Skip to content
Snippets Groups Projects
Commit c0b440b6 authored by Brandt Beal's avatar Brandt Beal
Browse files

Merge branch 'trusted-aws' into 'master' 

Incorporate AWS Integration Tests

See merge request !5
parents cbfd04af c57514cf
No related branches found
No related tags found
1 merge request!5Incorporate AWS Integration Tests
Pipeline #2355 passed
Stage: build
Stage: scan
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 22 additions and 3169 deletions
.gitlab-ci.yml
+ 15
5
View file @ c0b440b6
variables: variables:
AWS_BUILD_SUBDIR: provider/indexer-aws AWS_BUILD_SUBDIR: provider/indexer-aws/build-aws
AWS_APPLICATION_NAME: os-indexer AWS_TEST_SUBDIR: testing/indexer-test-aws
AWS_SERVICE: indexer
AWS_ENVIRONMENT: dev AWS_ENVIRONMENT: dev
GCP_BUILD_SUBDIR: provider/indexer-gcp GCP_BUILD_SUBDIR: provider/indexer-gcp
...@@ -20,12 +21,21 @@ variables: ...@@ -20,12 +21,21 @@ variables:
include: include:
- project: "osdu/platform/ci-cd-pipelines" - project: "osdu/platform/ci-cd-pipelines"
file: "standard-setup.yml" file: "standard-setup.yml"
- project: "osdu/platform/ci-cd-pipelines" - project: "osdu/platform/ci-cd-pipelines"
file: "build/maven.yml" file: "build/maven.yml"
- project: "osdu/platform/ci-cd-pipelines"
ref: "master"
file: "cloud-providers/azure.yml"
- project: "osdu/platform/ci-cd-pipelines" - project: "osdu/platform/ci-cd-pipelines"
file: "scanners/fossa.yml" file: "scanners/fossa.yml"
- project: "osdu/platform/ci-cd-pipelines" - project: "osdu/platform/ci-cd-pipelines"
file: "scanners/gitlab-ultimate.yml" file: "scanners/gitlab-ultimate.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "cloud-providers/aws.yml"
- project: "osdu/platform/ci-cd-pipelines"
file: "publishing/pages.yml"
aws-test:
tags: ['aws-internal-test']
provider/indexer-aws/.env.template
+ 1
0
View file @ c0b440b6
...@@ -56,6 +56,7 @@ SNS_TOPIC_NAME= ...@@ -56,6 +56,7 @@ SNS_TOPIC_NAME=
SNS_STORAGE_TOPIC_NAME= SNS_STORAGE_TOPIC_NAME=
ENVIRONMENT= ENVIRONMENT=
AWS_REGION= AWS_REGION=
LOG_LEVEL=
##### Integration test-specific - these are only used for integration tests, not the app ### ##### Integration test-specific - these are only used for integration tests, not the app ###
OTHER_RELEVANT_DATA_COUNTRIES= OTHER_RELEVANT_DATA_COUNTRIES=
......
provider/indexer-aws/CloudFormation/Automated/cache.yml deleted 100644 → 0
+ 0
205
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: 2010-09-09
Description: >-
CloudFormation template for creating the resources used for the tenant info database for OSDU.
It creates the DynamoDB table and the API Gateway endpoints.
Parameters:
Environment:
Description: An environment name that will be prefixed to resource names.
Type: String
AllowedValues:
- dev
- uat
- prod
ConstraintDescription: Can only be "dev/uat/prod"
Default: dev
Region:
Description: The AWS region to deploy the resources to.
Type: String
Default: us-east-1
ApplicationName:
Description: >
The name of the application, which will be used to generate the ECS cluster name.
It will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: os-indexer
CacheName:
Description: The name of the cache cluster. Will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: cache
CacheEngine:
Description: Which caching platform to use. Can be set to 'redis' or 'memcached'.
Type: String
AllowedValues:
- redis
- memcached
ConstraintDescription: Can only be "redis" or "memcached"
Default: redis
NodeInstanceType:
Description: The instance type for redis cache nodes.
ConstraintDescription: Must be a valid instance type from the list of allowed values.
Default: cache.t2.micro
AllowedValues:
- cache.m5.large
- cache.m5.xlarge
- cache.m5.2xlarge
- cache.m5.4xlarge
- cache.m5.12xlarge
- cache.m5.24xlarge
- cache.m4.large
- cache.m4.xlarge
- cache.m4.2xlarge
- cache.m4.4xlarge
- cache.m4.10xlarge
- cache.t2.micro
- cache.t2.small
- cache.t2.medium
- cache.c1.xlarge
- cache.r5.large
- cache.r5.xlarge
- cache.r5.2xlarge
- cache.r5.4xlarge
- cache.r5.12xlarge
- cache.r5.24xlarge
- cache.r4.large
- cache.r4.xlarge
- cache.r4.2xlarge
- cache.r4.4xlarge
- cache.r4.8xlarge
- cache.r4.16xlarge
Type: String
NumberOfCacheNodes:
Description: An integer value specifying the number of node in the redis cache.
Type: Number
Default: 1
MinValue: 1
MaxValue: 128
Conditions:
IsSingleNode: !Equals [ !Ref NumberOfCacheNodes, 1 ]
IsClustered: !Not [Condition: IsSingleNode]
IsMemcached: !Equals [ !Ref CacheEngine, memcached ]
IsRedis: !Equals [ !Ref CacheEngine, redis ]
Resources:
ElastiCacheVpcSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub "${Environment}-${CacheName}-sg"
GroupDescription: "This is the security group that all of our ElastiCache cluster will be placed into."
VpcId:
Fn::ImportValue:
!Sub "${Environment}-OSDU-VPC"
ElastiCacheVpcSecurityGroupCodeBuildIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref ElastiCacheVpcSecurityGroup
IpProtocol: tcp
FromPort: "6379"
ToPort: "6379"
SourceSecurityGroupId:
Fn::ImportValue:
!Sub "${Environment}-OSDU-CodeBuildSecurityGroup"
ElastiCacheVpcSecurityGroupECSIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref ElastiCacheVpcSecurityGroup
IpProtocol: tcp
FromPort: "6379"
ToPort: "6379"
SourceSecurityGroupId:
Fn::ImportValue:
!Sub "${Environment}-${ApplicationName}-EcsNetworkSecurityGroupId"
ElastiCacheSubnetGroup:
Type: 'AWS::ElastiCache::SubnetGroup'
Properties:
CacheSubnetGroupName: !Sub ${Environment}-${CacheName}-SubnetGroup
Description: Redis cache VPC subnet group.
SubnetIds:
- Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ1"
- Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ2"
ElastiCacheCluster:
Type: 'AWS::ElastiCache::CacheCluster'
DependsOn: ElastiCacheSubnetGroup
Properties:
AutoMinorVersionUpgrade: 'false'
AZMode: single-az # this parameter only affects Memcached clusters
Engine: !Ref CacheEngine
CacheNodeType: !Ref NodeInstanceType
NumCacheNodes: !Ref NumberOfCacheNodes
ClusterName: !Sub ${Environment}-${CacheName}
CacheSubnetGroupName: !Ref ElastiCacheSubnetGroup
VpcSecurityGroupIds:
- Ref: ElastiCacheVpcSecurityGroup
Outputs:
# Redis (cluster mode disabled) replication groups don't have this attribute.
# Therefore, Fn::GetAtt returns a value for this attribute only if the replication
# group is clustered. Otherwise, Fn::GetAtt fails.
ElastiCacheConfigurationEndpointUrl:
Description: The configuration endpoint URL of the cache node.
