-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathpackage_cloudformation.sh
executable file
·101 lines (85 loc) · 4.38 KB
/
package_cloudformation.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/bin/bash
# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
set -e
# This script will package the CloudFormation in this directory, and the source code in this repository, and upload it
# to Amazon S3 in preparation for deployment using the AWS CloudFormation service.
#
# This script exists because Service Catalog products, when using relative references to cloudformation templates are
# not properly packaged by the AWS cli. Also the full stack, due to 2 levels of Service Catalog deployment will not
# always package properly using the AWS cli.
# This script treats the templates as source code and packages them, putting the results into a 'build' subdirectory.
# This script assumes a Linux or MacOSX environment and relies on the following software packages being installed:
# . - AWS Command Line Interface (CLI)
# . - sed
# . - Python 3 / pip3
# . - zip
# PLEASE NOTE this script will store all resources to an Amazon S3 bucket s3://${CFN_BUCKET_NAME}/${PROJECT_NAME}
# Set AWS_DEFAULT_REGION and AWS_PROFILE variables in environment if needed
QUICKSTART_MODE=true
CFN_BUCKET_NAME=${CFN_BUCKET_NAME:="secure-data-science-cloudformation-$RANDOM-$AWS_DEFAULT_REGION"}
PROJECT_NAME="quickstart"
# files that won't be uploaded by `aws cloudformation package`
UPLOAD_LIST="ds_environment.yaml project_template.zip ds_administration.yaml ds_env_studio_user_profile_v1.yaml ds_env_studio_user_profile_v2.yaml ds_env_sagemaker_studio.yaml"
# files that need to be scrubbed with sed to replace < S3_CFN_STAGING_BUCKET > with an actual S3 bucket name
SELF_PACKAGE_LIST="ds_administration.yaml ds_env_backing_store.yaml"
# files to be packaged using `aws cloudformation package`
AWS_PACKAGE_LIST="ds_environment.yaml ds_administration.yaml"
TMP_OUTPUT_DIR="/tmp/build/${AWS_DEFAULT_REGION}"
PUBLISH_PYPI=${PUBLISH_PYPI:True}
if aws s3 ls s3://${CFN_BUCKET_NAME} 2>&1 | grep NoSuchBucket
then
echo Creating Amazon S3 bucket ${CFN_BUCKET_NAME}
aws s3 mb s3://${CFN_BUCKET_NAME}
aws s3api put-public-access-block --bucket ${CFN_BUCKET_NAME} --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
fi
echo Preparing content for publication to Amazon S3 s3://${CFN_BUCKET_NAME}
## clean away any previous builds of the CFN
rm -fr ${TMP_OUTPUT_DIR}
mkdir -p ${TMP_OUTPUT_DIR}
cp cloudformation/*.yaml ${TMP_OUTPUT_DIR}
echo "Zipping code sample..."
pushd src/project_template
zip -r ${TMP_OUTPUT_DIR}/project_template.zip ./*
popd
echo "Zipping detective control..."
pushd src/detective_control
zip -r ${TMP_OUTPUT_DIR}/vpc_detective_control.zip ./*
popd
## publish materials to target AWS regions
REGION=${AWS_DEFAULT_REGION:="us-west-2"}
echo Publishing CloudFormation to ${REGION}
echo "Clearing ${CFN_BUCKET_NAME}..."
echo "Self-packaging some Cloudformation templates..."
for fname in ${SELF_PACKAGE_LIST};
do
sed -ie "s/< S3_CFN_STAGING_PATH >/${PROJECT_NAME}/" ${TMP_OUTPUT_DIR}/${fname}
sed -ie "s/< S3_CFN_STAGING_BUCKET >/${CFN_BUCKET_NAME}/" ${TMP_OUTPUT_DIR}/${fname}
sed -ie "s/< S3_CFN_STAGING_BUCKET_PATH >/${CFN_BUCKET_NAME}\/${PROJECT_NAME}/" ${TMP_OUTPUT_DIR}/${fname}
done
echo "Packaging Cloudformation templates..."
for fname in ${AWS_PACKAGE_LIST};
do
pushd ${TMP_OUTPUT_DIR}
aws cloudformation package \
--template-file ${fname} \
--s3-bucket ${CFN_BUCKET_NAME} \
--s3-prefix ${PROJECT_NAME} \
--output-template-file ${TMP_OUTPUT_DIR}/${fname}-${REGION} \
--region ${REGION}
popd
done
# push files to S3, note this does not 'package' the templates
echo "Copying cloudformation templates and files to S3..."
for fname in ${UPLOAD_LIST};
do
if [ -f ${TMP_OUTPUT_DIR}/${fname}-${REGION} ]; then
aws s3 cp ${TMP_OUTPUT_DIR}/${fname}-${REGION} s3://${CFN_BUCKET_NAME}/${PROJECT_NAME}/${fname}
else
aws s3 cp ${TMP_OUTPUT_DIR}/${fname} s3://${CFN_BUCKET_NAME}/${PROJECT_NAME}/${fname}
fi
done
echo ==================================================
echo "Publication complete"
echo "To deploy execute:"
echo " aws cloudformation create-stack --template-url https://s3.${REGION}.amazonaws.com/${CFN_BUCKET_NAME}/${PROJECT_NAME}/ds_administration.yaml --region ${REGION} --stack-name secure-ds-shared-service --capabilities CAPABILITY_NAMED_IAM --parameters ParameterKey=QuickstartMode,ParameterValue=${QUICKSTART_MODE} "