Merge pull request #19 from aws-samples/cc-to-s3

fix: Migration from CodeCommit to S3

Author: kartsamy

scripts/build-application.sh

@@ -2,8 +2,9 @@
 
 # build and push application services into ECR
 
-service_repos=("user" "product" "order" "rproxy")
+export DOCKER_DEFAULT_PLATFORM=linux/amd64
 
+service_repos=("user" "product" "order" "rproxy")
 
 deploy_service () {
 

scripts/cleanup.sh

@@ -1,7 +1,29 @@
 #!/bin/bash -e
 
+confirm() {
+    echo ""
+    echo "=============================================="
+    echo " ** WARNING! This ACTION IS IRREVERSIBLE! **"
+    echo "=============================================="
+    echo ""
+    echo "You are about to delete all SaaS ECS reference Architecture resources."
+    echo "Do you want to continue?" 
+    read -rp "[y/N] " response
+    case "$response" in
+        [yY][eE][sS]|[yY]) return 0 ;;
+        *) return 1 ;;
+    esac
+}
+
+if ! confirm; then
+    echo "Cleanup cancelled"
+    exit 1
+fi
+
+export REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
+
 echo "$(date) emptying out buckets..."
-for i in $(aws s3 ls | awk '{print $3}' | grep -E "^tenant-update-stack-*|^controlplane-stack-*|^coreappplane-*"); do
+for i in $(aws s3 ls | awk '{print $3}' | grep -E "^tenant-update-stack-*|^controlplane-stack-*|^core-appplane-*|^saas-reference-architecture-*"); do
     echo "$(date) emptying out s3 bucket with name s3://${i}..."
     aws s3 rm --recursive "s3://${i}"
 
@@ -16,7 +38,7 @@ cd ../server
 npm install
 
 export CDK_PARAM_SYSTEM_ADMIN_EMAIL="NA"
-export CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME="saas-reference-architecture-ecs"
+export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
 export CDK_PARAM_COMMIT_ID="NA"
 export CDK_PARAM_REG_API_GATEWAY_URL="NA"
 export CDK_PARAM_EVENT_BUS_ARN=arn:aws:service:::resource
@@ -29,6 +51,30 @@ export CDK_PARAM_OFFBOARDING_DETAIL_TYPE="NA"
 export CDK_PARAM_DEPROVISIONING_DETAIL_TYPE="NA"
 export CDK_PARAM_TIER='basic'
 
+TEMP_FILE=$(mktemp)
+# Deleting object version..." 
+echo "Deleting Provision sourcecode Object Versions..."
+versions=$(aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NAME --output json \
+      | jq -r '.Versions | length')
+
+if [ "$versions" -gt 0 ]; then 
+	aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NAME --output json \
+		| jq '{"Objects": [.Versions[] | {Key: .Key, VersionId: .VersionId}]}' > $TEMP_FILE
+	aws s3api delete-objects --bucket $CDK_PARAM_S3_BUCKET_NAME --delete file://$TEMP_FILE
+fi 
+
+# Deleting object markers 
+echo "Deleting Provision sourcecode Object Markers..." 
+delete_markers=$(aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NAME --output json \
+	| jq -r '.DeleteMarkers | length') 
+
+if [ "$delete_markers" -gt 0 ]; then 
+	aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NAME --output json \
+	    | jq '{"Objects": [.DeleteMarkers[] | {Key: .Key, VersionId: .VersionId}]}' > $TEMP_FILE
+	aws s3api delete-objects --bucket $CDK_PARAM_S3_BUCKET_NAME --delete file://$TEMP_FILE
+fi
+
+
 echo "$(date) cleaning up tenants..."
 next_token=""
 STACK_STATUS_FILTER="CREATE_COMPLETE ROLLBACK_COMPLETE UPDATE_COMPLETE UPDATE_ROLLBACK_COMPLETE IMPORT_COMPLETE IMPORT_ROLLBACK_COMPLETE"
@@ -65,11 +111,6 @@ done
 
 npx cdk destroy --all --force
 
-if aws codecommit get-repository --repository-name $CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME; then
-  DELETE_REPO=$(aws codecommit delete-repository --repository-name $CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME)
-  echo "$DELETE_REPO"
-fi
-
 echo "$(date) cleaning up user pools..."
 next_token=""
 while true; do
@@ -104,7 +145,7 @@ done
 
