aft-feature-options/locals.tf +++ b/modules/aft-feature-options/locals.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { lambda_managed_policies = [data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn, data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn] } diff --git a/modules/aft-feature-options/outputs.tf b/modules/aft-feature-options/outputs.tf index 8f637da6..26759e1e 100644 --- a/modules/aft-feature-options/outputs.tf +++ b/modules/aft-feature-options/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "aws_aft_access_logs_s3_bucket_id" { value = aws_s3_bucket.aft_access_logs.id description = "The name of the bucket." diff --git a/modules/aft-feature-options/s3.tf b/modules/aft-feature-options/s3.tf index 6b069938..2b3bb606 100644 --- a/modules/aft-feature-options/s3.tf +++ b/modules/aft-feature-options/s3.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ############################################# # Log Archive ############################################# diff --git a/modules/aft-feature-options/states.tf b/modules/aft-feature-options/states.tf index bc2bb9b1..8865330c 100644 --- a/modules/aft-feature-options/states.tf +++ b/modules/aft-feature-options/states.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# locals { state_machine_source = "${path.module}/states/aft_features.asl.json" replacements_map = { diff --git a/modules/aft-feature-options/variables.tf b/modules/aft-feature-options/variables.tf index bbd91b5f..a7836755 100644 --- a/modules/aft-feature-options/variables.tf +++ b/modules/aft-feature-options/variables.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# variable "aft_vpc_private_subnets" { type = list(string) } diff --git a/modules/aft-feature-options/versions.tf b/modules/aft-feature-options/versions.tf index 2ca63d16..3b32b3c7 100755 --- a/modules/aft-feature-options/versions.tf +++ b/modules/aft-feature-options/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" configuration_aliases = [aws.ct_management, aws.log_archive, aws.audit, aws.aft_management] } } diff --git a/modules/aft-iam-roles/admin-role/iam.tf b/modules/aft-iam-roles/admin-role/iam.tf index e132eaf8..6efa2317 100644 --- a/modules/aft-iam-roles/admin-role/iam.tf +++ b/modules/aft-iam-roles/admin-role/iam.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# variable "trusted_entity_type" { default = "AWS" } diff --git a/modules/aft-iam-roles/admin-role/main.tf b/modules/aft-iam-roles/admin-role/main.tf index ed160fde..606e02c8 100644 --- a/modules/aft-iam-roles/admin-role/main.tf +++ b/modules/aft-iam-roles/admin-role/main.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_providers { aws = { diff --git a/modules/aft-iam-roles/iam.tf b/modules/aft-iam-roles/iam.tf index f2411d4a..fb1d7fbb 100644 --- a/modules/aft-iam-roles/iam.tf +++ b/modules/aft-iam-roles/iam.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_caller_identity" "aft_management" { provider = aws.aft_management } diff --git a/modules/aft-iam-roles/outputs.tf b/modules/aft-iam-roles/outputs.tf index e1d451a0..c8eba735 100644 --- a/modules/aft-iam-roles/outputs.tf +++ b/modules/aft-iam-roles/outputs.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# output "aft_admin_role_arn" { value = aws_iam_role.aft_admin_role.arn } diff --git a/modules/aft-iam-roles/versions.tf b/modules/aft-iam-roles/versions.tf index 2ca63d16..3b32b3c7 100755 --- a/modules/aft-iam-roles/versions.tf +++ b/modules/aft-iam-roles/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" configuration_aliases = [aws.ct_management, aws.log_archive, aws.audit, aws.aft_management] } } diff --git a/modules/aft-lambda-layer/buildspecs/aft-lambda-layer.yml b/modules/aft-lambda-layer/buildspecs/aft-lambda-layer.yml index bfe84af7..cb792cbd 100644 --- a/modules/aft-lambda-layer/buildspecs/aft-lambda-layer.yml +++ b/modules/aft-lambda-layer/buildspecs/aft-lambda-layer.yml @@ -1,9 +1,9 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# version: 