-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #14 from aws-solutions-library-samples/2024Mainten…
…ance 2024 maintenance updates
- Loading branch information
Showing
45 changed files
with
5,583 additions
and
4,648 deletions.
There are no files selected for viewing
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| .DS_Store | ||
| .venv | ||
| cdk.context.json | ||
| .vscode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1,47 @@ | ||
| #!/usr/bin/env python3 | ||
| """ | ||
| Description: Guidance for Building a Real Time Bidder for Advertising on AWS (SO9111). | ||
| Deploys AWS CodeBuild and CodePipeline | ||
| """ | ||
| import os | ||
| from aws_cdk import core as cdk | ||
| #Description: Guidance for Building a Real Time Bidder for Advertising on AWS (SO9111). Deploys AWS CodeCommit, CodeBuild and CodePipeline | ||
| # For consistency with TypeScript code, `cdk` is the preferred import name for | ||
| # the CDK's core module. The following line also imports it as `core` for use | ||
| # with examples from the CDK Developer's Guide, which are in the process of | ||
| # being updated to use `cdk`. You may delete this import if you don't need it. | ||
| from aws_cdk import core | ||
| import aws_cdk as cdk | ||
| from cdk_nag import AwsSolutionsChecks, NagSuppressions | ||
|
|
||
| from pipeline.pipeline_stack import PipelineStack | ||
|
|
||
|
|
||
| app = core.App() | ||
| PipelineStack(app, "RTBPipelineStack", | ||
| # If you don't specify 'env', this stack will be environment-agnostic. | ||
| # Account/Region-dependent features and context lookups will not work, | ||
| # but a single synthesized template can be deployed anywhere. | ||
|
|
||
| # Uncomment the next line to specialize this stack for the AWS Account | ||
| # and Region that are implied by the current CLI configuration. | ||
|
|
||
| env=core.Environment( | ||
| account=os.environ["CDK_DEFAULT_ACCOUNT"], | ||
| region=os.environ["CDK_DEFAULT_REGION"]) | ||
|
|
||
| # Uncomment the next line if you know exactly what Account and Region you | ||
| # want to deploy the stack to. */ | ||
|
|
||
| #env=core.Environment(account='XXXXXXXXXXX', region='us-east-1'), | ||
|
|
||
| # For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html | ||
| ) | ||
|
|
||
| app = cdk.App() | ||
| # pass stage as input as needed | ||
| pipeline_stack = PipelineStack(app, | ||
| "RTBPipelineStack", | ||
| env=cdk.Environment( | ||
| account=os.environ["CDK_DEFAULT_ACCOUNT"], | ||
| region=os.environ["CDK_DEFAULT_REGION"]), | ||
| description="Guidance for Building a Real Time Bidder for Advertising on AWS (SO9111). Deploys AWS CodeBuild and CodePipeline that in turn deploys the CFN templates with infra and bidder application on EKS" | ||
| ) | ||
|
|
||
| nag_suppressions = [ | ||
| { | ||
| "id": "AwsSolutions-IAM5", | ||
| "reason": "AWS managed policies are allowed which sometimes uses * in the resources like - AWSGlueServiceRole has aws-glue-* . AWS Managed IAM policies have been allowed to maintain secured access with the ease of operational maintenance - however for more granular control the custom IAM policies can be used instead of AWS managed policies", | ||
| }, | ||
| { | ||
| "id": "AwsSolutions-IAM4", | ||
| "reason": "AWS Managed IAM policies have been allowed to maintain secured access with the ease of operational maintenance - however for more granular control the custom IAM policies can be used instead of AWS managed policies", | ||
| }, | ||
| { | ||
| "id": "AwsSolutions-S1", | ||
| "reason": "S3 Access Logs are enabled for all data buckets. This stack creates a access log bucket which doesnt have its own access log enabled.", | ||
| }, | ||
| { | ||
| 'id': 'AwsSolutions-KMS5', | ||
| 'reason': 'For sample code key rotation is disabled. Customers are encouraged to enable this in their environment', | ||
| }, | ||
| ] | ||
|
|
||
| NagSuppressions.add_stack_suppressions( | ||
| pipeline_stack, | ||
| nag_suppressions, | ||
| apply_to_nested_stacks=True | ||
| ) | ||
| cdk.Aspects.of(app).add(AwsSolutionsChecks()) | ||
| app.synth() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| { | ||
| "dev": { | ||
| "REPO_BRANCH":"main", | ||
| "GITHUB_TOKEN_SECRET_ID": "rtbkit-github-token" | ||
| }, | ||
| "shared": { | ||
| "ROOT_STACK_NAME": "aws-rtbkit", | ||
| "STACK_VARIANT": "DynamoDB", | ||
| "REPO_OWNER":"", | ||
| "REPO_NAME":"" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,25 +1,44 @@ | ||
| { | ||
| "app": "python3 app.py", | ||
| "watch": { | ||
| "include": [ | ||
| "**" | ||
| ], | ||
| "exclude": [ | ||
| "README.md", | ||
| "cdk*.json", | ||
| "requirements*.txt", | ||
| "source.bat", | ||
| "**/__init__.py", | ||
| "pipeline/__pycache__", | ||
| "tests", | ||
| ".venv", | ||
| "pipeline.egg-info" | ||
| ] | ||
| }, | ||
| "context": { | ||
| "dev": { | ||
| "AWS_ACCOUNT_ID": "<Provide AWS Account ID>", | ||
| "RTBKIT_ROOT_STACK_NAME": "<Provide Unique Stack name>", | ||
| "RTBKIT_VARIANT": "<DynamoDB/Aerospike>" | ||
| }, | ||
|
|
||
| "@aws-cdk/core:newStyleStackSynthesis": true, | ||
| "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true, | ||
| "@aws-cdk/core:enableStackNameDuplicates": "true", | ||
| "aws-cdk:enableDiffNoFail": "true", | ||
| "@aws-cdk/core:stackRelativeExports": "true", | ||
| "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true, | ||
| "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true, | ||
| "@aws-cdk/aws-kms:defaultKeyPolicies": true, | ||
| "@aws-cdk/aws-s3:grantWriteWithoutAcl": true, | ||
| "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true, | ||
| "@aws-cdk/aws-rds:lowercaseDbIdentifier": true, | ||
| "@aws-cdk/aws-efs:defaultEncryptionAtRest": true, | ||
| "@aws-cdk/aws-lambda:recognizeVersionProps": true, | ||
| "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true | ||
| "@aws-cdk/aws-lambda:recognizeLayerVersion": true, | ||
| "@aws-cdk/core:checkSecretUsage": true, | ||
| "@aws-cdk/core:target-partitions": [ | ||
| "aws", | ||
| "aws-cn" | ||
| ], | ||
| "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true, | ||
| "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true, | ||
| "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true, | ||
| "@aws-cdk/aws-iam:minimizePolicies": true, | ||
| "@aws-cdk/core:validateSnapshotRemovalPolicy": true, | ||
| "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true, | ||
| "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true, | ||
| "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true, | ||
| "@aws-cdk/aws-apigateway:disableCloudWatchRole": true, | ||
| "@aws-cdk/core:enablePartitionLiterals": true, | ||
| "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true, | ||
| "@aws-cdk/aws-iam:standardizedServicePrincipals": true, | ||
| "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true, | ||
| "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true, | ||
| "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true, | ||
| "@aws-cdk/aws-route53-patters:useCertificate": true, | ||
| "@aws-cdk/customresources:installLatestAwsSdkDefault": false | ||
| } | ||
| } |
Oops, something went wrong.