Value: !GetAtt ElastiCacheCluster.ConfigurationEndpoint.Address
Condition: IsClustered
Export:
Name: !Sub ${Environment}-${CacheName}-ElastiCacheConfigurationEndpointUrl
# This output is only applicable if the cache engine is set to Memcached
MemcachedConfigurationEndpointPort:
Description: The Memcached configuration endpoint port of the cache node.
Value: !GetAtt ElastiCacheCluster.ConfigurationEndpoint.Port
Condition: IsMemcached
Export:
Name: !Sub ${Environment}-${CacheName}-MemcachedConfigurationEndpointPort
# This output is only applicable if the cache engine is set to Redis
RedisEndpointAddress:
Description: The Redis endpoint address of the cache.
Value: !GetAtt ElastiCacheCluster.RedisEndpoint.Address
Condition: IsRedis
Export:
Name: !Sub ${Environment}-${CacheName}-RedisEndpointAddress
# This output is only applicable if the cache engine is set to Redis
RedisEndpointPort:
Description: The Redis endpoint port of the cache.
Value: !GetAtt ElastiCacheCluster.RedisEndpoint.Port
Condition: IsRedis
Export:
Name: !Sub ${Environment}-${CacheName}-RedisEndpointPort
provider/indexer-aws/CloudFormation/Automated/ecs-cluster.yml deleted 100644 → 0
+ 0
764
View file @ cbfd04af
This diff is collapsed.
provider/indexer-aws/CloudFormation/Automated/ecs-network.yml deleted 100644 → 0
+ 0
150
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: 2010-09-09
Description: >-
CloudFormation template for creating the network resources used for the ECS cluster the application will
be deployed into. This is separated from the rest of the ECS resources in order to avoid a circular dependency.
Because there can be any number of cache stacks, but only one ECS stack per service, it makes sense to have
the caches import ECS exports in order to permit access from ECS, rather than the other way around, since
the number of cache clusters and their names can vary, and would require hardcoding them into the ECS template,
whereas this way things stay generic and the ECS CloudFormation template does not need to be updated in order to
add or remove ElastiCache clusters.
Parameters:
Environment:
Description: An environment name that will be prefixed to resource names.
Type: String
AllowedValues:
- dev
- uat
- prod
ConstraintDescription: Can only be "dev/uat/prod"
Default: dev
Region:
Description: The AWS region to deploy the resources to.
Type: String
Default: us-east-1
ApplicationName:
Description: >
The name of the application, which will be used to generate the ECS cluster name.
It will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: os-indexer
ECSPort:
Description: The port that the ECS Service will listen on.
Type: Number
Default: 443
MinValue: 1
MaxValue: 65535
DomainName:
Description: >-
The optional custom DNS name for the service's load balancer. If omitted, the site will only be accessible
via the ECS service's Application Load Balancer DNS name. This value is used in the creation and signing of
the service's SSL certificate. Leave blank for none.
Type: String
Default: ''
AcmCertificateArn:
Description: >-
The Amazon Resource Name (ARN) of an existing AWS Certificate Manager (ACM) certificate.
If omitted, a new SSL certified will be requested/generated (only if the custom domain name
parameter is provided, otherwise the ECS service's ALB will not use SSL/HTTPS).
Type: String
AllowedPattern: "^(|arn:aws:acm:.*)$"
Default: ''
Conditions:
IncludeCustomDomain: !Not [!Equals [ !Ref DomainName, '' ]]
UseExistingACMSSLCertificate: !And
- !Not [!Equals [ !Ref AcmCertificateArn, '' ]]
- !Condition IncludeCustomDomain
ShouldRequestNewSSLCertificate: !And
- !Not [!Condition UseExistingACMSSLCertificate]
- !Condition IncludeCustomDomain
ShouldExportSSLCertificate: !Or
- !Condition IncludeCustomDomain
- !Condition UseExistingACMSSLCertificate
Resources:
# If an existing SSL certificate is not provided, but a custom domain is, request one
LoadBalancerSSLCertificate:
Type: 'AWS::CertificateManager::Certificate'
Condition: ShouldRequestNewSSLCertificate
Properties:
DomainName: !Ref DomainName
SubjectAlternativeNames:
- !Join ['.', ['origin', !Ref DomainName]] #
ECSSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub "${Environment}-${ApplicationName}-sg"
GroupDescription: Indexer Service ECS Security Group
VpcId:
Fn::ImportValue:
!Sub "${Environment}-OSDU-VPC"
# Public access to the specified ECS Listening Port
ECSSecurityGroupECSListenerInbound:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref 'ECSSecurityGroup'
IpProtocol: tcp
FromPort: !Ref ECSPort
ToPort: !Ref ECSPort
CidrIp: 0.0.0.0/0
# SSH access for instances in our VPC's jump box subnet group
# TODO: Update when the jump box is created as a part of the Util CFN, for now it is public
ECSSecurityGroupSSHInbound:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref 'ECSSecurityGroup'
IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
# Open Application Load Balancer port range to self-access
ECSSecurityGroupALBports:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref 'ECSSecurityGroup'
IpProtocol: tcp
FromPort: '31000'
ToPort: '61000'
SourceSecurityGroupId: !Ref 'ECSSecurityGroup'
Outputs:
EcsNetworkSecurityGroupId:
Description: The ID of the Indexer Service ECS EC2 security group.
Value: !Ref 'ECSSecurityGroup'
Export:
Name: !Sub ${Environment}-${ApplicationName}-EcsNetworkSecurityGroupId
LoadBalancerSSLCertificateArn:
Condition: ShouldExportSSLCertificate
Description: The ARN of the SSL certificate to be used for both ECS and CloudFront (includes both DNS names).
Value: !If [UseExistingACMSSLCertificate, !Ref AcmCertificateArn, !Ref 'LoadBalancerSSLCertificate']
Export:
Name: !Sub ${Environment}-${ApplicationName}-LoadBalancerSSLCertificateArn
provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml deleted 100644 → 0
+ 0
242
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: 2010-09-09
Description: >-
CloudFormation template for creating the resources used for the tenant info database for OSDU.
It creates the DynamoDB table and the API Gateway endpoints.
Parameters:
Environment:
Description: An environment name that will be prefixed to resource names.
Type: String
AllowedValues:
- dev
- uat
- prod
ConstraintDescription: Can only be "dev/uat/prod"
Default: dev
ApplicationName:
Description: >
The name of the application, which will be used to generate the ECS cluster name.
It will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: os-indexer
SearchApplicationName:
Description: >
The name of the application, which will be used to generate the ECS cluster name.
It will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: os-search
Region:
Description: The AWS region to deploy the resources to.
Type: String
Default: us-east-1
ElasticsearchDomainName:
Description: The name of the Elasticsearch domain. Will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: osdu-indexer
ElasticsearchNodeInstanceType:
Description: The instance type for the main Elasticsearch nodes.
ConstraintDescription: Must be a valid instance type from the list of allowed values.