0.2 phases: - pre_build: - commands: - - aws events disable-rule --name $EVENT_RULE_NAME install: runtime-versions: python: $PYTHON_VERSION diff --git a/modules/aft-lambda-layer/cloudwatch.tf b/modules/aft-lambda-layer/cloudwatch.tf deleted file mode 100644 index 99a7008d..00000000 --- a/modules/aft-lambda-layer/cloudwatch.tf +++ /dev/null @@ -1,16 +0,0 @@ -resource "aws_cloudwatch_event_rule" "codebuild_trigger" { - lifecycle { - ignore_changes = [is_enabled] - } - - name = "${local.common_name}-${replace(time_sleep.eventbridge_rule.triggers["lambda_layer_version"], ".", "-")}" - description = "Triggers the python layer builder codebuild job." - schedule_expression = "rate(2 minutes)" -} - -resource "aws_cloudwatch_event_target" "codebuild_trigger" { - rule = aws_cloudwatch_event_rule.codebuild_trigger.name - target_id = local.target_id - arn = aws_codebuild_project.codebuild.id - role_arn = aws_iam_role.codebuild.arn -} diff --git a/modules/aft-lambda-layer/codebuild.tf b/modules/aft-lambda-layer/codebuild.tf index 875cc9a9..5075c142 100644 --- a/modules/aft-lambda-layer/codebuild.tf +++ b/modules/aft-lambda-layer/codebuild.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_codebuild_project" "codebuild" { name = local.common_name description = "Codebuild project to create lambda layer ${var.lambda_layer_name}" @@ -10,7 +13,7 @@ resource "aws_codebuild_project" "codebuild" { } environment { - compute_type = "BUILD_GENERAL1_SMALL" + compute_type = "BUILD_GENERAL1_MEDIUM" image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0" type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" diff --git a/modules/aft-lambda-layer/data.tf b/modules/aft-lambda-layer/data.tf index c53df36b..f042dd2e 100644 --- a/modules/aft-lambda-layer/data.tf +++ b/modules/aft-lambda-layer/data.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# data "aws_caller_identity" "session" {} data "local_file" "aft_lambda_layer" { diff --git a/modules/aft-lambda-layer/iam.tf b/modules/aft-lambda-layer/iam.tf index 19e44503..a87a08cd 100644 --- a/modules/aft-lambda-layer/iam.tf +++ b/modules/aft-lambda-layer/iam.tf @@ -1,8 +1,16 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# resource "aws_iam_role" "codebuild" { name = local.common_name assume_role_policy = file("${path.module}/iam/trust-policies/codebuild.tpl") } +resource "aws_iam_role" "codebuild_invoker_lambda_role" { + name = "codebuild_invoker_role" + assume_role_policy = file("${path.module}/iam/trust-policies/lambda.tpl") +} + resource "aws_iam_role_policy" "codebuild" { role = aws_iam_role.codebuild.name policy = templatefile("${path.module}/iam/role-policies/codebuild.tpl", { @@ -14,3 +22,18 @@ resource "aws_iam_role_policy" "codebuild" { "data_aws_kms_alias_aft_key_target_key_arn" = var.aft_kms_key_arn }) } + +resource "aws_iam_role_policy" "codebuild_invoker_policy" { + role = aws_iam_role.codebuild_invoker_lambda_role.name + policy = templatefile("${path.module}/iam/role-policies/codebuild-invoker.tpl", { + "aws_region" = var.aws_region + "account_id" = local.account_id + "codebuild_project_name" = aws_codebuild_project.codebuild.name + "codebuild_invoker_function_name" = local.codebuild_invoker_function_name + }) +} + +resource "aws_iam_role_policy_attachment" "codebuild_invoker_VPC_access" { + role = aws_iam_role.codebuild_invoker_lambda_role.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" +} diff --git a/modules/aft-lambda-layer/iam/role-policies/codebuild-invoker.tpl b/modules/aft-lambda-layer/iam/role-policies/codebuild-invoker.tpl new file mode 100644 index 00000000..04f4c789 --- /dev/null +++ b/modules/aft-lambda-layer/iam/role-policies/codebuild-invoker.tpl @@ -0,0 +1,28 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" + ], + "Effect": "Allow", + "Resource": "arn:aws:codebuild:${aws_region}:${account_id}:project/${codebuild_project_name}" + }, + { + "Action": [ + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:${aws_region}:${account_id}:*" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:${aws_region}:${account_id}:log-group:/aws/lambda/${codebuild_invoker_function_name}:*" + } + ] +} diff --git a/modules/aft-lambda-layer/iam/trust-policies/lambda.tpl b/modules/aft-lambda-layer/iam/trust-policies/lambda.tpl new file mode 100644 index 00000000..de3dba11 --- /dev/null +++ b/modules/aft-lambda-layer/iam/trust-policies/lambda.tpl @@ -0,0 +1,14 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + }, + "Action": "sts:AssumeRole" + } + ] +} diff --git a/modules/aft-lambda-layer/lambda.tf b/modules/aft-lambda-layer/lambda.tf new file mode 100644 index 00000000..4e18985f --- /dev/null +++ b/modules/aft-lambda-layer/lambda.tf @@ -0,0 +1,34 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +resource "aws_lambda_function" "codebuild_invoker" { + filename = var.builder_archive_path + function_name = local.codebuild_invoker_function_name + description = "AFT Lambda Layer - CodeBuild Invoker" + role = aws_iam_role.codebuild_invoker_lambda_role.arn + handler = "codebuild_invoker.lambda_handler" + source_code_hash = var.builder_archive_hash + runtime = "python3.8" + timeout = 900 + + vpc_config { + subnet_ids = var.aft_vpc_private_subnets + security_group_ids = var.aft_vpc_default_sg + } +} + +# TODO - What happens when the function fails? +data "aws_lambda_invocation" "invoke_codebuild_job" { + function_name = aws_lambda_function.codebuild_invoker.function_name + + input = < bool: +def provisioned_product_exists(record: Dict[str, Any]) -> bool: ct_management_session = utils.get_ct_management_session(aft_mgmt_session=Session()) account_name = utils.unmarshal_ddb_item(record["dynamodb"]["NewImage"])[ "control_tower_parameters" @@ -34,7 +37,18 @@ def new_account_request(record: Dict[str, Any]) -> bool: provisioned_product = Account( ct_management_session=ct_management_session, account_name=account_name ).provisioned_product - return provisioned_product is None + return provisioned_product is not None + + +def insert_msg_into_acc_req_queue( + event_record: Dict[Any, Any], new_account: bool, session: Session +) -> None: + sqs_queue = utils.get_ssm_parameter_value( + session, utils.SSM_PARAM_ACCOUNT_REQUEST_QUEUE + ) + sqs_queue = utils.build_sqs_url(session=session, queue_name=sqs_queue) + message = build_sqs_message(record=event_record, new_account=new_account) + utils.send_sqs_message(session=session, sqs_url=sqs_queue, message=message) def delete_account_request(record: Dict[str, Any]) -> bool: @@ -57,16 +71,16 @@ def control_tower_param_changed(record: Dict[str, Any]) -> bool: return False -def build_sqs_message(record: Dict[str, Any]) -> Dict[str, Any]: +def build_sqs_message(record: Dict[str, Any], new_account: bool) -> Dict[str, Any]: logger.info("Building SQS Message - ") message = {} - operation = record["eventName"] + operation = "ADD" if new_account else "UPDATE" new_image = utils.unmarshal_ddb_item(record["dynamodb"]["NewImage"]) message["operation"] = operation message["control_tower_parameters"] = new_image["control_tower_parameters"] - if operation == "MODIFY": + if record["eventName"] == "MODIFY": old_image = utils.unmarshal_ddb_item(record["dynamodb"]["OldImage"]) message["old_control_tower_parameters"] = old_image["control_tower_parameters"] @@ -136,7 +150,7 @@ def new_ct_request_is_valid(session: Session, request: Dict[str, Any]) -> bool: def modify_ct_request_is_valid(request: Dict[str, Any]) -> bool: logger.info("Validating modify CT Account Request") - old_ct_parameters = request["old_control_tower_parameters"] + old_ct_parameters = request.get("old_control_tower_parameters", {}) new_ct_parameters = request["control_tower_parameters"] for i in old_ct_parameters.keys(): @@ -189,7 +203,7 @@ def create_new_account( return response -def modify_existing_account( +def update_existing_account( session: Session, ct_management_session: Session, request: Dict[str, Any] ) -> None: client = ct_management_session.client("servicecatalog") diff --git a/sources/aft-lambda-layer/aft_common/aft_utils.py b/sources/aft-lambda-layer/aft_common/aft_utils.py index 4b6249ff..c22e6b3e 100644 --- a/sources/aft-lambda-layer/aft_common/aft_utils.py +++ b/sources/aft-lambda-layer/aft_common/aft_utils.