more tags

Author: anthony-nhs

.github/scripts/fix_cdk.json.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -e
+
+# script used to set context key values in cdk.json pre deployment from environment variables
+
+# helper function to set string values
+fix_string_key() {
+    KEY_NAME=$1
+    KEY_VALUE=$2
+    if [ -z "${KEY_VALUE}" ]; then
+        echo "${KEY_NAME} value is unset or set to the empty string"
+        exit 1
+    fi
+    echo "Setting ${KEY_NAME}"
+    jq \
+        --arg key_value "${KEY_VALUE}" \
+        --arg key_name "${KEY_NAME}" \
+        '.context += {($key_name): $key_value}' .build/cdk.json > .build/cdk.new.json
+    mv .build/cdk.new.json .build/cdk.json
+}
+
+# helper function to set boolean and number values (without quotes)
+fix_boolean_number_key() {
+    KEY_NAME=$1
+    KEY_VALUE=$2
+    if [ -z "${KEY_VALUE}" ]; then
+        echo "${KEY_NAME} value is unset or set to the empty string"
+        exit 1
+    fi
+    echo "Setting ${KEY_NAME}"
+    jq \
+        --argjson key_value "${KEY_VALUE}" \
+        --arg key_name "${KEY_NAME}" \
+        '.context += {($key_name): $key_value}' .build/cdk.json > .build/cdk.new.json
+    mv .build/cdk.new.json .build/cdk.json
+}
+
+CFN_DRIFT_DETECTION_GROUP="vpc-resources"
+if [[ "$STACK_NAME" =~ -pr-[0-9]+$ ]]; then
+  CFN_DRIFT_DETECTION_GROUP="vpc-resources-pull-request"
+fi
+
+# go through all the key values we need to set
+fix_string_key accountId "${ACCOUNT_ID}"
+fix_string_key stackName "${STACK_NAME}"
+fix_string_key versionNumber "${VERSION_NUMBER}"
+fix_string_key commitId "${COMMIT_ID}"
+fix_string_key cfnDriftDetectionGroup "${CFN_DRIFT_DETECTION_GROUP}"
+fix_boolean_number_key logRetentionInDays "${LOG_RETENTION_IN_DAYS}"

.github/workflows/cdk_release_code.yml

@@ -81,19 +81,14 @@ jobs:
           role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
           role-session-name: eps-vpc-resources-deployment
           output-credentials: true
-  
+
       - name: fix cdk.json for deployment
         run: |
-          jq \
-          --arg VERSION_NUMBER "${{ inputs.VERSION_NUMBER }}" \
-          --arg COMMIT_ID "${{ inputs.COMMIT_ID }}" \
-          --arg logRetentionInDays "${{ inputs.LOG_RETENTION_IN_DAYS }}" \
-          '.context += {
-            "VERSION_NUMBER": $VERSION_NUMBER,
-            "COMMIT_ID": $COMMIT_ID,
-            "logRetentionInDays": $logRetentionInDays}' \
-          .build/cdk.json > .build/cdk.new.json
-          mv .build/cdk.new.json .build/cdk.json
+          ./.github/scripts/fix_cdk_json.sh
+        env:
+          VERSION_NUMBER: "${{ inputs.VERSION_NUMBER }}"
+          COMMIT_ID: "${{ inputs.COMMIT_ID }}"
+          LOG_RETENTION_IN_DAYS: "${{ inputs.LOG_RETENTION_IN_DAYS }}"
 
       - name: Show diff
         run: |

Makefile

@@ -72,25 +72,31 @@ cdk-deploy:
 		--all \
 		--ci true \
 		--require-approval $${REQUIRE_APPROVAL} \
+		--context accountId=$$ACCOUNT_ID \
 		--context VERSION_NUMBER=$$VERSION_NUMBER \
 		--context COMMIT_ID=$$COMMIT_ID \
+		--context stackName=$$stack_name \
 		--context logRetentionInDays=30
 
 cdk-synth:
 	npx cdk synth \
 		--quiet \
 		--app "npx ts-node --prefer-ts-exts packages/cdk/bin/VpcResourcesApp.ts" \
-		--context VERSION_NUMBER=undefined \
-		--context COMMIT_ID=undefined \
-		--context logRetentionInDays=30
-
+		--context accountId=undefined \
+		--context commitId=undefined \
+		--context logRetentionInDays=30 \
+		--context stackName=vpc-resources \
+		--context versionNumber=undefined \
+		--context commitId=undefined
 cdk-diff:
 	npx cdk diff \
 		--app "npx ts-node --prefer-ts-exts packages/cdk/bin/VpcResourcesApp.ts" \
 		--context serviceName=$$service_name \
+		--context accountId=$$ACCOUNT_ID \
 		--context VERSION_NUMBER=$$VERSION_NUMBER \
 		--context COMMIT_ID=$$COMMIT_ID \
-		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS
+		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS \
+		--context stackName=$$stack_name
 
 cdk-watch:
 	REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \
@@ -102,6 +108,8 @@ cdk-watch:
 		--all \
 		--ci true \
 		--require-approval $${REQUIRE_APPROVAL} \
+		--context accountId=$$ACCOUNT_ID \
+		--context stackName=$$stack_name \
 		--context VERSION_NUMBER=$$VERSION_NUMBER \
 		--context COMMIT_ID=$$COMMIT_ID \
 		--context logRetentionInDays=$$LOG_RETENTION_IN_DAYS

cdk.context.json

@@ -0,0 +1,6 @@
+{
+  "acknowledged-issue-numbers": [
+    34892,
+    34892
+  ]
+}

cdk.json

@@ -70,6 +70,7 @@
     "@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
     "@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true,
     "@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault": false,
-    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false
+    "@aws-cdk/aws-s3:keepNotificationInImportedBucket": false,
+    "cfnDriftDetectionGroup": "dummy_group"
   }
 }

packages/cdk/bin/VpcResourcesApp.ts

@@ -9,18 +9,26 @@ const app = new App()
   - logRetentionInDays
 */
 
-const version = app.node.tryGetContext("VERSION_NUMBER")
-const commit = app.node.tryGetContext("COMMIT_ID")
+const accountId = app.node.tryGetContext("accountId")
+const stackName = app.node.tryGetContext("stackName")
+const version = app.node.tryGetContext("versionNumber")
+const commit = app.node.tryGetContext("commitId")
+const cfnDriftDetectionGroup = app.node.tryGetContext("cfnDriftDetectionGroup")
+
 /* when getAz's is called behind the scenes it only returns the first 2 when the stack is account/region agnostic.
   Allow AZ's to be passed as context otherwise explicitly use the 3 in eu-west-2. */
 const availabilityZones = app.node.tryGetContext("AVAILABILITY_ZONES") || ["eu-west-2a", "eu-west-2b", "eu-west-2c"]
 
 // add cdk-nag to everything
 Aspects.of(app).add(new AwsSolutionsChecks({verbose: true}))
 
+Tags.of(app).add("accountId", accountId)
+Tags.of(app).add("stackName", stackName)
 Tags.of(app).add("version", version)
 Tags.of(app).add("commit", commit)
 Tags.of(app).add("cdkApp", "VpcResourcesApp")
+Tags.of(app).add("repo", "eps-vpc-resources")
+Tags.of(app).add("cfnDriftDetectionGroup", cfnDriftDetectionGroup)
 
 const VpcResources = new VpcResourcesStack(app, "VpcResourcesStack", {
   env: {