Merge pull request #20 from aws-samples/SBTv0.4.3

Hoseong-Seo · web-flow · commit 71996750f7c9 · 2024-09-02T14:40:28.000+09:00
feature: SBT v0.5.0 applied
diff --git a/README.md b/README.md
@@ -34,7 +34,6 @@ If you are using Cloud9, make sure to use `Amazon Linux 2023` AMI for the EC2 wi
 - Make sure you have [AWS CLI 2.14](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) or above installed.
 - Make sure you have [Docker Engine](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/install-docker.html) installed.
 - Make sure you have the latest version of [AWS CDK CLI](https://docs.aws.amazon.com/cdk/latest/guide/cli.html) installed. Not having the release version of CDK can cause deployment issues.
-- Make sure you have the latest version of [git-remote-codecommit](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-git-remote-codecommit.html) installed.
 - Make sure that you have Node 18 or above.
 - Make sure that you have Git installed.
 
@@ -55,7 +54,7 @@ Note that, ```build-application.sh``` builds docker images of sample SaaS applic
 
 And, ```install.sh``` deploys the following:
 
-- Creates an AWS CodeCommit repo in your AWS account and pushes this reference solution code to the repo
+- Creates an AWS S3 bucket in your AWS account and pushes this reference solution code to the bucket
 - Cdk stack `controlplane-stack` which provisions
   - SaaS Builder Toolkit(SBT) control plane components which allows infrastructure to provision/de-provision a tenant.
 - Cdk stack `coreappplane-stack` which provisions
@@ -64,8 +63,6 @@ And, ```install.sh``` deploys the following:
   - Shared application infrastructure like Amazon VPC, Amazon API Gateway, and Load balancers.
 - Cdk stack `tenant-template-stack`, which provisions
   - ECS Cluster and ECS services order, product & user microservices.
-- Cdk stack `tenant-update-stack` which provisions
-  - AWS Code Pipeline to update tenant deployments on any changes to source in CodeCommit repo.
 
 ## Steps to Clean-up
 
diff --git a/scripts/cleanup.sh b/scripts/cleanup.sh
@@ -21,6 +21,7 @@ if ! confirm; then
 fi
 
 export REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
+export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
 
 echo "$(date) emptying out buckets..."
 for i in $(aws s3 ls | awk '{print $3}' | grep -E "^tenant-update-stack-*|^controlplane-stack-*|^core-appplane-*|^saas-reference-architecture-*"); do
@@ -38,7 +39,7 @@ cd ../server
 npm install
 
 export CDK_PARAM_SYSTEM_ADMIN_EMAIL="NA"
-export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
+export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$ACCOUNT_ID-$REGION"
 export CDK_PARAM_COMMIT_ID="NA"
 export CDK_PARAM_REG_API_GATEWAY_URL="NA"
 export CDK_PARAM_EVENT_BUS_ARN=arn:aws:service:::resource
@@ -60,7 +61,7 @@ versions=$(aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NAME --o
 if [ "$versions" -gt 0 ]; then 
 	aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NAME --output json \
 		| jq '{"Objects": [.Versions[] | {Key: .Key, VersionId: .VersionId}]}' > $TEMP_FILE
-	aws s3api delete-objects --bucket $CDK_PARAM_S3_BUCKET_NAME --delete file://$TEMP_FILE
+	aws s3api delete-objects --bucket $CDK_PARAM_S3_BUCKET_NAME --delete file://$TEMP_FILE --no-cli-pager
 fi 
 
 # Deleting object markers 
@@ -71,7 +72,7 @@ delete_markers=$(aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NA
 if [ "$delete_markers" -gt 0 ]; then 
 	aws s3api list-object-versions --bucket $CDK_PARAM_S3_BUCKET_NAME --output json \
 	    | jq '{"Objects": [.DeleteMarkers[] | {Key: .Key, VersionId: .VersionId}]}' > $TEMP_FILE
-	aws s3api delete-objects --bucket $CDK_PARAM_S3_BUCKET_NAME --delete file://$TEMP_FILE
+	aws s3api delete-objects --bucket $CDK_PARAM_S3_BUCKET_NAME --delete file://$TEMP_FILE --no-cli-pager
 fi
 