 
 echo "$(date) removing buckets..."
-for i in $(aws s3 ls | awk '{print $3}' | grep -E "^tenant-update-stack-*|^controlplane-stack-*|^coreappplane-*"); do
+for i in $(aws s3 ls | awk '{print $3}' | grep -E "^tenant-update-stack-*|^controlplane-stack-*|^core-appplane-*|^saas-reference-architecture-*"); do
     echo "$(date) removing s3 bucket with name s3://${i}..."
     aws s3 rm --recursive "s3://${i}"
     aws s3 rb --force "s3://${i}" #delete in stack

scripts/deprovision-tenant.sh

@@ -8,7 +8,6 @@ sudo npm install -g aws-cdk
 sudo yum install -y jq
 sudo yum install -y python3-pip
 sudo python3 -m pip install --upgrade setuptools
-sudo python3 -m pip install git-remote-codecommit
 
 # Enable nocasematch option
 shopt -s nocasematch
@@ -19,6 +18,8 @@ export CDK_PARAM_TENANT_ID=$tenantId
 export TIER=$tier
 export CDK_PARAM_TIER=$TIER
 
+export REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
+export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
 
 # Define variables
 STACK_NAME="tenant-template-stack-basic"
@@ -82,21 +83,22 @@ if [[ $TIER == "PREMIUM" || $TIER == "ADVANCED" ]]; then
   --table-name $TENANT_STACK_MAPPING_TABLE  \
   --key "{\"tenantId\": {\"S\": \"$CDK_PARAM_TENANT_ID\"}}" \
   --query 'Item.stackName.S')
-  
+  STACK_NAME=$(sed -e 's/^"//' -e 's/"$//' <<<$STACK_NAME)
   echo "Stack name from $TENANT_STACK_MAPPING_TABLE is  $STACK_NAME"
-  # Clone the ecs reference solution repository
-  export CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME="saas-reference-architecture-ecs"
-  git clone codecommit://$CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME
-  cd $CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME/server
+  # Copy to S3 Bucket
+  export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
+  export CDK_SOURCE_NAME="source.zip"
+  CDK_PARAM_COMMIT_ID=$(aws cloudformation describe-stacks --stack-name $STACK_NAME --query "Stacks[0].Outputs[?OutputKey=='S3SourceVersion'].OutputValue" --output text)
+
+  aws s3api get-object --bucket "$CDK_PARAM_S3_BUCKET_NAME" --key "$CDK_SOURCE_NAME" --version-id "$CDK_PARAM_COMMIT_ID" "$CDK_SOURCE_NAME" 2>&1 
+  unzip $CDK_SOURCE_NAME
+  cd ./server
 
-  export ECR_REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
-  export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-  sed "s/<REGION>/$ECR_REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
+  sed "s/<REGION>/$REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
 
   npm install
 
   export CDK_PARAM_SYSTEM_ADMIN_EMAIL="NA"
-  export CDK_PARAM_COMMIT_ID="NA"
   export CDK_PARAM_REG_API_GATEWAY_URL="NA"
   export CDK_PARAM_EVENT_BUS_ARN=arn:aws:service:::resource
   export CDK_PARAM_CONTROL_PLANE_SOURCE="NA"
@@ -114,7 +116,6 @@ else
   # Read tenant details from the cloudformation stack output parameters
   SAAS_APP_USERPOOL_ID=$(aws cloudformation describe-stacks --stack-name $STACK_NAME --query "Stacks[0].Outputs[?OutputKey=='$USER_POOL_OUTPUT_PARAM_NAME'].OutputValue" --output text)
 
-
   NESTED_NAME=$(aws cloudformation describe-stack-resources --stack-name $STACK_NAME | jq -rc '.StackResources | .[] | select(.ResourceType=="AWS::CloudFormation::Stack") | .PhysicalResourceId | split("/")[1]')
 
   PRODUCT_TABLE_NAME=$(aws cloudformation describe-stacks --stack-name $NESTED_NAME --query "Stacks[0].Outputs[?OutputKey=='$PRODUCT_TABLE_OUTPUT_PARAM_NAME'].OutputValue" --output text)
@@ -140,7 +141,6 @@ else
 
 fi
 
-
 # Create JSON response of output parameters
 export tenantStatus="Deleted"
 

scripts/install.sh

@@ -7,27 +7,56 @@ if [[ -z "$CDK_PARAM_SYSTEM_ADMIN_EMAIL" ]]; then
   exit 1
 fi
 
-# Create CodeCommit repo
 REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')  # Region setting
-export CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME="saas-reference-architecture-ecs"
-if ! aws codecommit get-repository --repository-name $CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME; then
-  CREATE_REPO=$(aws codecommit create-repository --repository-name $CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME --repository-description "ECS saas reference architecture repository")
-  echo "$CREATE_REPO"
-fi
+export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
+
+# Create S3 Bucket for provision source.
+
+if aws s3api head-bucket --bucket $CDK_PARAM_S3_BUCKET_NAME 2>/dev/null; then
+    echo "Bucket $CDK_PARAM_S3_BUCKET_NAME already exists."
+else
+    echo "Bucket $CDK_PARAM_S3_BUCKET_NAME does not exist. Creating a new bucket in $REGION region"
+
+    if [ "$REGION" == "us-east-1" ]; then
+      aws s3api create-bucket --bucket $CDK_PARAM_S3_BUCKET_NAME
+    else
+      aws s3api create-bucket \
+        --bucket $CDK_PARAM_S3_BUCKET_NAME \
+        --region "$REGION" \
+        --create-bucket-configuration LocationConstraint="$REGION" 
+    fi
+
+    aws s3api put-bucket-versioning \
+        --bucket $CDK_PARAM_S3_BUCKET_NAME \
+        --versioning-configuration Status=Enabled
 
-REPO_URL="codecommit::${REGION}://$CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME" ## CodeCommit URL setting
-if ! git remote add cc "$REPO_URL"; then
-  echo "Setting url to remote cc"
-  git remote set-url cc "$REPO_URL"
+    aws s3api put-public-access-block \
+        --bucket $CDK_PARAM_S3_BUCKET_NAME \
+        --public-access-block-configuration \
+        BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true    
+
+    if [ $? -eq 0 ]; then
+        echo "Bucket $CDK_PARAM_S3_BUCKET_NAME created with versioning enabled."
+    else
+        echo "Error creating bucket $CDK_PARAM_S3_BUCKET_NAME with versioning enabled."
+        exit 1
+    fi
 fi
-git push cc "$(git branch --show-current)":main -f --no-verify
-export CDK_PARAM_COMMIT_ID=$(git log --format="%H" -n 1)
+
+echo "Bucket exists2: $CDK_PARAM_S3_BUCKET_NAME"
+
+cd ../
+zip -r source.zip . -x ".git/*" -x "**/node_modules/*" -x "**/cdk.out/*" -x "**/.aws-sam/*"
+export CDK_PARAM_COMMIT_ID=$(aws s3api put-object --bucket "${CDK_PARAM_S3_BUCKET_NAME}" --key "source.zip" --body "./source.zip"  --output text)
+
+rm source.zip
+echo "Source code uploaded to S3"
 
 # Create ECS service linked role.
 aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com 2>/dev/null || echo "ECS Service linked role exists"
 
 # Preprovision basic infrastructure
-cd ../server
+cd ./server
 
 export ECR_REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
 export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
@@ -45,7 +74,6 @@ export CDK_PARAM_TIER='basic'
 npx cdk bootstrap
 npx cdk deploy --all --require-approval never #--concurrency 10 --asset-parallelism true 
 
-
 # Get SaaS application url
 ADMIN_SITE_URL=$(aws cloudformation describe-stacks --stack-name controlplane-stack --query "Stacks[0].Outputs[?OutputKey=='adminSiteUrl'].OutputValue" --output text)
 APP_SITE_URL=$(aws cloudformation describe-stacks --stack-name core-appplane-stack --query "Stacks[0].Outputs[?OutputKey=='appSiteUrl'].OutputValue" --output text)

scripts/provision-tenant.sh

@@ -8,23 +8,27 @@ sudo yum install -y python3-pip
 sudo yum install -y npm
 sudo npm install -g aws-cdk
 sudo python3 -m pip install --upgrade setuptools
-sudo python3 -m pip install git-remote-codecommit
 
 # Enable nocasematch option
 shopt -s nocasematch
 
-# Clone the ecs reference solution repository
-export CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME="saas-reference-architecture-ecs"
-git clone codecommit://$CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME --quiet
-cd $CDK_PARAM_CODE_COMMIT_REPOSITORY_NAME/server
-
-export ECR_REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
+export REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]' 2>&1)
 export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-sed "s/<REGION>/$ECR_REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
 