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import json import os import uuid diff --git a/sources/aft-lambda-layer/aft_common/customizations.py b/sources/aft-lambda-layer/aft_common/customizations.py index 18d312bc..cdd04c46 100644 --- a/sources/aft-lambda-layer/aft_common/customizations.py +++ b/sources/aft-lambda-layer/aft_common/customizations.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import json import os import re @@ -43,7 +46,7 @@ def get_pipeline_for_account(session: Session, account: str) -> str: if t["key"] == "managed_by" and t["value"] == "AFT": pipeline_name: str = p["name"] return pipeline_name - raise Exception("Pipelines for account id " + current_account + " was not found") + raise Exception("Pipelines for account id " + account + " was not found") def pipeline_is_running(session: Session, name: str) -> bool: diff --git a/sources/aft-lambda-layer/aft_common/datetime_encoder.py b/sources/aft-lambda-layer/aft_common/datetime_encoder.py index db41738d..6417fc03 100644 --- a/sources/aft-lambda-layer/aft_common/datetime_encoder.py +++ b/sources/aft-lambda-layer/aft_common/datetime_encoder.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ############################################################################## # Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # # diff --git a/sources/aft-lambda-layer/aft_common/feature_options.py b/sources/aft-lambda-layer/aft_common/feature_options.py index 40bc6a30..af14df43 100644 --- a/sources/aft-lambda-layer/aft_common/feature_options.py +++ b/sources/aft-lambda-layer/aft_common/feature_options.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# from typing import TYPE_CHECKING import boto3 diff --git a/sources/aft-lambda-layer/aft_common/logger.py b/sources/aft-lambda-layer/aft_common/logger.py index f625cc47..fef82505 100644 --- a/sources/aft-lambda-layer/aft_common/logger.py +++ b/sources/aft-lambda-layer/aft_common/logger.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ###################################################################################################################### # Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # # diff --git a/sources/aft-lambda-layer/aft_common/premium_support.py b/sources/aft-lambda-layer/aft_common/premium_support.py index c3bf5a30..a3f8e336 100644 --- a/sources/aft-lambda-layer/aft_common/premium_support.py +++ b/sources/aft-lambda-layer/aft_common/premium_support.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# from typing import TYPE_CHECKING from boto3.session import Session diff --git a/sources/aft-lambda-layer/aft_common/types.py b/sources/aft-lambda-layer/aft_common/types.py index 162b13ee..47333171 100644 --- a/sources/aft-lambda-layer/aft_common/types.py +++ b/sources/aft-lambda-layer/aft_common/types.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# from typing import Literal, TypedDict diff --git a/sources/aft-lambda-layer/setup.py b/sources/aft-lambda-layer/setup.py index d60746ad..4539bc70 100644 --- a/sources/aft-lambda-layer/setup.py +++ b/sources/aft-lambda-layer/setup.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import setuptools with open("readme.md", "r", encoding="utf-8") as fh: diff --git a/sources/scripts/creds.sh b/sources/scripts/creds.sh index 7391fb01..5db26a5c 100755 --- a/sources/scripts/creds.sh +++ b/sources/scripts/creds.sh @@ -1,4 +1,7 @@ #!/bin/bash +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# #Default flags to false USER_DEFINED_ACCOUNT=false diff --git a/sources/scripts/terraform_client.py b/sources/scripts/terraform_client.py index 48e7567d..46586ea7 100755 --- a/sources/scripts/terraform_client.py +++ b/sources/scripts/terraform_client.py @@ -1,4 +1,7 @@ #!