update appregistry config to support multiple deployments and allow s3 to name bucket (#180)

Author: brandold

deployment/efs-file-manager-web.yaml

@@ -32,70 +32,23 @@ Mappings:
       WebsitePrefix: "simple-file-manager-for-amazon-efs/%%VERSION%%/website"
 
 Resources:
-  WebsiteBucketNameFunction:
-    Type: AWS::Lambda::Function
+  EFSFileSimpleLoggingBucket:
+    Type: 'AWS::S3::Bucket'
     Metadata:
-        cfn_nag:
-          rules_to_suppress:
-            - id: W89
-              reason: "Custom resource deployed in default VPC"
-            - id: W92
-              reason: "ReservedConcurrentExecutions not needed since this function runs once when CloudFormation deploys"
-    Properties:
-      Code:
-        ZipFile: |
-          import string
-          import random
-          import cfnresponse
-          def handler(event, context):
-              stack_name = event['StackId'].split('/')[1].split('-Uuid')[0]
-              response_data = {'Data': stack_name.lower() + '-website'}
-              cfnresponse.send(event, context, cfnresponse.SUCCESS, response_data, "CustomResourcePhysicalID")
-      Handler: index.handler
-      Runtime: python3.8
-      Role: !GetAtt WebsiteBucketNameExecutionRole.Arn
-  WebsiteBucketNameFunctionPermissions:
-    Type: AWS::Lambda::Permission
-    Properties:
-      Action: 'lambda:InvokeFunction'
-      FunctionName: !GetAtt WebsiteBucketNameFunction.Arn
-      Principal: 'cloudformation.amazonaws.com'
-  WebsiteBucketNameExecutionRole:
-    Type: AWS::IAM::Role
-    Properties:
-      AssumeRolePolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          - Effect: Allow
-            Principal:
-              Service:
-                - lambda.amazonaws.com
-            Action:
-              - sts:AssumeRole
-      Path: /
-      Policies:
-        - PolicyName: root
-          PolicyDocument:
-            Version: 2012-10-17
-            Statement:
-              - Effect: Allow
-                Action:
-                  - logs:CreateLogGroup
-                  - logs:CreateLogStream
-                  - logs:PutLogEvents
-                Resource: 
-                  !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*
-  GetWebsiteBucketName:
-    Type: Custom::CustomResource
+      cfn_nag:
+        rules_to_suppress:
+          - id: W35
+            reason: "Logs bucket does not require logging configuration"
+          - id: W51
+            reason: "Logs bucket is private and does not require a bucket policy"
     Properties:
-      ServiceToken: !GetAtt WebsiteBucketNameFunction.Arn
+      AccessControl: LogDeliveryWrite
 
   EFSFileSimpleWebsiteBucket:
     Type: AWS::S3::Bucket
     DeletionPolicy: Retain
     Properties:
       AccessControl: LogDeliveryWrite
-      BucketName: !GetAtt GetWebsiteBucketName.Data
       BucketEncryption:
         ServerSideEncryptionConfiguration:
           - ServerSideEncryptionByDefault:
@@ -104,7 +57,7 @@ Resources:
         IndexDocument: "index.html"
         ErrorDocument: "index.html"
       LoggingConfiguration:
-        DestinationBucketName: !GetAtt GetWebsiteBucketName.Data
+        DestinationBucketName: !Ref EFSFileSimpleLoggingBucket
         LogFilePrefix: "access_logs/"
       LifecycleConfiguration:
         Rules:
@@ -181,7 +134,7 @@ Resources:
       DistributionConfig:
         Comment: "Website distribution for Simple File Manager for EFS Solution"
         Logging:
-          Bucket: !Sub "${EFSFileSimpleWebsiteBucket}.s3.amazonaws.com"
+          Bucket: !Sub "${EFSFileSimpleLoggingBucket}.s3.amazonaws.com"
           Prefix: cf_logs/
           IncludeCookies: true
         Origins:

deployment/simple-file-manager-for-amazon-efs.yaml

@@ -28,7 +28,7 @@ Mappings:
     Data:
       ID: "SO0145" 
       Version: "%%VERSION%%"
-      AppRegistryApplicationName: "simple-file-manager-efs"
+      AppRegistryApplicationName: "sfm"
       SolutionName: "Simple File Manager for Amazon EFS"
       ApplicationType: "AWS-Solutions"
       AttributeGroupName: "Solution-Metadata"
@@ -44,18 +44,19 @@ Resources:
     Type: AWS::ServiceCatalogAppRegistry::Application
     Properties:
       Description: Service Catalog application to track and manage all your resources. The Solution ID is SO0145 and Solution Version is %%VERSION%%.
-      Name:
+      Name: 
         !Join
           - "-"
           - - !FindInMap [Solution, Data, "AppRegistryApplicationName"]
             - !Ref AWS::Region
             - !Ref AWS::AccountId
+            - !Ref AWS::StackName 
       Tags: {
-      'Solutions:SolutionID': !FindInMap [Solution, Data, "ID"],
-      'Solutions:SolutionName': !FindInMap [Solution, Data, "SolutionName"],
-      'Solutions:SolutionVersion': !FindInMap [Solution, Data, "Version"],
-      'Solutions:ApplicationType': !FindInMap [Solution, Data, "ApplicationType"],
-      }
+            'Solutions:SolutionID': !FindInMap [Solution, Data, "ID"],
+            'Solutions:SolutionVersion': !FindInMap [Solution, Data, "Version"],
+            'Solutions:SolutionName': !FindInMap [Solution, Data, "SolutionName"],
+            'Solutions:ApplicationType': !FindInMap [Solution, Data, "ApplicationType"], 
+            }
 
   AppRegistryApplicationStackAssociation0:
     Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation
@@ -92,9 +93,9 @@ Resources:
   DefaultApplicationAttributes:
     Type: AWS::ServiceCatalogAppRegistry::AttributeGroup
     Properties:
-      Name: !FindInMap [Solution, Data, "AttributeGroupName"]
+      Name: !Ref AWS::StackName
       Description: Attribute group for solution information.
-      Attributes:       
+      Attributes:
         { "ApplicationType" : !FindInMap [Solution, Data, "ApplicationType"],
           "Version": !FindInMap [Solution, Data, "Version"],
           "SolutionID": !FindInMap [Solution, Data, "ID"],
@@ -119,6 +120,7 @@ Resources:
             - !FindInMap [Solution, Data, "AppRegistryApplicationName"]
             - !Ref AWS::Region
             - !Ref AWS::AccountId
+            - !Ref AWS::StackName
       AutoConfigurationEnabled: true
       CWEMonitorEnabled: true
       OpsCenterEnabled: true