-npm install
+# Download from the ecs reference solution Bucket
+export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
+export CDK_SOURCE_NAME="source.zip"
+
+VERSIONS=$(aws s3api list-object-versions --bucket "$CDK_PARAM_S3_BUCKET_NAME" --prefix "$CDK_SOURCE_NAME" --query 'Versions[?IsLatest==`true`].{VersionId:VersionId}' --output text 2>&1)
+CDK_PARAM_COMMIT_ID=$(echo "$VERSIONS" | awk 'NR==1{print $1}')
 
-export CDK_PARAM_COMMIT_ID=$(git log --format="%H" -n 1)
+aws s3api get-object --bucket "$CDK_PARAM_S3_BUCKET_NAME" --key "$CDK_SOURCE_NAME" --version-id "$CDK_PARAM_COMMIT_ID" "$CDK_SOURCE_NAME" 2>&1 
+unzip $CDK_SOURCE_NAME
+cd ./server
+
+sed "s/<REGION>/$REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
+
+npm install
 
 # Parse tenant details from the input message from step function
 export CDK_PARAM_TENANT_ID=$tenantId

server/bin/ecs-saas-ref-template.ts

@@ -10,6 +10,7 @@ import { AwsSolutionsChecks } from 'cdk-nag';
 
 const app = new cdk.App();
 cdk.Aspects.of(app).add(new AwsSolutionsChecks({ verbose: true }));
+// cdk.Aspects.of(app);
 // required input parameters
 if (!process.env.CDK_PARAM_SYSTEM_ADMIN_EMAIL) {
   throw new Error('Please provide system admin email');
@@ -34,7 +35,6 @@ const tier = getEnv('CDK_PARAM_TIER');
 if (!process.env.CDK_PARAM_SYSTEM_ADMIN_ROLE_NAME) {
   process.env.CDK_PARAM_SYSTEM_ADMIN_ROLE_NAME = 'SystemAdmin';
 }
-
 // default values for optional input parameters
 const defaultStageName = 'prod';
 const defaultLambdaReserveConcurrency = '1';
@@ -135,7 +135,7 @@ const tenantTemplateStack = new TenantTemplateStack(app, `tenant-template-stack-
   commitId: commitId,
   tier: tier,
   advancedCluster: advancedCluster,
-  appSiteUrl: coreAppPlaneStack.userInterface.appSiteUrl,
+  appSiteUrl: coreAppPlaneStack.appSiteUrl,
   env: {
     account: process.env.CDK_DEFAULT_ACCOUNT,
     region: process.env.CDK_DEFAULT_REGION

server/lib/bootstrap-template/control-plane-stack.ts

@@ -4,8 +4,8 @@ import { StaticSiteDistro } from './static-site-distro';
 import path = require('path');
 import { StaticSite } from './static-site';
 import { ControlPlaneNag } from '../cdknag/control-plane-nag';
-import * as sbt from '@cdklabs/sbt-aws';
 import { addTemplateTag } from '../utilities/helper-functions';
+import * as sbt from '@cdklabs/sbt-aws';
 
 interface ControlPlaneStackProps extends cdk.StackProps {
   systemAdminRoleName: string
@@ -17,11 +17,12 @@ export class ControlPlaneStack extends cdk.Stack {
   public readonly eventManager: sbt.IEventManager;
   public readonly auth: sbt.CognitoAuth;
   public readonly adminSiteUrl: string;
-  public readonly StaticSite: StaticSite;
+  public readonly staticSite: StaticSite;
 
   constructor (scope: Construct, id: string, props: ControlPlaneStackProps) {
     super(scope, id, props);
     addTemplateTag(this, 'ControlPlaneStack');
+    
     const accessLogsBucket = new cdk.aws_s3.Bucket(this, 'AccessLogsBucket', {
       enforceSSL: true,
       autoDeleteObjects: true,
@@ -58,9 +59,9 @@ export class ControlPlaneStack extends cdk.Stack {
     this.regApiGatewayUrl = controlPlane.controlPlaneAPIGatewayUrl;
     this.auth = cognitoAuth;
 
-    this.StaticSite = new StaticSite(this, 'AdminWebUi', {
+    const staticSite = new StaticSite(this, 'AdminWebUi', {
       name: 'AdminSite',
-      assetDirectory: path.join(__dirname, '../../../client/AdminWeb/'),
+      assetDirectory: path.join(__dirname, '../../../client/AdminWeb'),
       production: true,
       clientId: this.auth.userClientId,  //.clientId,
       issuer: this.auth.tokenEndpoint,