/usr/bin/python +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import os import time diff --git a/sources/scripts/workspace_manager.py b/sources/scripts/workspace_manager.py index d4260e98..381d5967 100755 --- a/sources/scripts/workspace_manager.py +++ b/sources/scripts/workspace_manager.py @@ -1,4 +1,7 @@ #!/usr/bin/python +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import argparse import io diff --git a/src/__init__.py b/src/__init__.py index e69de29b..ef31cbbc 100644 --- a/src/__init__.py +++ b/src/__init__.py @@ -0,0 +1,3 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# diff --git a/src/aft_lambda/__init__.py b/src/aft_lambda/__init__.py index e69de29b..ef31cbbc 100644 --- a/src/aft_lambda/__init__.py +++ b/src/aft_lambda/__init__.py @@ -0,0 +1,3 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# diff --git a/src/aft_lambda/aft_account_provisioning_framework/__init__.py b/src/aft_lambda/aft_account_provisioning_framework/__init__.py index e69de29b..ef31cbbc 100644 --- a/src/aft_lambda/aft_account_provisioning_framework/__init__.py +++ b/src/aft_lambda/aft_account_provisioning_framework/__init__.py @@ -0,0 +1,3 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# diff --git a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_account_metadata_ssm.py b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_account_metadata_ssm.py index 1380367b..c3b43aa5 100644 --- a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_account_metadata_ssm.py +++ b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_account_metadata_ssm.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect import json from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_create_role.py b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_create_role.py index 7e2d0308..8195131f 100644 --- a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_create_role.py +++ b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_create_role.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_get_account_info.py b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_get_account_info.py index c2594ff0..fb897d8f 100644 --- a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_get_account_info.py +++ b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_get_account_info.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_persist_metadata.py b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_persist_metadata.py index 24f26209..695a8aab 100644 --- a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_persist_metadata.py +++ b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_persist_metadata.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_tag_account.py b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_tag_account.py index 5469e01d..ea0a81a5 100644 --- a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_tag_account.py +++ b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_tag_account.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_validate_request.py b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_validate_request.py index 5257f4f2..0deb99c0 100644 --- a/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_validate_request.py +++ b/src/aft_lambda/aft_account_provisioning_framework/aft_account_provisioning_framework_validate_request.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_request_framework/__init__.py b/src/aft_lambda/aft_account_request_framework/__init__.py index e69de29b..ef31cbbc 100644 --- a/src/aft_lambda/aft_account_request_framework/__init__.py +++ b/src/aft_lambda/aft_account_request_framework/__init__.py @@ -0,0 +1,3 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# diff --git a/src/aft_lambda/aft_account_request_framework/aft_account_request_action_trigger.py b/src/aft_lambda/aft_account_request_framework/aft_account_request_action_trigger.py index bf71e1f1..43fd4529 100644 --- a/src/aft_lambda/aft_account_request_framework/aft_account_request_action_trigger.py +++ b/src/aft_lambda/aft_account_request_framework/aft_account_request_action_trigger.