Default: t2.medium.elasticsearch
AllowedValues:
- t2.small.elasticsearch
- t2.medium.elasticsearch
- m5.large.elasticsearch
- m5.xlarge.elasticsearch
- m5.2xlarge.elasticsearch
- m5.4xlarge.elasticsearch
- m5.12xlarge.elasticsearch
- c5.large.elasticsearch
- c5.xlarge.elasticsearch
- c5.2xlarge.elasticsearch
- c5.4xlarge.elasticsearch
- c5.9xlarge.elasticsearch
- c5.18xlarge.elasticsearch
- r5.large.elasticsearch
- r5.xlarge.elasticsearch
- r5.2xlarge.elasticsearch
- r5.4xlarge.elasticsearch
- r5.12xlarge.elasticsearch
- i3.large.elasticsearch
- i3.xlarge.elasticsearch
- i3.2xlarge.elasticsearch
- i3.4xlarge.elasticsearch
- i3.8xlarge.elasticsearch
- i3.16xlarge.elasticsearch
Type: String
DedicatedMasterInstanceType:
Description: >
The instance type for the dedicated master nodes. These nodes perform cluster management
tasks, but doesn't hold data or respond to data upload requests.
ConstraintDescription: Must be a valid instance type from the list of allowed values.
Default: t2.medium.elasticsearch
AllowedValues:
- t2.small.elasticsearch
- t2.medium.elasticsearch
- m5.large.elasticsearch
- m5.xlarge.elasticsearch
- m5.2xlarge.elasticsearch
- m5.4xlarge.elasticsearch
- m5.12xlarge.elasticsearch
- c5.large.elasticsearch
- c5.xlarge.elasticsearch
- c5.2xlarge.elasticsearch
- c5.4xlarge.elasticsearch
- c5.9xlarge.elasticsearch
- c5.18xlarge.elasticsearch
- r5.large.elasticsearch
- r5.xlarge.elasticsearch
- r5.2xlarge.elasticsearch
- r5.4xlarge.elasticsearch
- r5.12xlarge.elasticsearch
- i3.large.elasticsearch
- i3.xlarge.elasticsearch
- i3.2xlarge.elasticsearch
- i3.4xlarge.elasticsearch
- i3.8xlarge.elasticsearch
- i3.16xlarge.elasticsearch
Type: String
NumberOfElasticsearchNodes:
Description: An integer value specifying the number of Elasticsearch primary nodes in the cluster.
Type: Number
Default: 2
MinValue: 1
MaxValue: 40
NumberOfDedicatedMasterNodes:
Description: An integer value specifying the number of dedicated master nodes.
Type: Number
Default: 2
MinValue: 2
MaxValue: 5
ZoneAwarenessEnabled:
Description: >
When Zone Awareness is enabled, Elasticsearch allocates the nodes and replica
index shards that belong to a cluster across multiple AZs in the deployment region.
Type: String
AllowedValues:
- true
- false
Default: false
ElasticsearchVersion:
Description: >
The version of Elasticsearch to deploy on the cluster. Defaults to 6.8. Note
that an update requires a full replacement of the Elasticsearch cluster.
Type: String
AllowedValues:
- 1.5
- 2.3
- 5.1
- 5.3
- 5.5
- 5.6
- 6.0
- 6.2
- 6.3
- 6.4
- 6.5
- 6.6
- 6.8
- 6.8
- 7.1
Default: 6.8
EBSVolumeSize:
Description: >
The size of the EBS volume (per instance; total cluster size = EBS volume size x Instance count)
Maximum size varies by instance type, from 35GiB for t2 instances, up to 12TiB for r5.12xlarge.
Type: Number
Default: 10
MinValue: 10
MaxValue: 12000
Resources:
ElasticsearchDomain:
Type: AWS::Elasticsearch::Domain
Properties:
DomainName: !Sub ${Environment}-${ElasticsearchDomainName}
ElasticsearchVersion: !Ref ElasticsearchVersion
ElasticsearchClusterConfig:
DedicatedMasterEnabled: "true"
InstanceCount: !Ref NumberOfElasticsearchNodes
ZoneAwarenessEnabled: !Ref ZoneAwarenessEnabled
InstanceType: !Ref ElasticsearchNodeInstanceType
DedicatedMasterType: !Ref DedicatedMasterInstanceType
DedicatedMasterCount: !Ref NumberOfDedicatedMasterNodes
EBSOptions:
EBSEnabled: true
VolumeSize: !Ref EBSVolumeSize
VolumeType: "gp2"
NodeToNodeEncryptionOptions:
Enabled: false
SnapshotOptions:
AutomatedSnapshotStartHour: "0"
AccessPolicies:
Version: 2012-10-17
Statement:
- Effect: "Allow"
Principal: "*"
Resource: '*'
Action: "*"
AdvancedOptions:
rest.action.multi.allow_explicit_index: "true"
Tags:
-
Key: "Environment"
Value: !Ref Environment
VPCOptions:
SubnetIds:
- Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ1"
SecurityGroupIds:
- Fn::ImportValue:
!Sub "${Environment}-${ApplicationName}-EcsNetworkSecurityGroupId"
Outputs:
# Elasticsearch domain ARN
ElasticsearchDomainArn:
Description: The ARN of the Elasticsearch domain.
Value: !GetAtt ElasticsearchDomain.DomainArn
Export:
Name: !Sub ${Environment}-${ElasticsearchDomainName}-ElasticsearchDomainArn
# Elasticsearch domain endpoint
ElasticsearchDomainEndpoint:
Description: The endpoint URL of the Elasticsearch domain.
Value: !GetAtt ElasticsearchDomain.DomainEndpoint
Export:
Name: !Sub ${Environment}-${ElasticsearchDomainName}-ElasticsearchDomainEndpoint
provider/indexer-aws/CloudFormation/Automated/iam-credentials.yml deleted 100644 → 0
+ 0
114
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: 2010-09-09
Description: >-
CloudFormation template for creating the resources used for application SDK access for OSDU services.
It creates the IAM account, access keys, and optional key rotation.
Parameters:
Environment:
Description: An environment name that will be prefixed to resource names.
Type: String
AllowedValues:
- dev
- uat
- prod
ConstraintDescription: Can only be "dev/uat/prod"
Default: dev
Region:
Description: The AWS region to deploy the resources to.
Type: String
Default: us-east-1
IndexerServiceIamUsername:
Description: The username of the service user for the OS Indexer Service.
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Type: String
Default: service-user-os-indexer
MinLength: '1'
MaxLength: '64'
IndexerServiceIamKeyRotationSerial:
Description: This integer value can only ever be incremented, and an increase in value results in a rotation of the user's access key.
Type: Number
Default: 1
Resources:
IndexerServiceIamUser:
Type: AWS::IAM::User
Properties:
Policies:
- PolicyName: !Sub ${Environment}-IndexerServiceUserPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
-
Action:
- 's3:*'
- 'sns:*'
- 'sqs:*'
- 'dynamodb:*'
- 'logs:*'
- 'cloudwatch:*'
- 'es:*'
- 'cognito-identity:*'
- 'cognito-idp:*'
- 'sts:AssumeRole'
- "iam:*"
Effect: Allow
Resource: '*'
UserName: !Sub ${Environment}-${IndexerServiceIamUsername}
IndexerServiceIamUserAccessKey:
Type: AWS::IAM::AccessKey
DependsOn: IndexerServiceIamUser
Properties:
Serial: !Ref IndexerServiceIamKeyRotationSerial # this value can only ever be incremented, and an increase in value results in a rotation of the user's access key
Status: Active
UserName: !Sub ${Environment}-${IndexerServiceIamUsername}
IAMCredentialsSecret:
Type: 'AWS::SecretsManager::Secret'
Properties:
Name: !Sub ${Environment}-IndexerServiceIamCredentials
Description: The IAM service account credentials for the search service.