 
diff --git a/scripts/deprovision-tenant.sh b/scripts/deprovision-tenant.sh
@@ -86,7 +86,7 @@ if [[ $TIER == "PREMIUM" || $TIER == "ADVANCED" ]]; then
   STACK_NAME=$(sed -e 's/^"//' -e 's/"$//' <<<$STACK_NAME)
   echo "Stack name from $TENANT_STACK_MAPPING_TABLE is  $STACK_NAME"
   # Copy to S3 Bucket
-  export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
+  export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$ACCOUNT_ID-$REGION"
   export CDK_SOURCE_NAME="source.zip"
   CDK_PARAM_COMMIT_ID=$(aws cloudformation describe-stacks --stack-name $STACK_NAME --query "Stacks[0].Outputs[?OutputKey=='S3SourceVersion'].OutputValue" --output text)
 
diff --git a/scripts/install.sh b/scripts/install.sh
@@ -8,14 +8,16 @@ if [[ -z "$CDK_PARAM_SYSTEM_ADMIN_EMAIL" ]]; then
 fi
 
 REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')  # Region setting
-export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
+ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+
+export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$ACCOUNT_ID-$REGION"
 
 # Create S3 Bucket for provision source.
 
 if aws s3api head-bucket --bucket $CDK_PARAM_S3_BUCKET_NAME 2>/dev/null; then
     echo "Bucket $CDK_PARAM_S3_BUCKET_NAME already exists."
 else
-    echo "Bucket $CDK_PARAM_S3_BUCKET_NAME does not exist. Creating a new bucket in $REGION region"
+    echo "Bucket $CDK_PARAM_S3_BUCKET_NAME does not exist. Creating a new bucket in $REGION region in $ACCOUNT_ID"
 
     if [ "$REGION" == "us-east-1" ]; then
       aws s3api create-bucket --bucket $CDK_PARAM_S3_BUCKET_NAME
@@ -43,10 +45,10 @@ else
     fi
 fi
 
-echo "Bucket exists2: $CDK_PARAM_S3_BUCKET_NAME"
+echo "Bucket exists: $CDK_PARAM_S3_BUCKET_NAME"
 
 cd ../
-zip -r source.zip . -x ".git/*" -x "**/node_modules/*" -x "**/cdk.out/*" -x "**/.aws-sam/*"
+zip -rq source.zip . -x ".git/*" -x "**/node_modules/*" -x "**/cdk.out/*" -x "**/.aws-sam/*" 
 export CDK_PARAM_COMMIT_ID=$(aws s3api put-object --bucket "${CDK_PARAM_S3_BUCKET_NAME}" --key "source.zip" --body "./source.zip"  --output text)
 
 rm source.zip
@@ -61,18 +63,32 @@ cd ./server
 export ECR_REGION=$(aws ec2 describe-availability-zones --output text --query 'AvailabilityZones[0].[RegionName]')
 export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
 sed "s/<REGION>/$ECR_REGION/g; s/<ACCOUNT_ID>/$ACCOUNT_ID/g" ./service-info.txt > ./lib/service-info.json
-
-npm install
-
 # npx cdk bootstrap
 export CDK_PARAM_ONBOARDING_DETAIL_TYPE='Onboarding'
 export CDK_PARAM_PROVISIONING_DETAIL_TYPE=$CDK_PARAM_ONBOARDING_DETAIL_TYPE
 export CDK_PARAM_OFFBOARDING_DETAIL_TYPE='Offboarding'
 export CDK_PARAM_DEPROVISIONING_DETAIL_TYPE=$CDK_PARAM_OFFBOARDING_DETAIL_TYPE
 export CDK_PARAM_TIER='basic'
+export CDK_PARAM_STAGE='prod'
+
+export CDK_BASIC_CLUSTER="$CDK_PARAM_STAGE-$CDK_PARAM_TIER"
+SERVICES=$(aws ecs list-services --cluster $CDK_BASIC_CLUSTER --query 'serviceArns[*]' --output text)
+for SERVICE in $SERVICES; do
+    SERVICE_NAME=$(echo $SERVICE | rev | cut -d '/' -f 1 | rev)
+
+    echo -n "==== Service Connect Disable: "
+    aws ecs update-service \
+        --cluster $CDK_BASIC_CLUSTER \
+        --service $SERVICE_NAME \
+        --service-connect-configuration 'enabled=false' \
+        --no-cli-pager --query 'service.serviceArn' --output text
+    
+done
+
+npm install
 
 npx cdk bootstrap
-npx cdk deploy --all --require-approval never #--concurrency 10 --asset-parallelism true 
+npx cdk deploy --all --require-approval=never
 