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect import json from typing import Any, Dict, Union @@ -5,10 +8,10 @@ import aft_common.aft_utils as utils from aft_common.account_request_framework import ( build_aft_account_provisioning_framework_event, - build_sqs_message, control_tower_param_changed, delete_account_request, - new_account_request, + insert_msg_into_acc_req_queue, + provisioned_product_exists, ) from boto3.session import Session @@ -38,33 +41,30 @@ def lambda_handler(event: Dict[str, Any], context: Union[Dict[str, Any], None]) logger.info("Delete account request received") return None - new_account = new_account_request(event_record) + new_account = not provisioned_product_exists(event_record) + control_tower_updates = control_tower_param_changed(event_record) + if new_account: logger.info("New account request received") - sqs_queue = utils.get_ssm_parameter_value( - session, utils.SSM_PARAM_ACCOUNT_REQUEST_QUEUE + insert_msg_into_acc_req_queue( + event_record=event_record, new_account=True, session=session ) - sqs_queue = utils.build_sqs_url(session, sqs_queue) - message = build_sqs_message(event_record) - utils.send_sqs_message(session, sqs_queue, message) - else: + elif not new_account and control_tower_updates: logger.info("Modify account request received") - if control_tower_param_changed(event_record): - logger.info("Control Tower Parameter Update Request Received") - sqs_queue = utils.get_ssm_parameter_value( - session, utils.SSM_PARAM_ACCOUNT_REQUEST_QUEUE - ) - sqs_queue = utils.build_sqs_url(session, sqs_queue) - message = build_sqs_message(event_record) - utils.send_sqs_message(session, sqs_queue, message) - else: - logger.info("NON-Control Tower Parameter Update Request Received") - payload = build_aft_account_provisioning_framework_event(event_record) - lambda_name = utils.get_ssm_parameter_value( - session, - utils.SSM_PARAM_AFT_ACCOUNT_PROVISIONING_FRAMEWORK_LAMBDA, - ) - utils.invoke_lambda(session, lambda_name, json.dumps(payload).encode()) + logger.info("Control Tower Parameter Update Request Received") + insert_msg_into_acc_req_queue( + event_record=event_record, new_account=False, session=session + ) + elif not new_account and not control_tower_updates: + logger.info("NON-Control Tower Parameter Update Request Received") + payload = build_aft_account_provisioning_framework_event(event_record) + lambda_name = utils.get_ssm_parameter_value( + session, + utils.SSM_PARAM_AFT_ACCOUNT_PROVISIONING_FRAMEWORK_LAMBDA, + ) + utils.invoke_lambda(session, lambda_name, json.dumps(payload).encode()) + else: + raise Exception("Unsupported account request") except Exception as e: message = { diff --git a/src/aft_lambda/aft_account_request_framework/aft_account_request_audit_trigger.py b/src/aft_lambda/aft_account_request_framework/aft_account_request_audit_trigger.py index 1b495ae9..86ad8c1f 100644 --- a/src/aft_lambda/aft_account_request_framework/aft_account_request_audit_trigger.py +++ b/src/aft_lambda/aft_account_request_framework/aft_account_request_audit_trigger.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect import sys from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_request_framework/aft_account_request_processor.py b/src/aft_lambda/aft_account_request_framework/aft_account_request_processor.py index 3face4b0..61ded7f9 100644 --- a/src/aft_lambda/aft_account_request_framework/aft_account_request_processor.py +++ b/src/aft_lambda/aft_account_request_framework/aft_account_request_processor.