SecretString:
Fn::Sub:
- '{"access_key":"${AccessKey}","secret_key":"${SecretKey}"}'
- {AccessKey: !Ref IndexerServiceIamUserAccessKey, SecretKey: !GetAtt IndexerServiceIamUserAccessKey.SecretAccessKey}
Tags:
- Key: Environment
Value: !Ref Environment
Outputs:
IndexerServiceIamUserAccessKeyId:
Description: The access key ID for the service user for the Schema Repository.
Value: !Ref IndexerServiceIamUserAccessKey
Export:
Name: !Sub ${Environment}-IndexerServiceIamUserAccessKeyId
IndexerServiceIamUserSecretAccessKey:
Description: The secret access key for the service user for the Schema Repository.
Value: !GetAtt IndexerServiceIamUserAccessKey.SecretAccessKey
Export:
Name: !Sub ${Environment}-IndexerServiceIamUserSecretAccessKey
IndexerServiceIamUserArn:
Description: The ARN of the service IAM user account.
Value: !GetAtt IndexerServiceIamUser.Arn
Export:
Name: !Sub ${Environment}-IndexerServiceIamUserArn
provider/indexer-aws/CloudFormation/Automated/sns-topic.yml deleted 100644 → 0
+ 0
108
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: 2010-09-09
Description: >-
CloudFormation template for creating the resources used for the sending messages to topic and queues to receive the
messages for OSDU's indexer service. It creates the SNS Topic and the corresponding SQS Queues with their associated policies.
Parameters:
Environment:
Description: an environment name that will be prefixed to resource names.
Type: String
AllowedValues:
- dev
- uat
- prod
ConstraintDescription: Can only be "dev/uat/prod"
Default: dev
Region:
Description: The AWS region to deploy the resources to.
Type: String
Default: us-east-1
SNSTopicName:
Description: >-
The name of the Simple Notification Service topic for the OS Indexer Service. Defaults to osdu-indexer-messages.
Will be prefixed with the environment name.
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: osdu-indexer-messages
Type: String
MinLength: '1'
MaxLength: '64'
SQSQueueName:
Description: >-
The name of the Simple Queue Service queue for the OS Indexer Service. Defaults to osdu-indexer-queue.
Will be prefixed with the environment name.
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: osdu-indexer-queue
Type: String
MinLength: '1'
MaxLength: '64'
Resources:
OSDUIndexerSNSTopic:
Type: 'AWS::SNS::Topic'
Properties:
DisplayName: !Sub ${Environment}-${SNSTopicName}
TopicName: !Sub ${Environment}-${SNSTopicName}
Subscription:
- Endpoint:
Fn::GetAtt:
- OSDUIndexerSQSQueue
- Arn
Protocol: sqs
OSDUIndexerSQSQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: !Sub ${Environment}-${SQSQueueName}
OSDUQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Id: OSDUQueuePolicy
Statement:
- Sid: Allow-SendMessage-To-Queues-From-SNS-Topic
Effect: Allow
Principal: "*"
Action:
- sqs:SendMessage
- sqs:ReceiveMessage
Resource: "*"
Condition:
ArnEquals:
aws:SourceArn:
Ref: OSDUIndexerSNSTopic
Queues:
- Ref: OSDUIndexerSQSQueue
Outputs:
OSDUIndexerSNSTopicTopicName:
Value: !Sub ${Environment}-${SNSTopicName}
Description: Topic Name of the Indexer Service Message Bus SNS Topic
Export:
Name: !Sub ${Environment}-OSDUIndexerSNSTopic
OSDUIndexerSQSQueueName:
Value: !Sub ${Environment}-${SQSQueueName}
Description: Queue Name of Subscribed Indexer Service Message Bus SQS Queue
Export:
Name: !Sub ${Environment}-OSDUIndexerSQSQueue
provider/indexer-aws/CloudFormation/JarDeploy/CodePipeline-JarDeploy.yml deleted 100644 → 0
+ 0
249
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: 2010-09-09
Description: >
This CloudFormation script creates the deployment pipeline for OSDU's indexer service. The CodePipeline
should automatically trigger whenever commits are made on the tracked branch. The start and end
of the CodePipeline should trigger a SNS alert to keep track of when the deployment has started
and when it finishes.
Parameters:
Environment:
Description: Environment Name. Defaults to 'dev'. Can only be dev/uat/prod.
Type: String
AllowedValues:
- dev
- uat
- prod
Default: dev
DeploymentRegion:
Description: The AWS region to deploy the application to. The default is us-east-1.
Type: String
Default: us-east-1
SNSNotificationEmail:
Description: The email address to send SNS notifications about the build to.
Type: String
Default: barclay.walsh@parivedasolutions.com
CodeCommitRepositoryName:
Description: The name of the Code Commit Repository that the CodePipeline source is connected to.
Type: String
Default: os-indexer
JarServiceBase:
Description: The name of the service base path for the JAR files (e.g. 'indexer').
Type: String
Default: indexer
CodeCommitBranchName:
Description: The name of the Code Commit branch that the CodePipeline source is connected to.
Type: String
Default: dev
Resources:
ArtifactStoreBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
VersioningConfiguration:
Status: Enabled
ArtifactStoreBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ArtifactStoreBucket
PolicyDocument:
Statement:
- Action:
- s3:*
Effect: Allow
Resource:
- !Sub arn:aws:s3:::${ArtifactStoreBucket}
- !Sub arn:aws:s3:::${ArtifactStoreBucket}/*
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
- !ImportValue
'Fn::Sub': '${Environment}-CodeBuildRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-PipelineRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-CFNRoleArn'
CachingBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
VersioningConfiguration:
Status: Enabled
CachingBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref CachingBucket
PolicyDocument:
Statement:
- Action:
- s3:*
Effect: Allow
Resource:
- !Sub arn:aws:s3:::${CachingBucket}
- !Sub arn:aws:s3:::${CachingBucket}/*
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
- !ImportValue
'Fn::Sub': '${Environment}-CodeBuildRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-PipelineRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-CFNRoleArn'
SNSCodePipelineDeploymentFailed:
Type: AWS::SNS::Topic
Properties:
Subscription:
- Endpoint: !Ref SNSNotificationEmail
Protocol: email
TopicName: !Sub '${Environment}-OS-Indexer-Deployment-CodePipeline-JarDeploy-Failed'
EventRuleCodePipelineFailed:
Type: AWS::Events::Rule
Properties:
Description: Triggered whenever the CodePipeline deployment stage has failed.