 # Get SaaS application url
 ADMIN_SITE_URL=$(aws cloudformation describe-stacks --stack-name controlplane-stack --query "Stacks[0].Outputs[?OutputKey=='adminSiteUrl'].OutputValue" --output text)
diff --git a/scripts/provision-tenant.sh b/scripts/provision-tenant.sh
@@ -16,7 +16,7 @@ export REGION=$(aws ec2 describe-availability-zones --output text --query 'Avail
 export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
 
 # Download from the ecs reference solution Bucket
-export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$REGION"
+export CDK_PARAM_S3_BUCKET_NAME="saas-reference-architecture-ecs-$ACCOUNT_ID-$REGION"
 export CDK_SOURCE_NAME="source.zip"
 
 VERSIONS=$(aws s3api list-object-versions --bucket "$CDK_PARAM_S3_BUCKET_NAME" --prefix "$CDK_SOURCE_NAME" --query 'Versions[?IsLatest==`true`].{VersionId:VersionId}' --output text 2>&1)
diff --git a/server/bin/ecs-saas-ref-template.ts b/server/bin/ecs-saas-ref-template.ts
@@ -48,7 +48,7 @@ const defaultSystemAdminRoleName = 'SystemAdmin';
 // optional input parameters
 const systemAdminRoleName =
   process.env.CDK_PARAM_SYSTEM_ADMIN_ROLE_NAME || defaultSystemAdminRoleName;
-const stageName = process.env.CDK_PARAM_STAGE_NAME || defaultStageName;
+const stageName = process.env.CDK_PARAM_STAGE || defaultStageName;
 const lambdaReserveConcurrency = Number(
   process.env.CDK_PARAM_LAMBDA_RESERVE_CONCURRENCY || defaultLambdaReserveConcurrency
 );
diff --git a/server/lib/bootstrap-template/core-appplane-stack.ts b/server/lib/bootstrap-template/core-appplane-stack.ts
@@ -45,7 +45,7 @@ export class CoreAppPlaneStack extends cdk.Stack {
       partitionKey: { name: 'tenantId', type: AttributeType.STRING }
     });
 
-    const provisioningJobRunnerProps = {
+    const provisioningScriptJobProps = {
       permissions: PolicyDocument.fromJson(
         JSON.parse(`
 {
@@ -82,7 +82,7 @@ export class CoreAppPlaneStack extends cdk.Stack {
       eventManager: props.eventManager
     };
 
-    const deprovisioningJobRunnerProps = {
+    const deprovisioningScriptJobProps = {
       permissions: PolicyDocument.fromJson(
         JSON.parse(`
 {
@@ -114,17 +114,17 @@ export class CoreAppPlaneStack extends cdk.Stack {
       eventManager: props.eventManager
     };
 
-    const provisioningJobRunner: sbt.BashJobRunner = new sbt.BashJobRunner(this,
-      'provisioningJobRunner', provisioningJobRunnerProps
+    const provisioningScriptJob: sbt.ProvisioningScriptJob = new sbt.ProvisioningScriptJob(this,
+      'provisioningScriptJob', provisioningScriptJobProps
     );
 
-    const deprovisioningJobRunner: sbt.BashJobRunner = new sbt.BashJobRunner(this,
-      'deprovisioningJobRunner', deprovisioningJobRunnerProps
+    const deprovisioningScriptJob: sbt.ProvisioningScriptJob = new sbt.DeprovisioningScriptJob(this,
+      'deprovisioningScriptJob', deprovisioningScriptJobProps
     );
 
     new sbt.CoreApplicationPlane(this, 'coreappplane-sbt', {
       eventManager: props.eventManager,
-      jobRunnersList: [provisioningJobRunner, deprovisioningJobRunner]
+      scriptJobs: [provisioningScriptJob, deprovisioningScriptJob]
     });
 
     const staticSite = new StaticSite(this, 'TenantWebUI', {
diff --git a/server/lib/bootstrap-template/static-site.ts b/server/lib/bootstrap-template/static-site.ts
@@ -6,7 +6,7 @@ import * as s3deployment from 'aws-cdk-lib/aws-s3-deployment';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as s3 from 'aws-cdk-lib/aws-s3';
 import { Construct } from 'constructs';
-import { Fn, RemovalPolicy, StringConcat } from 'aws-cdk-lib';
+import { Fn, RemovalPolicy } from 'aws-cdk-lib';
 import { addTemplateTag } from '../utilities/helper-functions';
 
 
diff --git a/server/lib/cdknag/control-plane-nag.ts b/server/lib/cdknag/control-plane-nag.ts
@@ -120,7 +120,7 @@ export class ControlPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-IAM4',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
           appliesTo: [
             'Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
           ]
@@ -134,7 +134,7 @@ export class ControlPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-L1',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
         }
       ]
     );
@@ -147,7 +147,7 @@ export class ControlPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-S1',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
         }
       ]
     );
@@ -159,7 +159,7 @@ export class ControlPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-CB4',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
         }
       ]
     );
diff --git a/server/lib/cdknag/core-app-plane-nag.ts b/server/lib/cdknag/core-app-plane-nag.ts
@@ -27,8 +27,8 @@ export class CoreAppPlaneNag extends Construct {
     NagSuppressions.addResourceSuppressionsByPath(
       cdk.Stack.of(this),
       [
-        'core-appplane-stack/provisioningJobRunner/codeBuildProvisionProjectRole/Resource',
-        'core-appplane-stack/deprovisioningJobRunner/codeBuildProvisionProjectRole/Resource',
+        'core-appplane-stack/provisioningScriptJob/codeBuildProvisionProjectRole/Resource',
+        'core-appplane-stack/deprovisioningScriptJob/codeBuildProvisionProjectRole/Resource',
       ],
       [
         {
@@ -83,7 +83,7 @@ export class CoreAppPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-IAM4',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
           appliesTo: [
             'Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
           ]
@@ -99,7 +99,7 @@ export class CoreAppPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-S1',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
         }
       ]
     );
@@ -110,7 +110,7 @@ export class CoreAppPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-CB4',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
         }
       ]
     );
@@ -120,7 +120,7 @@ export class CoreAppPlaneNag extends Construct {
       [
         {
           id: 'AwsSolutions-L1',
-          reason: 'CDKBucket substitute codecommit',
+          reason: 'CDK S3 Bucket for Ref',
         }
       ]
     );
diff --git a/server/lib/tenant-template/ecs-cluster.ts b/server/lib/tenant-template/ecs-cluster.ts
@@ -89,7 +89,7 @@ export class EcsCluster extends cdk.NestedStack {
       props.stageName,
     );
 
-    let clusterName = `${props.stageName}-${tenantId}-${timeStr}`;
+    let clusterName = `${props.stageName}-${tenantId}`; //-${timeStr}`;
     if('advanced' === props.tier.toLocaleLowerCase() ) {
       clusterName = `${props.stageName}-advanced-${cdk.Stack.of(this).account}`
     }
@@ -133,7 +133,7 @@ export class EcsCluster extends cdk.NestedStack {
     }  
 
     this.namespace = new HttpNamespace(this, 'CloudMapNamespace', {
-      name: `ecs-sbt.local-${tenantId}`,
+      name: `ecs-sbt.local-${tenantId}-${timeStr}`,
     });
 
     // Read JSON file with container info
diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json

Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ export class ControlPlaneNag extends Construct {`
`120`	`120`	`[`
`121`	`121`	`{`
`122`	`122`	`id: 'AwsSolutions-IAM4',`
`123`		`- reason: 'CDKBucket substitute codecommit',`
	`123`	`+ reason: 'CDK S3 Bucket for Ref',`
`124`	`124`	`appliesTo: [`
`125`	`125`	`'Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'`
`126`	`126`	`]`
`@@ -134,7 +134,7 @@ export class ControlPlaneNag extends Construct {`
`134`	`134`	`[`
`135`	`135`	`{`
`136`	`136`	`id: 'AwsSolutions-L1',`
`137`		`- reason: 'CDKBucket substitute codecommit',`
	`137`	`+ reason: 'CDK S3 Bucket for Ref',`
`138`	`138`	`}`
`139`	`139`	`]`
`140`	`140`	`);`
`@@ -147,7 +147,7 @@ export class ControlPlaneNag extends Construct {`
`147`	`147`	`[`
`148`	`148`	`{`
`149`	`149`	`id: 'AwsSolutions-S1',`
`150`		`- reason: 'CDKBucket substitute codecommit',`
	`150`	`+ reason: 'CDK S3 Bucket for Ref',`
`151`	`151`	`}`
`152`	`152`	`]`
`153`	`153`	`);`
`@@ -159,7 +159,7 @@ export class ControlPlaneNag extends Construct {`
`159`	`159`	`[`
`160`	`160`	`{`
`161`	`161`	`id: 'AwsSolutions-CB4',`
`162`		`- reason: 'CDKBucket substitute codecommit',`
	`162`	`+ reason: 'CDK S3 Bucket for Ref',`
`163`	`163`	`}`
`164`	`164`	`]`
`165`	`165`	`);`
Original file line number	Diff line number	Diff line change
`@@ -27,8 +27,8 @@ export class CoreAppPlaneNag extends Construct {`
`27`	`27`	`NagSuppressions.addResourceSuppressionsByPath(`
`28`	`28`	`cdk.Stack.of(this),`
`29`	`29`	`[`
`30`		`- 'core-appplane-stack/provisioningJobRunner/codeBuildProvisionProjectRole/Resource',`
`31`		`- 'core-appplane-stack/deprovisioningJobRunner/codeBuildProvisionProjectRole/Resource',`
	`30`	`+ 'core-appplane-stack/provisioningScriptJob/codeBuildProvisionProjectRole/Resource',`
	`31`	`+ 'core-appplane-stack/deprovisioningScriptJob/codeBuildProvisionProjectRole/Resource',`
`32`	`32`	`],`
`33`	`33`	`[`
`34`	`34`	`{`
`@@ -83,7 +83,7 @@ export class CoreAppPlaneNag extends Construct {`
`83`	`83`	`[`
`84`	`84`	`{`
`85`	`85`	`id: 'AwsSolutions-IAM4',`
`86`		`- reason: 'CDKBucket substitute codecommit',`
	`86`	`+ reason: 'CDK S3 Bucket for Ref',`
`87`	`87`	`appliesTo: [`
`88`	`88`	`'Policy::arn:<AWS::Partition>:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'`
`89`	`89`	`]`
`@@ -99,7 +99,7 @@ export class CoreAppPlaneNag extends Construct {`
`99`	`99`	`[`
`100`	`100`	`{`
`101`	`101`	`id: 'AwsSolutions-S1',`
`102`		`- reason: 'CDKBucket substitute codecommit',`
	`102`	`+ reason: 'CDK S3 Bucket for Ref',`
`103`	`103`	`}`
`104`	`104`	`]`
`105`	`105`	`);`
`@@ -110,7 +110,7 @@ export class CoreAppPlaneNag extends Construct {`
`110`	`110`	`[`
`111`	`111`	`{`
`112`	`112`	`id: 'AwsSolutions-CB4',`
`113`		`- reason: 'CDKBucket substitute codecommit',`
	`113`	`+ reason: 'CDK S3 Bucket for Ref',`
`114`	`114`	`}`
`115`	`115`	`]`
`116`	`116`	`);`
`@@ -120,7 +120,7 @@ export class CoreAppPlaneNag extends Construct {`
`120`	`120`	`[`
`121`	`121`	`{`
`122`	`122`	`id: 'AwsSolutions-L1',`
`123`		`- reason: 'CDKBucket substitute codecommit',`
	`123`	`+ reason: 'CDK S3 Bucket for Ref',`
`124`	`124`	`}`
`125`	`125`	`]`
`126`	`126`	`);`