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect import json from typing import Any, Dict, Union @@ -6,8 +9,8 @@ from aft_common.account_request_framework import ( create_new_account, modify_ct_request_is_valid, - modify_existing_account, new_ct_request_is_valid, + update_existing_account, ) from boto3.session import Session @@ -39,7 +42,7 @@ def lambda_handler(event: Dict[str, Any], context: Union[Dict[str, Any], None]) if sqs_message is not None: sqs_body = json.loads(sqs_message["Body"]) ct_request_is_valid = True - if sqs_body["operation"] == "INSERT": + if sqs_body["operation"] == "ADD": ct_request_is_valid = new_ct_request_is_valid( ct_management_session, sqs_body ) @@ -47,10 +50,10 @@ def lambda_handler(event: Dict[str, Any], context: Union[Dict[str, Any], None]) response = create_new_account( session, ct_management_session, sqs_body ) - elif sqs_body["operation"] == "MODIFY": + elif sqs_body["operation"] == "UPDATE": ct_request_is_valid = modify_ct_request_is_valid(sqs_body) if ct_request_is_valid: - modify_existing_account( + update_existing_account( session, ct_management_session, sqs_body ) else: diff --git a/src/aft_lambda/aft_account_request_framework/aft_controltower_event_logger.py b/src/aft_lambda/aft_account_request_framework/aft_controltower_event_logger.py index 02d875a3..37ccc27a 100644 --- a/src/aft_lambda/aft_account_request_framework/aft_controltower_event_logger.py +++ b/src/aft_lambda/aft_account_request_framework/aft_controltower_event_logger.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_account_request_framework/aft_invoke_aft_account_provisioning_framework.py b/src/aft_lambda/aft_account_request_framework/aft_invoke_aft_account_provisioning_framework.py index 2180f473..71e9c101 100644 --- a/src/aft_lambda/aft_account_request_framework/aft_invoke_aft_account_provisioning_framework.py +++ b/src/aft_lambda/aft_account_request_framework/aft_invoke_aft_account_provisioning_framework.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect import json from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_builder/codebuild_invoker.py b/src/aft_lambda/aft_builder/codebuild_invoker.py new file mode 100644 index 00000000..3311d9d2 --- /dev/null +++ b/src/aft_lambda/aft_builder/codebuild_invoker.py @@ -0,0 +1,59 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +import datetime +import inspect +import logging +import time +from typing import Any, Dict, Union + +from boto3.session import Session + +logger = logging.getLogger() +logger.setLevel(level=logging.INFO) + +# This function is directly responsible for building `aft_common` library +# Do not import `aft_common` into this handler! +def lambda_handler( + event: Dict[str, Any], context: Union[Dict[str, Any], None] +) -> Dict[str, Any]: + try: + session = Session() + client = session.client("codebuild") + + codebuild_project_name = event["codebuild_project_name"] + job_id = client.start_build(projectName=codebuild_project_name)["build"]["id"] + + logger.info(f"Started build project {codebuild_project_name} job {job_id}") + + # Wait at least 30 seconds for the build to initialize + time.sleep(30) + + # 15min Lambda hard-timeout, soft-timeout at 14min + end_time = datetime.datetime.utcnow() + datetime.timedelta(minutes=14) + while datetime.datetime.utcnow() <= end_time: + # We pass exactly 1 job ID, so the build list should contain exactly 1 object + job_status = client.batch_get_builds(ids=[job_id])["builds"][0][ + "buildStatus" + ] + if job_status == "IN_PROGRESS": + time.sleep(10) + continue + elif job_status == "SUCCEEDED": + logger.info(f"Build job {job_id} completed successfully") + return {"Status": 200} + else: + logger.info(f"Build {job_id} failed - non-success terminal status") + raise Exception(f"Build {job_id} failed - non-success terminal status") + + logger.info(f"Build {job_id} failed - time out") + raise Exception(f"Build {job_id} failed - time out") + + except Exception as e: + message = { + "FILE": __file__.split("/")[-1], + "METHOD": inspect.stack()[0][3], + "EXCEPTION": str(e), + } + logger.exception(message) + raise diff --git a/src/aft_lambda/aft_customizations/__init__.py b/src/aft_lambda/aft_customizations/__init__.py index e69de29b..ef31cbbc 100644 --- a/src/aft_lambda/aft_customizations/__init__.py +++ b/src/aft_lambda/aft_customizations/__init__.py @@ -0,0 +1,3 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# diff --git a/src/aft_lambda/aft_customizations/aft_customizations_execute_pipeline.py b/src/aft_lambda/aft_customizations/aft_customizations_execute_pipeline.py index 68cdf8a8..247dd2b8 100644 --- a/src/aft_lambda/aft_customizations/aft_customizations_execute_pipeline.py +++ b/src/aft_lambda/aft_customizations/aft_customizations_execute_pipeline.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_customizations/aft_customizations_get_pipeline_executions.py b/src/aft_lambda/aft_customizations/aft_customizations_get_pipeline_executions.py index 2b540d88..923fb30a 100644 --- a/src/aft_lambda/aft_customizations/aft_customizations_get_pipeline_executions.py +++ b/src/aft_lambda/aft_customizations/aft_customizations_get_pipeline_executions.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_customizations/aft_customizations_identify_targets.py b/src/aft_lambda/aft_customizations/aft_customizations_identify_targets.py index 1098ed5b..0f33adc7 100644 --- a/src/aft_lambda/aft_customizations/aft_customizations_identify_targets.py +++ b/src/aft_lambda/aft_customizations/aft_customizations_identify_targets.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect import sys from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_customizations/aft_customizations_invoke_account_provisioning_framework.py b/src/aft_lambda/aft_customizations/aft_customizations_invoke_account_provisioning_framework.py index bb955791..212d2fd7 100644 --- a/src/aft_lambda/aft_customizations/aft_customizations_invoke_account_provisioning_framework.py +++ b/src/aft_lambda/aft_customizations/aft_customizations_invoke_account_provisioning_framework.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_feature_options/__init__.py b/src/aft_lambda/aft_feature_options/__init__.py index e69de29b..ef31cbbc 100644 --- a/src/aft_lambda/aft_feature_options/__init__.py +++ b/src/aft_lambda/aft_feature_options/__init__.py @@ -0,0 +1,3 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# diff --git a/src/aft_lambda/aft_feature_options/aft_delete_default_vpc.py b/src/aft_lambda/aft_feature_options/aft_delete_default_vpc.py index ead772e0..9024d044 100644 --- a/src/aft_lambda/aft_feature_options/aft_delete_default_vpc.py +++ b/src/aft_lambda/aft_feature_options/aft_delete_default_vpc.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import TYPE_CHECKING, Any, Dict, Union diff --git a/src/aft_lambda/aft_feature_options/aft_enable_cloudtrail.py b/src/aft_lambda/aft_feature_options/aft_enable_cloudtrail.py index 29ce6d3d..005a2443 100644 --- a/src/aft_lambda/aft_feature_options/aft_enable_cloudtrail.py +++ b/src/aft_lambda/aft_feature_options/aft_enable_cloudtrail.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Union diff --git a/src/aft_lambda/aft_feature_options/aft_enroll_support.py b/src/aft_lambda/aft_feature_options/aft_enroll_support.py index 8b8423b8..d90cdc2a 100644 --- a/src/aft_lambda/aft_feature_options/aft_enroll_support.py +++ b/src/aft_lambda/aft_feature_options/aft_enroll_support.py @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# import inspect from typing import Any, Dict, Optional diff --git a/variables.tf b/variables.tf index 382e724e..e5b42c46 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# ######################################### # Control Tower Core Account Parameters ######################################### diff --git a/versions.tf b/versions.tf index a6996d45..47002ed6 100644 --- a/versions.tf +++ b/versions.tf @@ -1,10 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# terraform { required_version = ">= 0.15.1" required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.72" + version = ">= 3.72, < 4.0.0" configuration_aliases = [aws.ct_management, aws.log_archive, aws.audit, aws.aft_management, aws.tf_backend_secondary_region] } }