EventPattern:
source:
- "aws.codepipeline"
detail-type:
- "CodePipeline Stage Execution State Change"
detail:
state:
- "FAILED"
pipeline:
- !Sub '${Environment}-OSDU-OS-Indexer-CodePipeline-JarDeploy'
Name: !Sub ${Environment}-CodePipelineEventRule-${CodeCommitRepositoryName}-JarDeploy
Targets:
-
Arn:
!Ref SNSCodePipelineDeploymentFailed
Id: "Deployment-CodePipeline-JarDeploy-Failed"
InputTransformer:
InputPathsMap:
pipeline : "$.detail.pipeline"
InputTemplate: '"The Pipeline <pipeline> has failed."'
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Location: !Ref ArtifactStoreBucket
Type: S3
Name: !Sub '${Environment}-OSDU-OS-Indexer-CodePipeline-JarDeploy'
RoleArn: !ImportValue
'Fn::Sub': '${Environment}-PipelineRoleArn'
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: '1'
Configuration:
BranchName: !Ref CodeCommitBranchName
RepositoryName: !Ref CodeCommitRepositoryName
OutputArtifacts:
- Name: Source
RunOrder: '1'
- Name: CodeBuild
Actions:
- Name: Jar-CodeBuild
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: '1'
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: Jar-CodeBuild
Configuration:
ProjectName: !Ref JarCodeBuild
RunOrder: '2'
JarCodeBuild:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${Environment}-jar-codebuild-${CodeCommitRepositoryName}
Description: CodeBuild commands which run after the CloudFormation deployment.
ServiceRole: !ImportValue
'Fn::Sub': '${Environment}-CodeBuildRoleArn'
Artifacts:
Type: S3
Location: !Ref ArtifactStoreBucket
Name: !Sub ${Environment}-jar-codebuild
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:2.0
EnvironmentVariables:
- Name: ENVIRONMENT
Type: PLAINTEXT
Value: !Ref Environment
- Name: AWS_ACCOUNT_ID
Type: PLAINTEXT
Value: !Ref AWS::AccountId
- Name: AWS_REGION
Type: PLAINTEXT
Value: !Ref DeploymentRegion
- Name: APPLICATION_NAME
Type: PLAINTEXT
Value: !Ref CodeCommitRepositoryName
- Name: JAR_SERVICE_BASE
Type: PLAINTEXT
Value: !Ref JarServiceBase
- Name: M2_REPO_S3_BUCKET
Type: PLAINTEXT
Value: !Sub "${Environment}-${AWS::AccountId}-persistent-maven-m2-bucket"
- Name: JAR_DEPLOY_S3_BUCKET
Type: PLAINTEXT
Value: !Sub ${Environment}-${AWS::AccountId}-osdu-jar-deploy
PrivilegedMode: true
Source:
BuildSpec: ./provider/indexer-aws/buildspec-jar-deploy.yml
Location: !Sub https://git-codecommit.${AWS::Region}.amazonaws.com/v1/repos/${CodeCommitRepositoryName}
Type: CODECOMMIT
Cache:
Type: S3
Location: !Sub ${CachingBucket}/${Environment}
TimeoutInMinutes: 15
VpcConfig:
SecurityGroupIds:
- Fn::ImportValue:
!Sub "${Environment}-OSDU-CodeBuildSecurityGroup"
Subnets:
- Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ1"
- Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ2"
VpcId:
Fn::ImportValue:
!Sub "${Environment}-OSDU-VPC"
provider/indexer-aws/CloudFormation/Manual/01-CreateCodePipeline.yml deleted 100644 → 0
+ 0
358
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: 2010-09-09
Description: >
This CloudFormation script creates the deployment pipeline for OSDU's indexer
service. The CodePipeline should automatically trigger whenever commits are
made on the tracked branch. The start and end of the CodePipeline should
trigger a SNS alert to keep track of when the deployment has started and when
it finishes.
Parameters:
Environment:
Description: Environment Name. Defaults to 'dev'. Can only be dev/uat/prod.
Type: String
AllowedValues:
- dev
- uat
- prod
Default: dev
DeploymentRegion:
Description: The AWS region to deploy the application to. The default is us-east-1.
Type: String
Default: us-east-1
SNSNotificationEmail:
Description: The email address to send SNS notifications about the build to.
Type: String
Default: barclay.walsh@parivedasolutions.com
CodeCommitRepositoryName:
Description: >-
The name of the Code Commit Repository that the CodePipeline source is
connected to.
Type: String
Default: os-indexer
CodeCommitBranchName:
Description: >-
The name of the Code Commit branch that the CodePipeline source is
connected to.
Type: String
Default: dev
MasterStackName:
Description: The name of the master stack that is being deployed by the CodePipeline.
Type: String
Default: os-indexer-master-stack
MasterTemplateName:
Description: >-
The name of the master template that is called when creating the master
stack.
Type: String
Default: provider/indexer-aws/CloudFormation/Master/os-indexer-master.yml
SchemaCacheName:
Description: The name of the cache cluster for the schema cache. Needs to match the value in the environment params JSON. Will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: indexerSchemaCache
IndexCacheName:
Description: The name of the cache cluster for the index cache. Needs to match the value in the environment params JSON. Will be prefixed with the environment name.
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_-]*$"
ConstraintDescription: Must start with a letter. Only numbers, letters, -, and _ accepted. Max. length 64 characters.
Default: indexerIndexCache
Resources:
ArtifactStoreBucket:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Delete
Properties:
VersioningConfiguration:
Status: Enabled
ArtifactStoreBucketPolicy:
Type: 'AWS::S3::BucketPolicy'
Properties:
Bucket: !Ref ArtifactStoreBucket
PolicyDocument:
Statement:
- Action:
- 's3:*'
Effect: Allow
Resource:
- !Sub 'arn:aws:s3:::${ArtifactStoreBucket}'
- !Sub 'arn:aws:s3:::${ArtifactStoreBucket}/*'
Principal:
AWS:
- !Sub 'arn:aws:iam::${AWS::AccountId}:root'
- !ImportValue
'Fn::Sub': '${Environment}-CodeBuildRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-PipelineRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-CFNRoleArn'
CachingBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
VersioningConfiguration:
Status: Enabled
CachingBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref CachingBucket
PolicyDocument:
Statement:
- Action:
- s3:*
Effect: Allow
Resource:
- !Sub arn:aws:s3:::${CachingBucket}
- !Sub arn:aws:s3:::${CachingBucket}/*
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
- !ImportValue
'Fn::Sub': '${Environment}-CodeBuildRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-PipelineRoleArn'
- !ImportValue
'Fn::Sub': '${Environment}-CFNRoleArn'
SNSCodePipelineDeploymentFailed:
Type: 'AWS::SNS::Topic'
Properties:
Subscription:
- Endpoint: !Ref SNSNotificationEmail
Protocol: email
TopicName: !Sub '${Environment}-OS-Indexer-Deployment-CodePipeline-Failed'
EventRuleCodePipelineFailed:
Type: 'AWS::Events::Rule'
Properties:
Description: Triggered whenever the CodePipeline deployment stage has failed.
EventPattern:
source:
- aws.codepipeline
detail-type:
- CodePipeline Stage Execution State Change
detail:
state:
- FAILED
pipeline:
- !Sub '${Environment}-OSDU-OS-Indexer-CodePipeline'
Name: !Sub '${Environment}-CodePipelineEventRule-${CodeCommitRepositoryName}'
Targets:
- Arn: !Ref SNSCodePipelineDeploymentFailed
Id: Deployment-CodePipeline-Failed
InputTransformer:
InputPathsMap:
pipeline: $.detail.pipeline
InputTemplate: '"The Pipeline <pipeline> has failed."'
Pipeline:
Type: 'AWS::CodePipeline::Pipeline'
Properties:
ArtifactStore:
Location: !Ref ArtifactStoreBucket
Type: S3
Name: !Sub '${Environment}-OSDU-OS-Indexer-CodePipeline'
RoleArn: !ImportValue
'Fn::Sub': '${Environment}-PipelineRoleArn'
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: '1'
Configuration:
BranchName: !Ref CodeCommitBranchName
RepositoryName: !Ref CodeCommitRepositoryName
OutputArtifacts:
- Name: Source
RunOrder: '1'
- Name: Pre-Deployment-CodeBuild
Actions:
- Name: Pre-Deployment-CodeBuild
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: '1'
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: Pre-Deployment-CodeBuild
Configuration:
ProjectName: !Ref PreDeploymentCodeBuild
RunOrder: '2'
- Name: Deployment
Actions:
- Name: CloudFormation-Deployment-Master
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: CloudFormation
Version: '1'
InputArtifacts:
- Name: Source
Configuration:
ActionMode: CREATE_UPDATE
Capabilities: CAPABILITY_NAMED_IAM
RoleArn: !ImportValue
'Fn::Sub': '${Environment}-CFNRoleArn'
StackName: !Sub '${Environment}-${MasterStackName}'
TemplatePath: !Sub 'Source::${MasterTemplateName}'
TemplateConfiguration: !Sub >-
Source::provider/indexer-aws/CloudFormation/Params/${Environment}.template_configuration.json
RunOrder: '3'
- Name: Post-Deployment-CodeBuild
Actions:
- Name: Post-Deployment-CodeBuild
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: '1'
InputArtifacts:
- Name: Source
OutputArtifacts:
- Name: Post-Deployment-CodeBuild
Configuration:
ProjectName: !Ref PostDeploymentCodeBuild
RunOrder: '4'
PreDeploymentCodeBuild:
Type: 'AWS::CodeBuild::Project'
Properties:
Name: !Sub '${Environment}-pre-deployment-codebuild-${CodeCommitRepositoryName}'
Description: CodeBuild commands which run prior to the CloudFormation deployment.
ServiceRole: !ImportValue
'Fn::Sub': '${Environment}-CodeBuildRoleArn'
Artifacts:
Type: S3
Location: !Ref ArtifactStoreBucket
Name: !Sub '${Environment}-pre-deployment-codebuild'
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:2.0
EnvironmentVariables:
- Name: ENVIRONMENT
Type: PLAINTEXT
Value: !Ref Environment
- Name: AWS_ACCOUNT_ID
Type: PLAINTEXT
Value: !Ref 'AWS::AccountId'
- Name: AWS_REGION
Type: PLAINTEXT
Value: !Ref DeploymentRegion
- Name: CFN_S3_BUCKET
Value: !ImportValue
'Fn::Sub': '${Environment}-S3BucketCloudFormation'
- Name: APPLICATION_NAME
Type: PLAINTEXT
Value: !Ref CodeCommitRepositoryName
PrivilegedMode: false
Source:
BuildSpec: ./provider/indexer-aws/buildspec-pre-deploy.yml
Location: !Sub >-
https://git-codecommit.${AWS::Region}.amazonaws.com/v1/repos/${CodeCommitRepositoryName}
Type: CODECOMMIT
TimeoutInMinutes: 15
PostDeploymentCodeBuild:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${Environment}-post-deployment-codebuild-${CodeCommitRepositoryName}
Description: CodeBuild commands which run after the CloudFormation deployment.
ServiceRole: !ImportValue
'Fn::Sub': '${Environment}-CodeBuildRoleArn'
Artifacts:
Type: S3
Location: !Ref ArtifactStoreBucket
Name: !Sub ${Environment}-post-deployment-codebuild
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:2.0
EnvironmentVariables:
- Name: ENVIRONMENT
Type: PLAINTEXT
Value: !Ref Environment
- Name: AWS_ACCOUNT_ID
Type: PLAINTEXT
Value: !Ref AWS::AccountId
- Name: AWS_REGION
Type: PLAINTEXT
Value: !Ref DeploymentRegion
- Name: VSTS_FEED_USER
Type: PLAINTEXT
Value: '{{resolve:secretsmanager:dev-VSTSFeedToken:SecretString:vsts_feed_user}}'
- Name: VSTS_FEED_TOKEN
Type: PLAINTEXT
Value: '{{resolve:secretsmanager:dev-VSTSFeedToken:SecretString:vsts_feed_token}}'
- Name: IMAGE_TAG
Type: PLAINTEXT
Value: latest
- Name: IMAGE_REPO_NAME
Type: PLAINTEXT
Value: !Sub ${Environment}-${CodeCommitRepositoryName}-repository
- Name: QUEUE_IMAGE_REPO_NAME
Type: PLAINTEXT
Value: !Sub ${Environment}-${CodeCommitRepositoryName}-queue-repository
- Name: SCHEMA_CACHE_NAME
Type: PLAINTEXT
Value: !Ref SchemaCacheName
- Name: INDEX_CACHE_NAME
Type: PLAINTEXT
Value: !Ref IndexCacheName
- Name: APPLICATION_NAME
Type: PLAINTEXT
Value: !Ref CodeCommitRepositoryName
- Name: M2_REPO_S3_BUCKET
Type: PLAINTEXT
Value: !Sub "${Environment}-${AWS::AccountId}-persistent-maven-m2-bucket"
PrivilegedMode: true
Source:
BuildSpec: ./provider/indexer-aws/buildspec-post-deploy.yml
Location: !Sub https://git-codecommit.${AWS::Region}.amazonaws.com/v1/repos/${CodeCommitRepositoryName}
Type: CODECOMMIT
Cache:
Type: S3
Location: !Sub ${CachingBucket}/${Environment}
TimeoutInMinutes: 15
VpcConfig:
SecurityGroupIds:
- Fn::ImportValue:
!Sub "${Environment}-OSDU-CodeBuildSecurityGroup"
Subnets:
- Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ1"
- Fn::ImportValue:
!Sub "${Environment}-OSDU-PrivateSubnet-AZ2"
VpcId:
Fn::ImportValue:
!Sub "${Environment}-OSDU-VPC"
\ No newline at end of file
provider/indexer-aws/CloudFormation/Master/os-indexer-master.yml deleted 100644 → 0
+ 0
625
View file @ cbfd04af
This diff is collapsed.
provider/indexer-aws/CloudFormation/Params/dev.template_configuration.json deleted 100644 → 0
+ 0
44
View file @ cbfd04af
{
"Parameters" : {
"Environment" : "dev",
"DeploymentRegion" : "us-east-1",
"ApplicationName" : "os-indexer",
"SearchApplicationName" : "os-search",
"KeyName": "indexer-ecs-keypair",
"DesiredCapacity": "2",
"MinSize": "0",
"MaxSize": "3",
"InstanceType": "t3.large",
"IndexerServiceIamUsername": "service-user-os-indexer",
"IndexerServiceIamKeyRotationSerial": "1",
"SNSTopicName": "osdu-indexer-messages",
"SQSQueueName": "osdu-indexer-queue",
"IndexCacheName": "indexerIndexCache",
"IndexCacheEngine": "redis",
"IndexCacheNodeInstanceType": "cache.t2.micro",
"IndexCacheNumberOfCacheNodes": "1",
"SchemaCacheName": "indexerSchemaCache",
"SchemaCacheEngine": "redis",
"SchemaCacheNodeInstanceType": "cache.t2.micro",
"SchemaCacheNumberOfCacheNodes": "1",
"ElasticsearchDomainName": "osdu-indexer",
"ElasticsearchNodeInstanceType": "t2.medium.elasticsearch",
"DedicatedMasterInstanceType": "t2.medium.elasticsearch",
"NumberOfElasticsearchNodes": "4",
"NumberOfDedicatedMasterNodes": "3",
"ZoneAwarenessEnabled": "false",
"ElasticsearchVersion": "6.8",
"EBSVolumeSize": "10",
"ECSPort": "443",
"ECSCPUAllocation": "1024",
"ECSMemoryAllocation": "3072",
"DomainName": "",
"HostedZoneName": "",
"AcmCertificateArn": "",
"ServiceName": "indexer",
"VersionNumber": "1.0.5-SNAPSHOT"
},
"Tags" : {
"Environment" : "dev"
}
}
provider/indexer-aws/CloudFormation/Params/prod.template_configuration.json deleted 100644 → 0
+ 0
44
View file @ cbfd04af
{
"Parameters" : {
"Environment" : "prod",
"DeploymentRegion" : "us-east-1",
"ApplicationName" : "os-indexer",
"SearchApplicationName" : "os-search",
"KeyName": "indexer-ecs-keypair",
"DesiredCapacity": "2",
"MinSize": "0",
"MaxSize": "3",
"InstanceType": "t3.large",
"IndexerServiceIamUsername": "service-user-os-indexer",
"IndexerServiceIamKeyRotationSerial": "1",
"SNSTopicName": "osdu-indexer-messages",
"SQSQueueName": "osdu-indexer-queue",
"IndexCacheName": "indexerIndexCache",
"IndexCacheEngine": "redis",
"IndexCacheNodeInstanceType": "cache.t2.micro",
"IndexCacheNumberOfCacheNodes": "1",
"SchemaCacheName": "indexerSchemaCache",
"SchemaCacheEngine": "redis",
"SchemaCacheNodeInstanceType": "cache.t2.micro",
"SchemaCacheNumberOfCacheNodes": "1",
"ElasticsearchDomainName": "osdu-indexer",
"ElasticsearchNodeInstanceType": "t2.medium.elasticsearch",
"DedicatedMasterInstanceType": "t2.medium.elasticsearch",
"NumberOfElasticsearchNodes": "2",
"NumberOfDedicatedMasterNodes": "2",
"ZoneAwarenessEnabled": "false",
"ElasticsearchVersion": "6.8",
"EBSVolumeSize": "10",
"ECSPort": "443",
"ECSCPUAllocation": "1024",
"ECSMemoryAllocation": "3072",
"DomainName": "",
"HostedZoneName": "",
"AcmCertificateArn": "",
"ServiceName": "indexer",
"VersionNumber": "1.0.5-SNAPSHOT"
},
"Tags" : {
"Environment" : "prod"
}
}
provider/indexer-aws/CloudFormation/Params/uat.template_configuration.json deleted 100644 → 0
+ 0
44
View file @ cbfd04af
{
"Parameters" : {
"Environment" : "uat",
"DeploymentRegion" : "us-east-1",
"ApplicationName" : "os-indexer",
"SearchApplicationName" : "os-search",
"KeyName": "indexer-ecs-keypair",
"DesiredCapacity": "2",
"MinSize": "0",
"MaxSize": "3",
"InstanceType": "t3.large",
"IndexerServiceIamUsername": "service-user-os-indexer",
"IndexerServiceIamKeyRotationSerial": "1",
"SNSTopicName": "osdu-indexer-messages",
"SQSQueueName": "osdu-indexer-queue",
"IndexCacheName": "indexerIndexCache",
"IndexCacheEngine": "redis",
"IndexCacheNodeInstanceType": "cache.t2.micro",
"IndexCacheNumberOfCacheNodes": "1",
"SchemaCacheName": "indexerSchemaCache",
"SchemaCacheEngine": "redis",
"SchemaCacheNodeInstanceType": "cache.t2.micro",
"SchemaCacheNumberOfCacheNodes": "1",
"ElasticsearchDomainName": "osdu-indexer",
"ElasticsearchNodeInstanceType": "t2.medium.elasticsearch",
"DedicatedMasterInstanceType": "t2.medium.elasticsearch",
"NumberOfElasticsearchNodes": "2",
"NumberOfDedicatedMasterNodes": "2",
"ZoneAwarenessEnabled": "false",
"ElasticsearchVersion": "6.8",
"EBSVolumeSize": "10",
"ECSPort": "443",
"ECSCPUAllocation": "1024",
"ECSMemoryAllocation": "3072",
"DomainName": "",
"HostedZoneName": "",
"AcmCertificateArn": "",
"ServiceName": "indexer",
"VersionNumber": "1.0.5-SNAPSHOT"
},
"Tags" : {
"Environment" : "uat"
}
}
provider/indexer-aws/Dockerfile provider/indexer-aws/build-aws/Dockerfile
+ 4
8
View file @ c0b440b6
...@@ -12,15 +12,11 @@ ...@@ -12,15 +12,11 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# https://docs.spring.io/spring-boot/docs/current/reference/html/deployment.html
FROM amazoncorretto:8 FROM amazoncorretto:8
ARG versionNumber ARG JAR_FILE=provider/indexer-aws/target/*spring-boot.jar
ARG service
ENV serviceName=${service}-aws
ENV awsJar=${serviceName}-${versionNumber}-spring-boot.jar
WORKDIR / WORKDIR /
COPY provider/${serviceName}/target/${awsJar} ${awsJar} COPY ${JAR_FILE} app.jar
EXPOSE 8080 EXPOSE 8080
ENTRYPOINT java $JAVA_OPTS -jar /app.jar
CMD ["sh","-c", " java -jar ${awsJar}"] \ No newline at end of file
provider/indexer-aws/buildspec-jar-deploy.yml deleted 100644 → 0
+ 0
59
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
version: 0.2
phases:
install:
runtime-versions:
java: openjdk8
commands:
- echo Entered the install phase...
- apt-get update -y
- apt-get install -y maven
- java -version
- mvn clean # .m2 is not created until the first Maven command
- cp ./provider/indexer-aws/maven/settings.xml /root/.m2/settings.xml # copy the AWS-specific settings.xml to the CodeBuild instance's .m2 folder
- cat /root/.m2/settings.xml
- java -version
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- echo $JAVA_HOME
- mvn -version
- echo "Look below for M2 bucket name:"
- echo $M2_REPO_S3_BUCKET
- aws s3 sync s3://$M2_REPO_S3_BUCKET /root/.m2 # copy previous state of the shared libraries' .m2 folder from S3 to local
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2& # start the Docker Daemon
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done" # wait for Docker to be ready before proceeding to the build steps
build:
commands:
- echo os-indexer Java build started on `date`...
- java -version
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- mvn -version
- echo All environment variables
- printenv
- mvn clean test -P indexer-core,indexer-aws
- echo ...os-indexer Java build completed on `date`.
- echo os-indexer beginning packaging to jar...
- mvn clean install -P indexer-core,indexer-aws -Ddeployment.environment=$ENVIRONMENT
- echo Uploading os-indexer JAR to S3...
- aws s3 cp provider/$JAR_SERVICE_BASE-aws/target s3://$JAR_DEPLOY_S3_BUCKET/$JAR_SERVICE_BASE-aws --recursive --exclude "*" --include "*.jar" # build and push the JAR(s) to S3
cache:
paths:
- '/root/.m2/**/*'
artifacts:
files:
- '**/*'
provider/indexer-aws/buildspec-post-deploy.yml deleted 100644 → 0
+ 0
87
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
version: 0.2
phases:
install:
runtime-versions:
java: openjdk8
commands:
- echo Entered the install phase...
- apt-get update -y
- apt-get install -y maven
- java -version
- mvn clean # .m2 is not created until the first Maven command
- cp ./provider/indexer-aws/maven/settings.xml /root/.m2/settings.xml # copy the AWS-specific settings.xml to the CodeBuild instance's .m2 folder
- cat /root/.m2/settings.xml
- java -version
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- echo $JAVA_HOME
- mvn -version
- echo "Look below for M2 bucket name:"
- echo $M2_REPO_S3_BUCKET
- aws s3 sync s3://$M2_REPO_S3_BUCKET /root/.m2 # copy previous state of the shared libraries' .m2 folder from S3 to local
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2& # start the Docker Daemon
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done" # wait for Docker to be ready before proceeding to the build steps
pre_build:
commands:
- echo Logging in to Amazon ECR...
- $(aws ecr get-login --no-include-email --region $AWS_REGION)
- echo $AWS_ACCOUNT_ID
- REPOSITORY_URI=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$IMAGE_REPO_NAME # build and store the ECR repo URI
- IMAGE_TAG=build-$(echo $CODEBUILD_BUILD_ID | awk -F":" '{print $2}') # generate a version tag from the commit hash for the Docker image
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7) # get the commit hash
build:
commands:
- echo Indexer-core Java build started on `date`...
- echo os-indexer Java build started on `date`...
- java -version
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- mvn -version
- echo Setting environment variables from CloudFormation Exports... # use the AWS CLI commands to query for the CloudFormation export values created in the previous step and set the required environment variables
- echo Environment - $ENVIRONMENT
- echo SchemaCacheName - $SCHEMA_CACHE_NAME
- echo IndexCacheName - $INDEX_CACHE_NAME
- echo AWSRegion - $AWS_REGION
- export VERSIONNUMBER=$(aws cloudformation list-exports --query "Exports[?Name=='$ENVIRONMENT-$APPLICATION_NAME-JarVersionNumber'].[Value]" --output text --region $AWS_REGION)
- echo VERSIONNUMBER - $VERSIONNUMBER
- export SERVICE=$(aws cloudformation list-exports --query "Exports[?Name=='$ENVIRONMENT-$APPLICATION_NAME-JarServiceName'].[Value]" --output text --region $AWS_REGION)
- echo SERVICE - $SERVICE
- echo ...finished setting environment variables!
- echo All environment variables
- printenv
- mvn clean test -P indexer-core,indexer-aws
- echo ...os-indexer Java build completed on `date`.
- echo os-indexer beginning packaging to jar...
- mvn clean install -P indexer-core,indexer-aws -Ddeployment.environment=$ENVIRONMENT -Dversion.number=$VERSIONNUMBER
- echo os-indexer Docker image build started on `date`...
- docker build -f provider/indexer-aws/Dockerfile -t $REPOSITORY_URI:latest --build-arg versionNumber=$VERSIONNUMBER --build-arg service=$SERVICE .
- docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
- echo ...os-indexer Docker image build completed on `date`.
- echo Pushing the Docker image to ECR...
- docker push $REPOSITORY_URI:latest
- docker push $REPOSITORY_URI:$IMAGE_TAG
- echo Docker image pushed to ECR successfully!
- ECS_CLUSTER_NAME=$(aws cloudformation list-exports --query "Exports[?Name=='$ENVIRONMENT-$APPLICATION_NAME-EcsClusterName'].[Value]" --output text --region $AWS_REGION)
- ECS_SERVICE_NAME=$(aws cloudformation list-exports --query "Exports[?Name=='$ENVIRONMENT-$APPLICATION_NAME-EcsServiceName'].[Value]" --output text --region $AWS_REGION)
- aws ecs update-service --cluster $ECS_CLUSTER_NAME --service $ECS_SERVICE_NAME --force-new-deployment # force a new deployment with the updated image
cache:
paths:
- '/root/.m2/**/*'
artifacts:
files:
- '**/*'
provider/indexer-aws/buildspec-pre-deploy.yml deleted 100644 → 0
+ 0
61
View file @ cbfd04af
# Copyright © Amazon Web Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
version: 0.2
phases:
install:
runtime-versions:
java: openjdk8
docker: 18
commands:
- echo Entered the install phase...
- apt-get update -y
- apt-get install -y maven
- java -version
- echo $JAVA_HOME
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- echo $JAVA_HOME
- mvn clean # .m2 is not created until the first Maven command
- cp ./indexer-core/maven/settings.xml /root/.m2/settings.xml # replace the default settings.xml with our custom one
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- mvn -version
build:
commands:
- echo Starting 'Copying CloudFormation scripts to S3://$CFN_S3_BUCKET/$APPLICATION_NAME'
- pwd
- ls
- aws s3 cp ./provider/indexer-aws/CloudFormation "s3://$CFN_S3_BUCKET/$APPLICATION_NAME" --exclude "*" --include "*.yml" --recursive --debug
- echo Ending 'Ending CloudFormation scripts to S3://$CFN_S3_BUCKET/$APPLICATION_NAME'
# - echo os-indexer build started on `date`...
- pwd
- ls -R -la
- java -version
- echo $JAVA_HOME
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- mvn -version
# - mvn test
post_build:
commands:
# - echo ...os-indexer build completed on `date`
# - echo os-indexer beginning packaging to jar...
# - mvn package
cache:
paths:
- '/root/.m2/**/*'
artifacts:
files:
- '**/*'
provider/indexer-aws/maven/settings.xml
+ 1
1
View file @ c0b440b6
...@@ -11,6 +11,6 @@ ...@@ -11,6 +11,6 @@
<!-- The generated token was last updated on 01/13/2020 and expires on or before 01/12/2021 --> <!-- The generated token was last updated on 01/13/2020 and expires on or before 01/12/2021 -->
<password>${azure.devops.token}</password> <password>${azure.devops.token}</password>
</server> </server>
</servers> </servers>
</settings> </settings>
provider/indexer-aws/pom.xml
+ 1
1
View file @ c0b440b6
...@@ -50,7 +50,7 @@ ...@@ -50,7 +50,7 @@
<dependency> <dependency>
<groupId>org.opengroup.osdu.core.aws</groupId> <groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId> <artifactId>os-core-lib-aws</artifactId>
<version>0.0.10</version> <version>0.2.0</version>
</dependency> </dependency>
<!-- AWS managed packages --> <!-- AWS managed packages -->
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment