@fjall/components-infrastructure 0.12.0 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/patterns/aws/ec2.d.ts +43 -0
- package/dist/lib/patterns/aws/ec2.js +123 -0
- package/package.json +3 -3
- package/dist/lib/config/aws/bootstrap.d.ts +0 -12
- package/dist/lib/config/aws/bootstrap.js +0 -72
- package/dist/lib/config/aws/bootstrap.original.d.ts +0 -13
- package/dist/lib/config/aws/bootstrap.original.js +0 -94
- package/dist/lib/config/aws/bootstrapAccounts.d.ts +0 -12
- package/dist/lib/config/aws/bootstrapAccounts.js +0 -89
- package/dist/lib/config/aws/bootstrapMultiRegion.example.d.ts +0 -15
- package/dist/lib/config/aws/bootstrapMultiRegion.example.js +0 -105
- package/dist/lib/config/aws/bootstrapSelfManaged.example.d.ts +0 -13
- package/dist/lib/config/aws/bootstrapSelfManaged.example.js +0 -56
- package/dist/lib/config/aws/managedAccountStackSet.d.ts +0 -16
- package/dist/lib/config/aws/managedAccountStackSet.js +0 -75
- package/dist/lib/config/aws/managedPlatformStackSet.d.ts +0 -24
- package/dist/lib/config/aws/managedPlatformStackSet.js +0 -101
- package/dist/lib/patterns/aws/managedAccountStackSet.d.ts +0 -11
- package/dist/lib/patterns/aws/managedAccountStackSet.js +0 -36
- package/dist/lib/patterns/aws/managedPlatformStackSet.d.ts +0 -17
- package/dist/lib/patterns/aws/managedPlatformStackSet.js +0 -45
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.d.ts +0 -11
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.js +0 -102
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.d.ts +0 -24
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.js +0 -246
|
@@ -1,105 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AlternativeMultiRegionApproach = exports.MultiRegionStackSetExample = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const resources_1 = require("../../resources");
|
|
7
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
8
|
-
const lambda = require("aws-cdk-lib/aws-lambda");
|
|
9
|
-
const s3_deployment = require("aws-cdk-lib/aws-s3-deployment");
|
|
10
|
-
class MultiRegionStackSetExample extends constructs_1.Construct {
|
|
11
|
-
constructor(scope, id, props) {
|
|
12
|
-
super(scope, id);
|
|
13
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
14
|
-
// Step 1: Create asset buckets for each region
|
|
15
|
-
const bucketPrefix = "fjall-stackset-assets";
|
|
16
|
-
const assetBuckets = {};
|
|
17
|
-
for (const region of props.regions) {
|
|
18
|
-
const bucket = new resources_1.S3Bucket(this, `AssetBucket${region}`, {
|
|
19
|
-
bucketName: `${bucketPrefix}-${region}-${stack.account}`
|
|
20
|
-
});
|
|
21
|
-
// Grant read access to the entire organisation
|
|
22
|
-
bucket.addToResourcePolicy(new aws_iam_1.PolicyStatement({
|
|
23
|
-
actions: ["s3:Get*", "s3:List*"],
|
|
24
|
-
resources: [bucket.arnForObjects("*"), bucket.bucketArn],
|
|
25
|
-
principals: [new aws_iam_1.OrganizationPrincipal(props.organisationId)]
|
|
26
|
-
}));
|
|
27
|
-
assetBuckets[region] = bucket;
|
|
28
|
-
}
|
|
29
|
-
// Step 2: Create a separate stack for the StackSet template
|
|
30
|
-
const templateStack = new aws_cdk_lib_1.Stack(this, "TemplateStack");
|
|
31
|
-
// Step 3: Create a mapping for asset buckets by region
|
|
32
|
-
const bucketMapping = new aws_cdk_lib_1.CfnMapping(templateStack, "AssetBuckets", {
|
|
33
|
-
mapping: Object.fromEntries(props.regions.map((region) => [
|
|
34
|
-
region,
|
|
35
|
-
{ BucketName: `${bucketPrefix}-${region}-${stack.account}` }
|
|
36
|
-
]))
|
|
37
|
-
});
|
|
38
|
-
// Step 4: Example Lambda function that uses region-specific assets
|
|
39
|
-
new lambda.CfnFunction(templateStack, "ExampleFunction", {
|
|
40
|
-
runtime: "nodejs18.x",
|
|
41
|
-
handler: "index.handler",
|
|
42
|
-
role: "arn:aws:iam::123456789012:role/lambda-role", // This would be created separately
|
|
43
|
-
code: {
|
|
44
|
-
s3Bucket: bucketMapping.findInMap(aws_cdk_lib_1.Fn.ref("AWS::Region"), "BucketName"),
|
|
45
|
-
s3Key: "lambda-code.zip"
|
|
46
|
-
}
|
|
47
|
-
// ... other properties
|
|
48
|
-
});
|
|
49
|
-
// Step 5: Deploy assets to each region's bucket
|
|
50
|
-
for (const [region, bucket] of Object.entries(assetBuckets)) {
|
|
51
|
-
new s3_deployment.BucketDeployment(this, `AssetDeployment${region}`, {
|
|
52
|
-
sources: [s3_deployment.Source.asset("./lambda-code")],
|
|
53
|
-
destinationBucket: bucket,
|
|
54
|
-
destinationKeyPrefix: "/"
|
|
55
|
-
// Note: BucketDeployment doesn't support region parameter
|
|
56
|
-
// Assets are deployed to the bucket's region automatically
|
|
57
|
-
});
|
|
58
|
-
}
|
|
59
|
-
// Step 6: Synthesize the template and upload it
|
|
60
|
-
// Note: This is conceptual - in practice you'd need to:
|
|
61
|
-
// 1. Use a separate CDK app to synthesize the template
|
|
62
|
-
// 2. Upload it to S3
|
|
63
|
-
// 3. Reference it via templateUrl
|
|
64
|
-
// For now, we'll use a placeholder
|
|
65
|
-
// Step 7: Create the StackSet
|
|
66
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
67
|
-
permissionModel: "SERVICE_MANAGED",
|
|
68
|
-
stackSetName: `MultiRegionStackSet-${stack.stackName}`,
|
|
69
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
70
|
-
templateUrl: `https://${props.templateBucket.bucketName}.s3.amazonaws.com/stackset-template.json`,
|
|
71
|
-
autoDeployment: {
|
|
72
|
-
enabled: true,
|
|
73
|
-
retainStacksOnAccountRemoval: false
|
|
74
|
-
},
|
|
75
|
-
callAs: "DELEGATED_ADMIN",
|
|
76
|
-
operationPreferences: {
|
|
77
|
-
regionConcurrencyType: "PARALLEL",
|
|
78
|
-
maxConcurrentPercentage: 100,
|
|
79
|
-
failureTolerancePercentage: 10
|
|
80
|
-
},
|
|
81
|
-
stackInstancesGroup: [
|
|
82
|
-
{
|
|
83
|
-
deploymentTargets: {
|
|
84
|
-
accounts: props.orgAccounts
|
|
85
|
-
},
|
|
86
|
-
regions: props.regions
|
|
87
|
-
}
|
|
88
|
-
]
|
|
89
|
-
});
|
|
90
|
-
}
|
|
91
|
-
}
|
|
92
|
-
exports.MultiRegionStackSetExample = MultiRegionStackSetExample;
|
|
93
|
-
// Alternative approach using CDK Pipelines for multi-region deployment
|
|
94
|
-
class AlternativeMultiRegionApproach extends constructs_1.Construct {
|
|
95
|
-
constructor(scope, id, props) {
|
|
96
|
-
super(scope, id);
|
|
97
|
-
// For complex multi-region deployments with assets, consider:
|
|
98
|
-
// 1. Using CDK Pipelines instead of StackSets
|
|
99
|
-
// 2. Creating separate stacks per region/account
|
|
100
|
-
// 3. Using AWS CodePipeline to orchestrate deployments
|
|
101
|
-
// This gives you better control over asset handling and deployment order
|
|
102
|
-
}
|
|
103
|
-
}
|
|
104
|
-
exports.AlternativeMultiRegionApproach = AlternativeMultiRegionApproach;
|
|
105
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwTXVsdGlSZWdpb24uZXhhbXBsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL2Jvb3RzdHJhcE11bHRpUmVnaW9uLmV4YW1wbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWlFO0FBQ2pFLDJDQUF1QztBQUN2QywrQ0FBMkM7QUFDM0MsaURBQTZFO0FBQzdFLGlEQUFpRDtBQUNqRCwrREFBK0Q7QUFTL0QsTUFBYSwwQkFBMkIsU0FBUSxzQkFBUztJQUN2RCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQStCO1FBQ3ZFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxLQUFLLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFN0IsK0NBQStDO1FBQy9DLE1BQU0sWUFBWSxHQUFHLHVCQUF1QixDQUFDO1FBQzdDLE1BQU0sWUFBWSxHQUFtQyxFQUFFLENBQUM7UUFFeEQsS0FBSyxNQUFNLE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDbkMsTUFBTSxNQUFNLEdBQUcsSUFBSSxvQkFBUSxDQUFDLElBQUksRUFBRSxjQUFjLE1BQU0sRUFBRSxFQUFFO2dCQUN4RCxVQUFVLEVBQUUsR0FBRyxZQUFZLElBQUksTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUU7YUFDekQsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLE1BQU0sQ0FBQyxtQkFBbUIsQ0FDeEIsSUFBSSx5QkFBZSxDQUFDO2dCQUNsQixPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDO2dCQUNoQyxTQUFTLEVBQUUsQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxTQUFTLENBQUM7Z0JBQ3hELFVBQVUsRUFBRSxDQUFDLElBQUksK0JBQXFCLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFDO2FBQzlELENBQUMsQ0FDSCxDQUFDO1lBRUYsWUFBWSxDQUFDLE1BQU0sQ0FBQyxHQUFHLE1BQU0sQ0FBQztRQUNoQyxDQUFDO1FBRUQsNERBQTREO1FBQzVELE1BQU0sYUFBYSxHQUFHLElBQUksbUJBQUssQ0FBQyxJQUFJLEVBQUUsZUFBZSxDQUFDLENBQUM7UUFFdkQsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLElBQUksd0JBQVUsQ0FBQyxhQUFhLEVBQUUsY0FBYyxFQUFFO1lBQ2xFLE9BQU8sRUFBRSxNQUFNLENBQUMsV0FBVyxDQUN6QixLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUM7Z0JBQzVCLE1BQU07Z0JBQ04sRUFBRSxVQUFVLEVBQUUsR0FBRyxZQUFZLElBQUksTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRTthQUM3RCxDQUFDLENBQ0g7U0FDRixDQUFDLENBQUM7UUFFSCxtRUFBbUU7UUFDbkUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLGFBQWEsRUFBRSxpQkFBaUIsRUFBRTtZQUN2RCxPQUFPLEVBQUUsWUFBWTtZQUNyQixPQUFPLEVBQUUsZUFBZTtZQUN4QixJQUFJLEVBQUUsNENBQTRDLEVBQUUsbUNBQW1DO1lBQ3ZGLElBQUksRUFBRTtnQkFDSixRQUFRLEVBQUUsYUFBYSxDQUFDLFNBQVMsQ0FBQyxnQkFBRSxDQUFDLEdBQUcsQ0FBQyxhQUFhLENBQUMsRUFBRSxZQUFZLENBQUM7Z0JBQ3RFLEtBQUssRUFBRSxpQkFBaUI7YUFDekI7WUFDRCx1QkFBdUI7U0FDeEIsQ0FBQyxDQUFDO1FBRUgsZ0RBQWdEO1FBQ2hELEtBQUssTUFBTSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDNUQsSUFBSSxhQUFhLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLGtCQUFrQixNQUFNLEVBQUUsRUFBRTtnQkFDbkUsT0FBTyxFQUFFLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLENBQUM7Z0JBQ3RELGlCQUFpQixFQUFFLE1BQU07Z0JBQ3pCLG9CQUFvQixFQUFFLEdBQUc7Z0JBQ3pCLDBEQUEwRDtnQkFDMUQsMkRBQTJEO2FBQzVELENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsd0RBQXdEO1FBQ3hELHVEQUF1RDtRQUN2RCxxQkFBcUI7UUFDckIsa0NBQWtDO1FBQ2xDLG1DQUFtQztRQUVuQyw4QkFBOEI7UUFDOUIsSUFBSSx5QkFBVyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDaEMsZUFBZSxFQUFFLGlCQUFpQjtZQUNsQyxZQUFZLEVBQUUsdUJBQXVCLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDdEQsWUFBWSxFQUFFLENBQUMsc0JBQXNCLENBQUM7WUFDdEMsV0FBVyxFQUFFLFdBQVcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxVQUFVLDBDQUEwQztZQUNqRyxjQUFjLEVBQUU7Z0JBQ2QsT0FBTyxFQUFFLElBQUk7Z0JBQ2IsNEJBQTRCLEVBQUUsS0FBSzthQUNwQztZQUNELE1BQU0sRUFBRSxpQkFBaUI7WUFDekIsb0JBQW9CLEVBQUU7Z0JBQ3BCLHFCQUFxQixFQUFFLFVBQVU7Z0JBQ2pDLHVCQUF1QixFQUFFLEdBQUc7Z0JBQzVCLDBCQUEwQixFQUFFLEVBQUU7YUFDL0I7WUFDRCxtQkFBbUIsRUFBRTtnQkFDbkI7b0JBQ0UsaUJBQWlCLEVBQUU7d0JBQ2pCLFFBQVEsRUFBRSxLQUFLLENBQUMsV0FBVztxQkFDNUI7b0JBQ0QsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO2lCQUN2QjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBaEdELGdFQWdHQztBQUVELHVFQUF1RTtBQUN2RSxNQUFhLDhCQUErQixTQUFRLHNCQUFTO0lBQzNELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBK0I7UUFDdkUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQiw4REFBOEQ7UUFDOUQsOENBQThDO1FBQzlDLGlEQUFpRDtRQUNqRCx1REFBdUQ7UUFFdkQseUVBQXlFO0lBQzNFLENBQUM7Q0FDRjtBQVhELHdFQVdDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU3RhY2ssIENmblN0YWNrU2V0LCBDZm5NYXBwaW5nLCBGbiB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IFMzQnVja2V0IH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlc1wiO1xuaW1wb3J0IHsgT3JnYW5pemF0aW9uUHJpbmNpcGFsLCBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiO1xuaW1wb3J0ICogYXMgbGFtYmRhIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbGFtYmRhXCI7XG5pbXBvcnQgKiBhcyBzM19kZXBsb3ltZW50IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczMtZGVwbG95bWVudFwiO1xuXG5pbnRlcmZhY2UgTXVsdGlSZWdpb25TdGFja1NldFByb3BzIHtcbiAgb3JnQWNjb3VudHM6IHN0cmluZ1tdO1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgTXVsdGlSZWdpb25TdGFja1NldEV4YW1wbGUgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogTXVsdGlSZWdpb25TdGFja1NldFByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHN0YWNrID0gU3RhY2sub2YodGhpcyk7XG5cbiAgICAvLyBTdGVwIDE6IENyZWF0ZSBhc3NldCBidWNrZXRzIGZvciBlYWNoIHJlZ2lvblxuICAgIGNvbnN0IGJ1Y2tldFByZWZpeCA9IFwiZmphbGwtc3RhY2tzZXQtYXNzZXRzXCI7XG4gICAgY29uc3QgYXNzZXRCdWNrZXRzOiB7IFtyZWdpb246IHN0cmluZ106IFMzQnVja2V0IH0gPSB7fTtcblxuICAgIGZvciAoY29uc3QgcmVnaW9uIG9mIHByb3BzLnJlZ2lvbnMpIHtcbiAgICAgIGNvbnN0IGJ1Y2tldCA9IG5ldyBTM0J1Y2tldCh0aGlzLCBgQXNzZXRCdWNrZXQke3JlZ2lvbn1gLCB7XG4gICAgICAgIGJ1Y2tldE5hbWU6IGAke2J1Y2tldFByZWZpeH0tJHtyZWdpb259LSR7c3RhY2suYWNjb3VudH1gXG4gICAgICB9KTtcblxuICAgICAgLy8gR3JhbnQgcmVhZCBhY2Nlc3MgdG8gdGhlIGVudGlyZSBvcmdhbmlzYXRpb25cbiAgICAgIGJ1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXCJzMzpHZXQqXCIsIFwiczM6TGlzdCpcIl0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbYnVja2V0LmFybkZvck9iamVjdHMoXCIqXCIpLCBidWNrZXQuYnVja2V0QXJuXSxcbiAgICAgICAgICBwcmluY2lwYWxzOiBbbmV3IE9yZ2FuaXphdGlvblByaW5jaXBhbChwcm9wcy5vcmdhbmlzYXRpb25JZCldXG4gICAgICAgIH0pXG4gICAgICApO1xuXG4gICAgICBhc3NldEJ1Y2tldHNbcmVnaW9uXSA9IGJ1Y2tldDtcbiAgICB9XG5cbiAgICAvLyBTdGVwIDI6IENyZWF0ZSBhIHNlcGFyYXRlIHN0YWNrIGZvciB0aGUgU3RhY2tTZXQgdGVtcGxhdGVcbiAgICBjb25zdCB0ZW1wbGF0ZVN0YWNrID0gbmV3IFN0YWNrKHRoaXMsIFwiVGVtcGxhdGVTdGFja1wiKTtcblxuICAgIC8vIFN0ZXAgMzogQ3JlYXRlIGEgbWFwcGluZyBmb3IgYXNzZXQgYnVja2V0cyBieSByZWdpb25cbiAgICBjb25zdCBidWNrZXRNYXBwaW5nID0gbmV3IENmbk1hcHBpbmcodGVtcGxhdGVTdGFjaywgXCJBc3NldEJ1Y2tldHNcIiwge1xuICAgICAgbWFwcGluZzogT2JqZWN0LmZyb21FbnRyaWVzKFxuICAgICAgICBwcm9wcy5yZWdpb25zLm1hcCgocmVnaW9uKSA9PiBbXG4gICAgICAgICAgcmVnaW9uLFxuICAgICAgICAgIHsgQnVja2V0TmFtZTogYCR7YnVja2V0UHJlZml4fS0ke3JlZ2lvbn0tJHtzdGFjay5hY2NvdW50fWAgfVxuICAgICAgICBdKVxuICAgICAgKVxuICAgIH0pO1xuXG4gICAgLy8gU3RlcCA0OiBFeGFtcGxlIExhbWJkYSBmdW5jdGlvbiB0aGF0IHVzZXMgcmVnaW9uLXNwZWNpZmljIGFzc2V0c1xuICAgIG5ldyBsYW1iZGEuQ2ZuRnVuY3Rpb24odGVtcGxhdGVTdGFjaywgXCJFeGFtcGxlRnVuY3Rpb25cIiwge1xuICAgICAgcnVudGltZTogXCJub2RlanMxOC54XCIsXG4gICAgICBoYW5kbGVyOiBcImluZGV4LmhhbmRsZXJcIixcbiAgICAgIHJvbGU6IFwiYXJuOmF3czppYW06OjEyMzQ1Njc4OTAxMjpyb2xlL2xhbWJkYS1yb2xlXCIsIC8vIFRoaXMgd291bGQgYmUgY3JlYXRlZCBzZXBhcmF0ZWx5XG4gICAgICBjb2RlOiB7XG4gICAgICAgIHMzQnVja2V0OiBidWNrZXRNYXBwaW5nLmZpbmRJbk1hcChGbi5yZWYoXCJBV1M6OlJlZ2lvblwiKSwgXCJCdWNrZXROYW1lXCIpLFxuICAgICAgICBzM0tleTogXCJsYW1iZGEtY29kZS56aXBcIlxuICAgICAgfVxuICAgICAgLy8gLi4uIG90aGVyIHByb3BlcnRpZXNcbiAgICB9KTtcblxuICAgIC8vIFN0ZXAgNTogRGVwbG95IGFzc2V0cyB0byBlYWNoIHJlZ2lvbidzIGJ1Y2tldFxuICAgIGZvciAoY29uc3QgW3JlZ2lvbiwgYnVja2V0XSBvZiBPYmplY3QuZW50cmllcyhhc3NldEJ1Y2tldHMpKSB7XG4gICAgICBuZXcgczNfZGVwbG95bWVudC5CdWNrZXREZXBsb3ltZW50KHRoaXMsIGBBc3NldERlcGxveW1lbnQke3JlZ2lvbn1gLCB7XG4gICAgICAgIHNvdXJjZXM6IFtzM19kZXBsb3ltZW50LlNvdXJjZS5hc3NldChcIi4vbGFtYmRhLWNvZGVcIildLFxuICAgICAgICBkZXN0aW5hdGlvbkJ1Y2tldDogYnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCIvXCJcbiAgICAgICAgLy8gTm90ZTogQnVja2V0RGVwbG95bWVudCBkb2Vzbid0IHN1cHBvcnQgcmVnaW9uIHBhcmFtZXRlclxuICAgICAgICAvLyBBc3NldHMgYXJlIGRlcGxveWVkIHRvIHRoZSBidWNrZXQncyByZWdpb24gYXV0b21hdGljYWxseVxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgLy8gU3RlcCA2OiBTeW50aGVzaXplIHRoZSB0ZW1wbGF0ZSBhbmQgdXBsb2FkIGl0XG4gICAgLy8gTm90ZTogVGhpcyBpcyBjb25jZXB0dWFsIC0gaW4gcHJhY3RpY2UgeW91J2QgbmVlZCB0bzpcbiAgICAvLyAxLiBVc2UgYSBzZXBhcmF0ZSBDREsgYXBwIHRvIHN5bnRoZXNpemUgdGhlIHRlbXBsYXRlXG4gICAgLy8gMi4gVXBsb2FkIGl0IHRvIFMzXG4gICAgLy8gMy4gUmVmZXJlbmNlIGl0IHZpYSB0ZW1wbGF0ZVVybFxuICAgIC8vIEZvciBub3csIHdlJ2xsIHVzZSBhIHBsYWNlaG9sZGVyXG5cbiAgICAvLyBTdGVwIDc6IENyZWF0ZSB0aGUgU3RhY2tTZXRcbiAgICBuZXcgQ2ZuU3RhY2tTZXQodGhpcywgXCJTdGFja1NldFwiLCB7XG4gICAgICBwZXJtaXNzaW9uTW9kZWw6IFwiU0VSVklDRV9NQU5BR0VEXCIsXG4gICAgICBzdGFja1NldE5hbWU6IGBNdWx0aVJlZ2lvblN0YWNrU2V0LSR7c3RhY2suc3RhY2tOYW1lfWAsXG4gICAgICBjYXBhYmlsaXRpZXM6IFtcIkNBUEFCSUxJVFlfTkFNRURfSUFNXCJdLFxuICAgICAgdGVtcGxhdGVVcmw6IGBodHRwczovLyR7cHJvcHMudGVtcGxhdGVCdWNrZXQuYnVja2V0TmFtZX0uczMuYW1hem9uYXdzLmNvbS9zdGFja3NldC10ZW1wbGF0ZS5qc29uYCxcbiAgICAgIGF1dG9EZXBsb3ltZW50OiB7XG4gICAgICAgIGVuYWJsZWQ6IHRydWUsXG4gICAgICAgIHJldGFpblN0YWNrc09uQWNjb3VudFJlbW92YWw6IGZhbHNlXG4gICAgICB9LFxuICAgICAgY2FsbEFzOiBcIkRFTEVHQVRFRF9BRE1JTlwiLFxuICAgICAgb3BlcmF0aW9uUHJlZmVyZW5jZXM6IHtcbiAgICAgICAgcmVnaW9uQ29uY3VycmVuY3lUeXBlOiBcIlBBUkFMTEVMXCIsXG4gICAgICAgIG1heENvbmN1cnJlbnRQZXJjZW50YWdlOiAxMDAsXG4gICAgICAgIGZhaWx1cmVUb2xlcmFuY2VQZXJjZW50YWdlOiAxMFxuICAgICAgfSxcbiAgICAgIHN0YWNrSW5zdGFuY2VzR3JvdXA6IFtcbiAgICAgICAge1xuICAgICAgICAgIGRlcGxveW1lbnRUYXJnZXRzOiB7XG4gICAgICAgICAgICBhY2NvdW50czogcHJvcHMub3JnQWNjb3VudHNcbiAgICAgICAgICB9LFxuICAgICAgICAgIHJlZ2lvbnM6IHByb3BzLnJlZ2lvbnNcbiAgICAgICAgfVxuICAgICAgXVxuICAgIH0pO1xuICB9XG59XG5cbi8vIEFsdGVybmF0aXZlIGFwcHJvYWNoIHVzaW5nIENESyBQaXBlbGluZXMgZm9yIG11bHRpLXJlZ2lvbiBkZXBsb3ltZW50XG5leHBvcnQgY2xhc3MgQWx0ZXJuYXRpdmVNdWx0aVJlZ2lvbkFwcHJvYWNoIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IE11bHRpUmVnaW9uU3RhY2tTZXRQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICAvLyBGb3IgY29tcGxleCBtdWx0aS1yZWdpb24gZGVwbG95bWVudHMgd2l0aCBhc3NldHMsIGNvbnNpZGVyOlxuICAgIC8vIDEuIFVzaW5nIENESyBQaXBlbGluZXMgaW5zdGVhZCBvZiBTdGFja1NldHNcbiAgICAvLyAyLiBDcmVhdGluZyBzZXBhcmF0ZSBzdGFja3MgcGVyIHJlZ2lvbi9hY2NvdW50XG4gICAgLy8gMy4gVXNpbmcgQVdTIENvZGVQaXBlbGluZSB0byBvcmNoZXN0cmF0ZSBkZXBsb3ltZW50c1xuXG4gICAgLy8gVGhpcyBnaXZlcyB5b3UgYmV0dGVyIGNvbnRyb2wgb3ZlciBhc3NldCBoYW5kbGluZyBhbmQgZGVwbG95bWVudCBvcmRlclxuICB9XG59XG4iXX0=
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface BootstrapAccountsProps {
|
|
4
|
-
orgAccounts: string[];
|
|
5
|
-
regions: string[];
|
|
6
|
-
templateBucket: S3Bucket;
|
|
7
|
-
organisationId: string;
|
|
8
|
-
}
|
|
9
|
-
export declare class BootstrapAccountsSelfManaged extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsProps);
|
|
11
|
-
}
|
|
12
|
-
export declare const SELF_MANAGED_SETUP = "\n# In the administrator account:\naws cloudformation create-stack \\\n --stack-name StackSetAdministrationRole \\\n --template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetAdministrationRole.yml \\\n --capabilities CAPABILITY_NAMED_IAM\n\n# In each target account:\naws cloudformation create-stack \\\n --stack-name StackSetExecutionRole \\\n --template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml \\\n --parameters ParameterKey=AdministratorAccountId,ParameterValue=<ADMIN_ACCOUNT_ID> \\\n --capabilities CAPABILITY_NAMED_IAM\n";
|
|
13
|
-
export {};
|
|
@@ -1,56 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SELF_MANAGED_SETUP = exports.BootstrapAccountsSelfManaged = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
class BootstrapAccountsSelfManaged extends constructs_1.Construct {
|
|
7
|
-
constructor(scope, id, props) {
|
|
8
|
-
super(scope, id);
|
|
9
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
10
|
-
// For self-managed permissions, you need:
|
|
11
|
-
// 1. AWSCloudFormationStackSetAdministrationRole in the admin account
|
|
12
|
-
// 2. AWSCloudFormationStackSetExecutionRole in each target account
|
|
13
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
14
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
15
|
-
permissionModel: "SELF_MANAGED", // Using self-managed permissions
|
|
16
|
-
stackSetName: `CDKBootstrap-${stack.stackName}`,
|
|
17
|
-
description: "CDK Bootstrap StackSet for organization accounts",
|
|
18
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
19
|
-
templateUrl: templateURL,
|
|
20
|
-
// No autoDeployment with self-managed permissions
|
|
21
|
-
// No callAs needed with self-managed permissions
|
|
22
|
-
administrationRoleArn: `arn:aws:iam::${stack.account}:role/AWSCloudFormationStackSetAdministrationRole`,
|
|
23
|
-
executionRoleName: "AWSCloudFormationStackSetExecutionRole",
|
|
24
|
-
operationPreferences: {
|
|
25
|
-
regionConcurrencyType: "PARALLEL",
|
|
26
|
-
maxConcurrentPercentage: 100,
|
|
27
|
-
failureTolerancePercentage: 10
|
|
28
|
-
},
|
|
29
|
-
stackInstancesGroup: [
|
|
30
|
-
{
|
|
31
|
-
deploymentTargets: {
|
|
32
|
-
accounts: props.orgAccounts
|
|
33
|
-
},
|
|
34
|
-
regions: props.regions
|
|
35
|
-
}
|
|
36
|
-
]
|
|
37
|
-
});
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
exports.BootstrapAccountsSelfManaged = BootstrapAccountsSelfManaged;
|
|
41
|
-
// Script to create the required roles for self-managed permissions
|
|
42
|
-
exports.SELF_MANAGED_SETUP = `
|
|
43
|
-
# In the administrator account:
|
|
44
|
-
aws cloudformation create-stack \\
|
|
45
|
-
--stack-name StackSetAdministrationRole \\
|
|
46
|
-
--template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetAdministrationRole.yml \\
|
|
47
|
-
--capabilities CAPABILITY_NAMED_IAM
|
|
48
|
-
|
|
49
|
-
# In each target account:
|
|
50
|
-
aws cloudformation create-stack \\
|
|
51
|
-
--stack-name StackSetExecutionRole \\
|
|
52
|
-
--template-url https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml \\
|
|
53
|
-
--parameters ParameterKey=AdministratorAccountId,ParameterValue=<ADMIN_ACCOUNT_ID> \\
|
|
54
|
-
--capabilities CAPABILITY_NAMED_IAM
|
|
55
|
-
`;
|
|
56
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwU2VsZk1hbmFnZWQuZXhhbXBsZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL2Jvb3RzdHJhcFNlbGZNYW5hZ2VkLmV4YW1wbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWlEO0FBQ2pELDJDQUF1QztBQVV2QyxNQUFhLDRCQUE2QixTQUFRLHNCQUFTO0lBQ3pELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNkI7UUFDckUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU3QiwwQ0FBMEM7UUFDMUMsc0VBQXNFO1FBQ3RFLG1FQUFtRTtRQUVuRSxNQUFNLFdBQVcsR0FBRyxXQUFXLEtBQUssQ0FBQyxjQUFjLENBQUMsVUFBVSx3REFBd0QsQ0FBQztRQUV2SCxJQUFJLHlCQUFXLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRTtZQUNoQyxlQUFlLEVBQUUsY0FBYyxFQUFFLGlDQUFpQztZQUNsRSxZQUFZLEVBQUUsZ0JBQWdCLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDL0MsV0FBVyxFQUFFLGtEQUFrRDtZQUMvRCxZQUFZLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQztZQUN0QyxXQUFXLEVBQUUsV0FBVztZQUN4QixrREFBa0Q7WUFDbEQsaURBQWlEO1lBQ2pELHFCQUFxQixFQUFFLGdCQUFnQixLQUFLLENBQUMsT0FBTyxtREFBbUQ7WUFDdkcsaUJBQWlCLEVBQUUsd0NBQXdDO1lBQzNELG9CQUFvQixFQUFFO2dCQUNwQixxQkFBcUIsRUFBRSxVQUFVO2dCQUNqQyx1QkFBdUIsRUFBRSxHQUFHO2dCQUM1QiwwQkFBMEIsRUFBRSxFQUFFO2FBQy9CO1lBQ0QsbUJBQW1CLEVBQUU7Z0JBQ25CO29CQUNFLGlCQUFpQixFQUFFO3dCQUNqQixRQUFRLEVBQUUsS0FBSyxDQUFDLFdBQVc7cUJBQzVCO29CQUNELE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztpQkFDdkI7YUFDRjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQXJDRCxvRUFxQ0M7QUFFRCxtRUFBbUU7QUFDdEQsUUFBQSxrQkFBa0IsR0FBRzs7Ozs7Ozs7Ozs7OztDQWFqQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU3RhY2ssIENmblN0YWNrU2V0IH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgUzNCdWNrZXQgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzXCI7XG5cbmludGVyZmFjZSBCb290c3RyYXBBY2NvdW50c1Byb3BzIHtcbiAgb3JnQWNjb3VudHM6IHN0cmluZ1tdO1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgQm9vdHN0cmFwQWNjb3VudHNTZWxmTWFuYWdlZCBleHRlbmRzIENvbnN0cnVjdCB7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBCb290c3RyYXBBY2NvdW50c1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHN0YWNrID0gU3RhY2sub2YodGhpcyk7XG5cbiAgICAvLyBGb3Igc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zLCB5b3UgbmVlZDpcbiAgICAvLyAxLiBBV1NDbG91ZEZvcm1hdGlvblN0YWNrU2V0QWRtaW5pc3RyYXRpb25Sb2xlIGluIHRoZSBhZG1pbiBhY2NvdW50XG4gICAgLy8gMi4gQVdTQ2xvdWRGb3JtYXRpb25TdGFja1NldEV4ZWN1dGlvblJvbGUgaW4gZWFjaCB0YXJnZXQgYWNjb3VudFxuXG4gICAgY29uc3QgdGVtcGxhdGVVUkwgPSBgaHR0cHM6Ly8ke3Byb3BzLnRlbXBsYXRlQnVja2V0LmJ1Y2tldE5hbWV9LnMzLmFtYXpvbmF3cy5jb20vYm9vdHN0cmFwL2Nkay1ib290c3RyYXAudGVtcGxhdGUueW1sYDtcblxuICAgIG5ldyBDZm5TdGFja1NldCh0aGlzLCBcIlN0YWNrU2V0XCIsIHtcbiAgICAgIHBlcm1pc3Npb25Nb2RlbDogXCJTRUxGX01BTkFHRURcIiwgLy8gVXNpbmcgc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG4gICAgICBzdGFja1NldE5hbWU6IGBDREtCb290c3RyYXAtJHtzdGFjay5zdGFja05hbWV9YCxcbiAgICAgIGRlc2NyaXB0aW9uOiBcIkNESyBCb290c3RyYXAgU3RhY2tTZXQgZm9yIG9yZ2FuaXphdGlvbiBhY2NvdW50c1wiLFxuICAgICAgY2FwYWJpbGl0aWVzOiBbXCJDQVBBQklMSVRZX05BTUVEX0lBTVwiXSxcbiAgICAgIHRlbXBsYXRlVXJsOiB0ZW1wbGF0ZVVSTCxcbiAgICAgIC8vIE5vIGF1dG9EZXBsb3ltZW50IHdpdGggc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG4gICAgICAvLyBObyBjYWxsQXMgbmVlZGVkIHdpdGggc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG4gICAgICBhZG1pbmlzdHJhdGlvblJvbGVBcm46IGBhcm46YXdzOmlhbTo6JHtzdGFjay5hY2NvdW50fTpyb2xlL0FXU0Nsb3VkRm9ybWF0aW9uU3RhY2tTZXRBZG1pbmlzdHJhdGlvblJvbGVgLFxuICAgICAgZXhlY3V0aW9uUm9sZU5hbWU6IFwiQVdTQ2xvdWRGb3JtYXRpb25TdGFja1NldEV4ZWN1dGlvblJvbGVcIixcbiAgICAgIG9wZXJhdGlvblByZWZlcmVuY2VzOiB7XG4gICAgICAgIHJlZ2lvbkNvbmN1cnJlbmN5VHlwZTogXCJQQVJBTExFTFwiLFxuICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICBmYWlsdXJlVG9sZXJhbmNlUGVyY2VudGFnZTogMTBcbiAgICAgIH0sXG4gICAgICBzdGFja0luc3RhbmNlc0dyb3VwOiBbXG4gICAgICAgIHtcbiAgICAgICAgICBkZXBsb3ltZW50VGFyZ2V0czoge1xuICAgICAgICAgICAgYWNjb3VudHM6IHByb3BzLm9yZ0FjY291bnRzXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZWdpb25zOiBwcm9wcy5yZWdpb25zXG4gICAgICAgIH1cbiAgICAgIF1cbiAgICB9KTtcbiAgfVxufVxuXG4vLyBTY3JpcHQgdG8gY3JlYXRlIHRoZSByZXF1aXJlZCByb2xlcyBmb3Igc2VsZi1tYW5hZ2VkIHBlcm1pc3Npb25zXG5leHBvcnQgY29uc3QgU0VMRl9NQU5BR0VEX1NFVFVQID0gYFxuIyBJbiB0aGUgYWRtaW5pc3RyYXRvciBhY2NvdW50OlxuYXdzIGNsb3VkZm9ybWF0aW9uIGNyZWF0ZS1zdGFjayBcXFxcXG4gIC0tc3RhY2stbmFtZSBTdGFja1NldEFkbWluaXN0cmF0aW9uUm9sZSBcXFxcXG4gIC0tdGVtcGxhdGUtdXJsIGh0dHBzOi8vczMuYW1hem9uYXdzLmNvbS9jbG91ZGZvcm1hdGlvbi1zdGFja3NldC1zYW1wbGUtdGVtcGxhdGVzLXVzLWVhc3QtMS9BV1NDbG91ZEZvcm1hdGlvblN0YWNrU2V0QWRtaW5pc3RyYXRpb25Sb2xlLnltbCBcXFxcXG4gIC0tY2FwYWJpbGl0aWVzIENBUEFCSUxJVFlfTkFNRURfSUFNXG5cbiMgSW4gZWFjaCB0YXJnZXQgYWNjb3VudDpcbmF3cyBjbG91ZGZvcm1hdGlvbiBjcmVhdGUtc3RhY2sgXFxcXFxuICAtLXN0YWNrLW5hbWUgU3RhY2tTZXRFeGVjdXRpb25Sb2xlIFxcXFxcbiAgLS10ZW1wbGF0ZS11cmwgaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2Nsb3VkZm9ybWF0aW9uLXN0YWNrc2V0LXNhbXBsZS10ZW1wbGF0ZXMtdXMtZWFzdC0xL0FXU0Nsb3VkRm9ybWF0aW9uU3RhY2tTZXRFeGVjdXRpb25Sb2xlLnltbCBcXFxcXG4gIC0tcGFyYW1ldGVycyBQYXJhbWV0ZXJLZXk9QWRtaW5pc3RyYXRvckFjY291bnRJZCxQYXJhbWV0ZXJWYWx1ZT08QURNSU5fQUNDT1VOVF9JRD4gXFxcXFxuICAtLWNhcGFiaWxpdGllcyBDQVBBQklMSVRZX05BTUVEX0lBTVxuYDtcbiJdfQ==
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface DeployManagedAccountsProps {
|
|
4
|
-
regions: string[];
|
|
5
|
-
templateBucket: S3Bucket;
|
|
6
|
-
organisationId: string;
|
|
7
|
-
organizationalUnitIds: string[];
|
|
8
|
-
}
|
|
9
|
-
/**
|
|
10
|
-
* Deploys the ManagedAccount stack to all accounts in the specified organizational units
|
|
11
|
-
* using AWS CloudFormation StackSets.
|
|
12
|
-
*/
|
|
13
|
-
export declare class DeployManagedAccounts extends Construct {
|
|
14
|
-
constructor(scope: Construct, id: string, props: DeployManagedAccountsProps);
|
|
15
|
-
}
|
|
16
|
-
export {};
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DeployManagedAccounts = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
7
|
-
const path = require("path");
|
|
8
|
-
const managedAccountStackSet_1 = require("../../patterns/aws/managedAccountStackSet");
|
|
9
|
-
/**
|
|
10
|
-
* Deploys the ManagedAccount stack to all accounts in the specified organizational units
|
|
11
|
-
* using AWS CloudFormation StackSets.
|
|
12
|
-
*/
|
|
13
|
-
class DeployManagedAccounts extends constructs_1.Construct {
|
|
14
|
-
constructor(scope, id, props) {
|
|
15
|
-
super(scope, id);
|
|
16
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
17
|
-
// Create a temporary app to synthesize the ManagedAccount template
|
|
18
|
-
const tempApp = new aws_cdk_lib_1.App();
|
|
19
|
-
const managedAccountStack = new managedAccountStackSet_1.ManagedAccountStackSet(tempApp, "ManagedAccountTemplate");
|
|
20
|
-
const assembly = tempApp.synth();
|
|
21
|
-
// Get the synthesized template
|
|
22
|
-
const templateArtifact = assembly.getStackArtifact(managedAccountStack.artifactId);
|
|
23
|
-
const templatePath = templateArtifact.templateFullPath;
|
|
24
|
-
// Deploy the template to the S3 bucket
|
|
25
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployManagedAccountTemplate", {
|
|
26
|
-
sources: [aws_s3_deployment_1.Source.asset(path.dirname(templatePath))],
|
|
27
|
-
destinationBucket: props.templateBucket,
|
|
28
|
-
destinationKeyPrefix: "managed-account",
|
|
29
|
-
retainOnDelete: false
|
|
30
|
-
});
|
|
31
|
-
// Use region-agnostic S3 URL format
|
|
32
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/managed-account/${path.basename(templatePath)}`;
|
|
33
|
-
new aws_cdk_lib_1.CfnStackSet(this, "ManagedAccountStackSet", {
|
|
34
|
-
permissionModel: "SERVICE_MANAGED",
|
|
35
|
-
stackSetName: `ManagedAccount-${stack.stackName}`,
|
|
36
|
-
description: "ManagedAccount StackSet for organization accounts",
|
|
37
|
-
capabilities: [
|
|
38
|
-
"CAPABILITY_IAM",
|
|
39
|
-
"CAPABILITY_NAMED_IAM",
|
|
40
|
-
"CAPABILITY_AUTO_EXPAND"
|
|
41
|
-
],
|
|
42
|
-
templateUrl: templateURL,
|
|
43
|
-
autoDeployment: {
|
|
44
|
-
enabled: true,
|
|
45
|
-
retainStacksOnAccountRemoval: false
|
|
46
|
-
},
|
|
47
|
-
callAs: "DELEGATED_ADMIN",
|
|
48
|
-
operationPreferences: {
|
|
49
|
-
regionConcurrencyType: "PARALLEL",
|
|
50
|
-
maxConcurrentPercentage: 100,
|
|
51
|
-
failureTolerancePercentage: 10
|
|
52
|
-
},
|
|
53
|
-
stackInstancesGroup: [
|
|
54
|
-
{
|
|
55
|
-
deploymentTargets: {
|
|
56
|
-
organizationalUnitIds: props.organizationalUnitIds
|
|
57
|
-
},
|
|
58
|
-
regions: props.regions,
|
|
59
|
-
parameterOverrides: [
|
|
60
|
-
{
|
|
61
|
-
parameterKey: "AccountId",
|
|
62
|
-
parameterValue: "{{account}}"
|
|
63
|
-
},
|
|
64
|
-
{
|
|
65
|
-
parameterKey: "Region",
|
|
66
|
-
parameterValue: "{{region}}"
|
|
67
|
-
}
|
|
68
|
-
]
|
|
69
|
-
}
|
|
70
|
-
]
|
|
71
|
-
});
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
|
-
exports.DeployManagedAccounts = DeployManagedAccounts;
|
|
75
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWFuYWdlZEFjY291bnRTdGFja1NldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9jb25maWcvYXdzL21hbmFnZWRBY2NvdW50U3RhY2tTZXQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQXNEO0FBQ3RELDJDQUF1QztBQUV2QyxxRUFBeUU7QUFDekUsNkJBQTZCO0FBQzdCLHNGQUE2RztBQVM3Rzs7O0dBR0c7QUFDSCxNQUFhLHFCQUFzQixTQUFRLHNCQUFTO0lBQ2xELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBaUM7UUFDekUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU3QixtRUFBbUU7UUFDbkUsTUFBTSxPQUFPLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7UUFDMUIsTUFBTSxtQkFBbUIsR0FBRyxJQUFJLCtDQUFzQixDQUNwRCxPQUFPLEVBQ1Asd0JBQXdCLENBQ3pCLENBQUM7UUFDRixNQUFNLFFBQVEsR0FBRyxPQUFPLENBQUMsS0FBSyxFQUFFLENBQUM7UUFFakMsK0JBQStCO1FBQy9CLE1BQU0sZ0JBQWdCLEdBQUcsUUFBUSxDQUFDLGdCQUFnQixDQUNoRCxtQkFBbUIsQ0FBQyxVQUFVLENBQy9CLENBQUM7UUFDRixNQUFNLFlBQVksR0FBRyxnQkFBZ0IsQ0FBQyxnQkFBZ0IsQ0FBQztRQUV2RCx1Q0FBdUM7UUFDdkMsSUFBSSxvQ0FBZ0IsQ0FBQyxJQUFJLEVBQUUsOEJBQThCLEVBQUU7WUFDekQsT0FBTyxFQUFFLENBQUMsMEJBQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDO1lBQ25ELGlCQUFpQixFQUFFLEtBQUssQ0FBQyxjQUFjO1lBQ3ZDLG9CQUFvQixFQUFFLGlCQUFpQjtZQUN2QyxjQUFjLEVBQUUsS0FBSztTQUN0QixDQUFDLENBQUM7UUFFSCxvQ0FBb0M7UUFDcEMsTUFBTSxXQUFXLEdBQUcsV0FDbEIsS0FBSyxDQUFDLGNBQWMsQ0FBQyxVQUN2QixxQ0FBcUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1FBRW5FLElBQUkseUJBQVcsQ0FBQyxJQUFJLEVBQUUsd0JBQXdCLEVBQUU7WUFDOUMsZUFBZSxFQUFFLGlCQUFpQjtZQUNsQyxZQUFZLEVBQUUsa0JBQWtCLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDakQsV0FBVyxFQUFFLG1EQUFtRDtZQUNoRSxZQUFZLEVBQUU7Z0JBQ1osZ0JBQWdCO2dCQUNoQixzQkFBc0I7Z0JBQ3RCLHdCQUF3QjthQUN6QjtZQUNELFdBQVcsRUFBRSxXQUFXO1lBQ3hCLGNBQWMsRUFBRTtnQkFDZCxPQUFPLEVBQUUsSUFBSTtnQkFDYiw0QkFBNEIsRUFBRSxLQUFLO2FBQ3BDO1lBQ0QsTUFBTSxFQUFFLGlCQUFpQjtZQUN6QixvQkFBb0IsRUFBRTtnQkFDcEIscUJBQXFCLEVBQUUsVUFBVTtnQkFDakMsdUJBQXVCLEVBQUUsR0FBRztnQkFDNUIsMEJBQTBCLEVBQUUsRUFBRTthQUMvQjtZQUNELG1CQUFtQixFQUFFO2dCQUNuQjtvQkFDRSxpQkFBaUIsRUFBRTt3QkFDakIscUJBQXFCLEVBQUUsS0FBSyxDQUFDLHFCQUFxQjtxQkFDbkQ7b0JBQ0QsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO29CQUN0QixrQkFBa0IsRUFBRTt3QkFDbEI7NEJBQ0UsWUFBWSxFQUFFLFdBQVc7NEJBQ3pCLGNBQWMsRUFBRSxhQUFhO3lCQUM5Qjt3QkFDRDs0QkFDRSxZQUFZLEVBQUUsUUFBUTs0QkFDdEIsY0FBYyxFQUFFLFlBQVk7eUJBQzdCO3FCQUNGO2lCQUNGO2FBQ0Y7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUF6RUQsc0RBeUVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU3RhY2ssIENmblN0YWNrU2V0LCBBcHAgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBTM0J1Y2tldCB9IGZyb20gXCIuLi8uLi9yZXNvdXJjZXNcIjtcbmltcG9ydCB7IEJ1Y2tldERlcGxveW1lbnQsIFNvdXJjZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczMtZGVwbG95bWVudFwiO1xuaW1wb3J0ICogYXMgcGF0aCBmcm9tIFwicGF0aFwiO1xuaW1wb3J0IHsgTWFuYWdlZEFjY291bnRTdGFja1NldCBhcyBNYW5hZ2VkQWNjb3VudFRlbXBsYXRlIH0gZnJvbSBcIi4uLy4uL3BhdHRlcm5zL2F3cy9tYW5hZ2VkQWNjb3VudFN0YWNrU2V0XCI7XG5cbmludGVyZmFjZSBEZXBsb3lNYW5hZ2VkQWNjb3VudHNQcm9wcyB7XG4gIHJlZ2lvbnM6IHN0cmluZ1tdO1xuICB0ZW1wbGF0ZUJ1Y2tldDogUzNCdWNrZXQ7XG4gIG9yZ2FuaXNhdGlvbklkOiBzdHJpbmc7XG4gIG9yZ2FuaXphdGlvbmFsVW5pdElkczogc3RyaW5nW107XG59XG5cbi8qKlxuICogRGVwbG95cyB0aGUgTWFuYWdlZEFjY291bnQgc3RhY2sgdG8gYWxsIGFjY291bnRzIGluIHRoZSBzcGVjaWZpZWQgb3JnYW5pemF0aW9uYWwgdW5pdHNcbiAqIHVzaW5nIEFXUyBDbG91ZEZvcm1hdGlvbiBTdGFja1NldHMuXG4gKi9cbmV4cG9ydCBjbGFzcyBEZXBsb3lNYW5hZ2VkQWNjb3VudHMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogRGVwbG95TWFuYWdlZEFjY291bnRzUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgY29uc3Qgc3RhY2sgPSBTdGFjay5vZih0aGlzKTtcblxuICAgIC8vIENyZWF0ZSBhIHRlbXBvcmFyeSBhcHAgdG8gc3ludGhlc2l6ZSB0aGUgTWFuYWdlZEFjY291bnQgdGVtcGxhdGVcbiAgICBjb25zdCB0ZW1wQXBwID0gbmV3IEFwcCgpO1xuICAgIGNvbnN0IG1hbmFnZWRBY2NvdW50U3RhY2sgPSBuZXcgTWFuYWdlZEFjY291bnRUZW1wbGF0ZShcbiAgICAgIHRlbXBBcHAsXG4gICAgICBcIk1hbmFnZWRBY2NvdW50VGVtcGxhdGVcIlxuICAgICk7XG4gICAgY29uc3QgYXNzZW1ibHkgPSB0ZW1wQXBwLnN5bnRoKCk7XG5cbiAgICAvLyBHZXQgdGhlIHN5bnRoZXNpemVkIHRlbXBsYXRlXG4gICAgY29uc3QgdGVtcGxhdGVBcnRpZmFjdCA9IGFzc2VtYmx5LmdldFN0YWNrQXJ0aWZhY3QoXG4gICAgICBtYW5hZ2VkQWNjb3VudFN0YWNrLmFydGlmYWN0SWRcbiAgICApO1xuICAgIGNvbnN0IHRlbXBsYXRlUGF0aCA9IHRlbXBsYXRlQXJ0aWZhY3QudGVtcGxhdGVGdWxsUGF0aDtcblxuICAgIC8vIERlcGxveSB0aGUgdGVtcGxhdGUgdG8gdGhlIFMzIGJ1Y2tldFxuICAgIG5ldyBCdWNrZXREZXBsb3ltZW50KHRoaXMsIFwiRGVwbG95TWFuYWdlZEFjY291bnRUZW1wbGF0ZVwiLCB7XG4gICAgICBzb3VyY2VzOiBbU291cmNlLmFzc2V0KHBhdGguZGlybmFtZSh0ZW1wbGF0ZVBhdGgpKV0sXG4gICAgICBkZXN0aW5hdGlvbkJ1Y2tldDogcHJvcHMudGVtcGxhdGVCdWNrZXQsXG4gICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJtYW5hZ2VkLWFjY291bnRcIixcbiAgICAgIHJldGFpbk9uRGVsZXRlOiBmYWxzZVxuICAgIH0pO1xuXG4gICAgLy8gVXNlIHJlZ2lvbi1hZ25vc3RpYyBTMyBVUkwgZm9ybWF0XG4gICAgY29uc3QgdGVtcGxhdGVVUkwgPSBgaHR0cHM6Ly8ke1xuICAgICAgcHJvcHMudGVtcGxhdGVCdWNrZXQuYnVja2V0TmFtZVxuICAgIH0uczMuYW1hem9uYXdzLmNvbS9tYW5hZ2VkLWFjY291bnQvJHtwYXRoLmJhc2VuYW1lKHRlbXBsYXRlUGF0aCl9YDtcblxuICAgIG5ldyBDZm5TdGFja1NldCh0aGlzLCBcIk1hbmFnZWRBY2NvdW50U3RhY2tTZXRcIiwge1xuICAgICAgcGVybWlzc2lvbk1vZGVsOiBcIlNFUlZJQ0VfTUFOQUdFRFwiLFxuICAgICAgc3RhY2tTZXROYW1lOiBgTWFuYWdlZEFjY291bnQtJHtzdGFjay5zdGFja05hbWV9YCxcbiAgICAgIGRlc2NyaXB0aW9uOiBcIk1hbmFnZWRBY2NvdW50IFN0YWNrU2V0IGZvciBvcmdhbml6YXRpb24gYWNjb3VudHNcIixcbiAgICAgIGNhcGFiaWxpdGllczogW1xuICAgICAgICBcIkNBUEFCSUxJVFlfSUFNXCIsXG4gICAgICAgIFwiQ0FQQUJJTElUWV9OQU1FRF9JQU1cIixcbiAgICAgICAgXCJDQVBBQklMSVRZX0FVVE9fRVhQQU5EXCJcbiAgICAgIF0sXG4gICAgICB0ZW1wbGF0ZVVybDogdGVtcGxhdGVVUkwsXG4gICAgICBhdXRvRGVwbG95bWVudDoge1xuICAgICAgICBlbmFibGVkOiB0cnVlLFxuICAgICAgICByZXRhaW5TdGFja3NPbkFjY291bnRSZW1vdmFsOiBmYWxzZVxuICAgICAgfSxcbiAgICAgIGNhbGxBczogXCJERUxFR0FURURfQURNSU5cIixcbiAgICAgIG9wZXJhdGlvblByZWZlcmVuY2VzOiB7XG4gICAgICAgIHJlZ2lvbkNvbmN1cnJlbmN5VHlwZTogXCJQQVJBTExFTFwiLFxuICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICBmYWlsdXJlVG9sZXJhbmNlUGVyY2VudGFnZTogMTBcbiAgICAgIH0sXG4gICAgICBzdGFja0luc3RhbmNlc0dyb3VwOiBbXG4gICAgICAgIHtcbiAgICAgICAgICBkZXBsb3ltZW50VGFyZ2V0czoge1xuICAgICAgICAgICAgb3JnYW5pemF0aW9uYWxVbml0SWRzOiBwcm9wcy5vcmdhbml6YXRpb25hbFVuaXRJZHNcbiAgICAgICAgICB9LFxuICAgICAgICAgIHJlZ2lvbnM6IHByb3BzLnJlZ2lvbnMsXG4gICAgICAgICAgcGFyYW1ldGVyT3ZlcnJpZGVzOiBbXG4gICAgICAgICAgICB7XG4gICAgICAgICAgICAgIHBhcmFtZXRlcktleTogXCJBY2NvdW50SWRcIixcbiAgICAgICAgICAgICAgcGFyYW1ldGVyVmFsdWU6IFwie3thY2NvdW50fX1cIlxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgcGFyYW1ldGVyS2V5OiBcIlJlZ2lvblwiLFxuICAgICAgICAgICAgICBwYXJhbWV0ZXJWYWx1ZTogXCJ7e3JlZ2lvbn19XCJcbiAgICAgICAgICAgIH1cbiAgICAgICAgICBdXG4gICAgICAgIH1cbiAgICAgIF1cbiAgICB9KTtcbiAgfVxufVxuIl19
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface DeployManagedPlatformProps {
|
|
4
|
-
regions: string[];
|
|
5
|
-
templateBucket: S3Bucket;
|
|
6
|
-
organisationId: string;
|
|
7
|
-
platformAccountId: string;
|
|
8
|
-
orgAccounts: string[];
|
|
9
|
-
}
|
|
10
|
-
/**
|
|
11
|
-
* Deploys the ManagedPlatform stack to the platform account only
|
|
12
|
-
* using AWS CloudFormation StackSets.
|
|
13
|
-
*
|
|
14
|
-
* Unlike ManagedAccount which deploys to all accounts, ManagedPlatform
|
|
15
|
-
* is only deployed to the designated platform account as it manages
|
|
16
|
-
* organization-wide resources like IPAM.
|
|
17
|
-
*
|
|
18
|
-
* Note: IPAM pools for individual accounts need to be created separately
|
|
19
|
-
* as they require concrete account names at synthesis time.
|
|
20
|
-
*/
|
|
21
|
-
export declare class DeployManagedPlatform extends Construct {
|
|
22
|
-
constructor(scope: Construct, id: string, props: DeployManagedPlatformProps);
|
|
23
|
-
}
|
|
24
|
-
export {};
|
|
@@ -1,101 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DeployManagedPlatform = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
7
|
-
const path = require("path");
|
|
8
|
-
const fs = require("fs");
|
|
9
|
-
const os = require("os");
|
|
10
|
-
const managedPlatformStackSet_1 = require("../../patterns/aws/managedPlatformStackSet");
|
|
11
|
-
/**
|
|
12
|
-
* Deploys the ManagedPlatform stack to the platform account only
|
|
13
|
-
* using AWS CloudFormation StackSets.
|
|
14
|
-
*
|
|
15
|
-
* Unlike ManagedAccount which deploys to all accounts, ManagedPlatform
|
|
16
|
-
* is only deployed to the designated platform account as it manages
|
|
17
|
-
* organization-wide resources like IPAM.
|
|
18
|
-
*
|
|
19
|
-
* Note: IPAM pools for individual accounts need to be created separately
|
|
20
|
-
* as they require concrete account names at synthesis time.
|
|
21
|
-
*/
|
|
22
|
-
class DeployManagedPlatform extends constructs_1.Construct {
|
|
23
|
-
constructor(scope, id, props) {
|
|
24
|
-
super(scope, id);
|
|
25
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
26
|
-
let tmpDir;
|
|
27
|
-
try {
|
|
28
|
-
// Create a temporary app to synthesize the ManagedPlatform template
|
|
29
|
-
const tempApp = new aws_cdk_lib_1.App({
|
|
30
|
-
outdir: path.join(os.tmpdir(), `cdk-out-${Date.now()}`)
|
|
31
|
-
});
|
|
32
|
-
const managedPlatformStack = new managedPlatformStackSet_1.ManagedPlatformStackSet(tempApp, "ManagedPlatformTemplate");
|
|
33
|
-
const assembly = tempApp.synth();
|
|
34
|
-
// Get the synthesized template
|
|
35
|
-
const templateArtifact = assembly.getStackArtifact(managedPlatformStack.artifactId);
|
|
36
|
-
const templatePath = templateArtifact.templateFullPath;
|
|
37
|
-
// Create a temporary directory with just the template file
|
|
38
|
-
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "managed-platform-"));
|
|
39
|
-
const templateFileName = "ManagedPlatformTemplate.template.json";
|
|
40
|
-
const destPath = path.join(tmpDir, templateFileName);
|
|
41
|
-
// Copy only the template file
|
|
42
|
-
fs.copyFileSync(templatePath, destPath);
|
|
43
|
-
// Deploy the template to the S3 bucket
|
|
44
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployManagedPlatformTemplate", {
|
|
45
|
-
sources: [aws_s3_deployment_1.Source.asset(tmpDir)],
|
|
46
|
-
destinationBucket: props.templateBucket,
|
|
47
|
-
destinationKeyPrefix: "managed-platform",
|
|
48
|
-
retainOnDelete: false
|
|
49
|
-
});
|
|
50
|
-
// Use region-agnostic S3 URL format
|
|
51
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/managed-platform/${templateFileName}`;
|
|
52
|
-
new aws_cdk_lib_1.CfnStackSet(this, "ManagedPlatformStackSet", {
|
|
53
|
-
permissionModel: "SERVICE_MANAGED",
|
|
54
|
-
stackSetName: `ManagedPlatform-${stack.stackName}`,
|
|
55
|
-
description: "ManagedPlatform StackSet for the platform account (IPAM infrastructure only)",
|
|
56
|
-
capabilities: [
|
|
57
|
-
"CAPABILITY_IAM",
|
|
58
|
-
"CAPABILITY_NAMED_IAM",
|
|
59
|
-
"CAPABILITY_AUTO_EXPAND"
|
|
60
|
-
],
|
|
61
|
-
templateUrl: templateURL,
|
|
62
|
-
autoDeployment: {
|
|
63
|
-
enabled: false, // Platform account is specific, not auto-deployed
|
|
64
|
-
retainStacksOnAccountRemoval: true
|
|
65
|
-
},
|
|
66
|
-
callAs: "DELEGATED_ADMIN",
|
|
67
|
-
operationPreferences: {
|
|
68
|
-
regionConcurrencyType: "PARALLEL",
|
|
69
|
-
maxConcurrentPercentage: 100,
|
|
70
|
-
failureTolerancePercentage: 0 // No tolerance as it's a single account
|
|
71
|
-
},
|
|
72
|
-
stackInstancesGroup: [
|
|
73
|
-
{
|
|
74
|
-
deploymentTargets: {
|
|
75
|
-
accounts: [props.platformAccountId] // Deploy only to platform account
|
|
76
|
-
},
|
|
77
|
-
regions: props.regions,
|
|
78
|
-
parameterOverrides: [
|
|
79
|
-
{
|
|
80
|
-
parameterKey: "AccountId",
|
|
81
|
-
parameterValue: props.platformAccountId
|
|
82
|
-
},
|
|
83
|
-
{
|
|
84
|
-
parameterKey: "Region",
|
|
85
|
-
parameterValue: props.regions[0] // Primary region for IPAM
|
|
86
|
-
}
|
|
87
|
-
]
|
|
88
|
-
}
|
|
89
|
-
]
|
|
90
|
-
});
|
|
91
|
-
}
|
|
92
|
-
finally {
|
|
93
|
-
// Clean up temporary directory
|
|
94
|
-
if (tmpDir && fs.existsSync(tmpDir)) {
|
|
95
|
-
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
96
|
-
}
|
|
97
|
-
}
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
|
-
exports.DeployManagedPlatform = DeployManagedPlatform;
|
|
101
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWFuYWdlZFBsYXRmb3JtU3RhY2tTZXQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9tYW5hZ2VkUGxhdGZvcm1TdGFja1NldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBc0Q7QUFDdEQsMkNBQXVDO0FBRXZDLHFFQUF5RTtBQUN6RSw2QkFBNkI7QUFDN0IseUJBQXlCO0FBQ3pCLHlCQUF5QjtBQUN6Qix3RkFBZ0g7QUFVaEg7Ozs7Ozs7Ozs7R0FVRztBQUNILE1BQWEscUJBQXNCLFNBQVEsc0JBQVM7SUFDbEQsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFpQztRQUN6RSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLE1BQU0sS0FBSyxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzdCLElBQUksTUFBMEIsQ0FBQztRQUUvQixJQUFJLENBQUM7WUFDSCxvRUFBb0U7WUFDcEUsTUFBTSxPQUFPLEdBQUcsSUFBSSxpQkFBRyxDQUFDO2dCQUN0QixNQUFNLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsV0FBVyxJQUFJLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQzthQUN4RCxDQUFDLENBQUM7WUFFSCxNQUFNLG9CQUFvQixHQUFHLElBQUksaURBQXVCLENBQ3RELE9BQU8sRUFDUCx5QkFBeUIsQ0FDMUIsQ0FBQztZQUVGLE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUVqQywrQkFBK0I7WUFDL0IsTUFBTSxnQkFBZ0IsR0FBRyxRQUFRLENBQUMsZ0JBQWdCLENBQ2hELG9CQUFvQixDQUFDLFVBQVUsQ0FDaEMsQ0FBQztZQUNGLE1BQU0sWUFBWSxHQUFHLGdCQUFnQixDQUFDLGdCQUFnQixDQUFDO1lBRXZELDJEQUEyRDtZQUMzRCxNQUFNLEdBQUcsRUFBRSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsRUFBRSxtQkFBbUIsQ0FBQyxDQUFDLENBQUM7WUFDckUsTUFBTSxnQkFBZ0IsR0FBRyx1Q0FBdUMsQ0FBQztZQUNqRSxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO1lBRXJELDhCQUE4QjtZQUM5QixFQUFFLENBQUMsWUFBWSxDQUFDLFlBQVksRUFBRSxRQUFRLENBQUMsQ0FBQztZQUV4Qyx1Q0FBdUM7WUFDdkMsSUFBSSxvQ0FBZ0IsQ0FBQyxJQUFJLEVBQUUsK0JBQStCLEVBQUU7Z0JBQzFELE9BQU8sRUFBRSxDQUFDLDBCQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUMvQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsY0FBYztnQkFDdkMsb0JBQW9CLEVBQUUsa0JBQWtCO2dCQUN4QyxjQUFjLEVBQUUsS0FBSzthQUN0QixDQUFDLENBQUM7WUFFSCxvQ0FBb0M7WUFDcEMsTUFBTSxXQUFXLEdBQUcsV0FBVyxLQUFLLENBQUMsY0FBYyxDQUFDLFVBQVUsc0NBQXNDLGdCQUFnQixFQUFFLENBQUM7WUFFdkgsSUFBSSx5QkFBVyxDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtnQkFDL0MsZUFBZSxFQUFFLGlCQUFpQjtnQkFDbEMsWUFBWSxFQUFFLG1CQUFtQixLQUFLLENBQUMsU0FBUyxFQUFFO2dCQUNsRCxXQUFXLEVBQ1QsOEVBQThFO2dCQUNoRixZQUFZLEVBQUU7b0JBQ1osZ0JBQWdCO29CQUNoQixzQkFBc0I7b0JBQ3RCLHdCQUF3QjtpQkFDekI7Z0JBQ0QsV0FBVyxFQUFFLFdBQVc7Z0JBQ3hCLGNBQWMsRUFBRTtvQkFDZCxPQUFPLEVBQUUsS0FBSyxFQUFFLGtEQUFrRDtvQkFDbEUsNEJBQTRCLEVBQUUsSUFBSTtpQkFDbkM7Z0JBQ0QsTUFBTSxFQUFFLGlCQUFpQjtnQkFDekIsb0JBQW9CLEVBQUU7b0JBQ3BCLHFCQUFxQixFQUFFLFVBQVU7b0JBQ2pDLHVCQUF1QixFQUFFLEdBQUc7b0JBQzVCLDBCQUEwQixFQUFFLENBQUMsQ0FBQyx3Q0FBd0M7aUJBQ3ZFO2dCQUNELG1CQUFtQixFQUFFO29CQUNuQjt3QkFDRSxpQkFBaUIsRUFBRTs0QkFDakIsUUFBUSxFQUFFLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLENBQUMsa0NBQWtDO3lCQUN2RTt3QkFDRCxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87d0JBQ3RCLGtCQUFrQixFQUFFOzRCQUNsQjtnQ0FDRSxZQUFZLEVBQUUsV0FBVztnQ0FDekIsY0FBYyxFQUFFLEtBQUssQ0FBQyxpQkFBaUI7NkJBQ3hDOzRCQUNEO2dDQUNFLFlBQVksRUFBRSxRQUFRO2dDQUN0QixjQUFjLEVBQUUsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQywwQkFBMEI7NkJBQzVEO3lCQUNGO3FCQUNGO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztnQkFBUyxDQUFDO1lBQ1QsK0JBQStCO1lBQy9CLElBQUksTUFBTSxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDcEMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3RELENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBNUZELHNEQTRGQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFN0YWNrLCBDZm5TdGFja1NldCwgQXBwIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgUzNCdWNrZXQgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzXCI7XG5pbXBvcnQgeyBCdWNrZXREZXBsb3ltZW50LCBTb3VyY2UgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzLWRlcGxveW1lbnRcIjtcbmltcG9ydCAqIGFzIHBhdGggZnJvbSBcInBhdGhcIjtcbmltcG9ydCAqIGFzIGZzIGZyb20gXCJmc1wiO1xuaW1wb3J0ICogYXMgb3MgZnJvbSBcIm9zXCI7XG5pbXBvcnQgeyBNYW5hZ2VkUGxhdGZvcm1TdGFja1NldCBhcyBNYW5hZ2VkUGxhdGZvcm1UZW1wbGF0ZSB9IGZyb20gXCIuLi8uLi9wYXR0ZXJucy9hd3MvbWFuYWdlZFBsYXRmb3JtU3RhY2tTZXRcIjtcblxuaW50ZXJmYWNlIERlcGxveU1hbmFnZWRQbGF0Zm9ybVByb3BzIHtcbiAgcmVnaW9uczogc3RyaW5nW107XG4gIHRlbXBsYXRlQnVja2V0OiBTM0J1Y2tldDtcbiAgb3JnYW5pc2F0aW9uSWQ6IHN0cmluZztcbiAgcGxhdGZvcm1BY2NvdW50SWQ6IHN0cmluZztcbiAgb3JnQWNjb3VudHM6IHN0cmluZ1tdO1xufVxuXG4vKipcbiAqIERlcGxveXMgdGhlIE1hbmFnZWRQbGF0Zm9ybSBzdGFjayB0byB0aGUgcGxhdGZvcm0gYWNjb3VudCBvbmx5XG4gKiB1c2luZyBBV1MgQ2xvdWRGb3JtYXRpb24gU3RhY2tTZXRzLlxuICpcbiAqIFVubGlrZSBNYW5hZ2VkQWNjb3VudCB3aGljaCBkZXBsb3lzIHRvIGFsbCBhY2NvdW50cywgTWFuYWdlZFBsYXRmb3JtXG4gKiBpcyBvbmx5IGRlcGxveWVkIHRvIHRoZSBkZXNpZ25hdGVkIHBsYXRmb3JtIGFjY291bnQgYXMgaXQgbWFuYWdlc1xuICogb3JnYW5pemF0aW9uLXdpZGUgcmVzb3VyY2VzIGxpa2UgSVBBTS5cbiAqXG4gKiBOb3RlOiBJUEFNIHBvb2xzIGZvciBpbmRpdmlkdWFsIGFjY291bnRzIG5lZWQgdG8gYmUgY3JlYXRlZCBzZXBhcmF0ZWx5XG4gKiBhcyB0aGV5IHJlcXVpcmUgY29uY3JldGUgYWNjb3VudCBuYW1lcyBhdCBzeW50aGVzaXMgdGltZS5cbiAqL1xuZXhwb3J0IGNsYXNzIERlcGxveU1hbmFnZWRQbGF0Zm9ybSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBEZXBsb3lNYW5hZ2VkUGxhdGZvcm1Qcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHRoaXMpO1xuICAgIGxldCB0bXBEaXI6IHN0cmluZyB8IHVuZGVmaW5lZDtcblxuICAgIHRyeSB7XG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgYXBwIHRvIHN5bnRoZXNpemUgdGhlIE1hbmFnZWRQbGF0Zm9ybSB0ZW1wbGF0ZVxuICAgICAgY29uc3QgdGVtcEFwcCA9IG5ldyBBcHAoe1xuICAgICAgICBvdXRkaXI6IHBhdGguam9pbihvcy50bXBkaXIoKSwgYGNkay1vdXQtJHtEYXRlLm5vdygpfWApXG4gICAgICB9KTtcblxuICAgICAgY29uc3QgbWFuYWdlZFBsYXRmb3JtU3RhY2sgPSBuZXcgTWFuYWdlZFBsYXRmb3JtVGVtcGxhdGUoXG4gICAgICAgIHRlbXBBcHAsXG4gICAgICAgIFwiTWFuYWdlZFBsYXRmb3JtVGVtcGxhdGVcIlxuICAgICAgKTtcblxuICAgICAgY29uc3QgYXNzZW1ibHkgPSB0ZW1wQXBwLnN5bnRoKCk7XG5cbiAgICAgIC8vIEdldCB0aGUgc3ludGhlc2l6ZWQgdGVtcGxhdGVcbiAgICAgIGNvbnN0IHRlbXBsYXRlQXJ0aWZhY3QgPSBhc3NlbWJseS5nZXRTdGFja0FydGlmYWN0KFxuICAgICAgICBtYW5hZ2VkUGxhdGZvcm1TdGFjay5hcnRpZmFjdElkXG4gICAgICApO1xuICAgICAgY29uc3QgdGVtcGxhdGVQYXRoID0gdGVtcGxhdGVBcnRpZmFjdC50ZW1wbGF0ZUZ1bGxQYXRoO1xuXG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgZGlyZWN0b3J5IHdpdGgganVzdCB0aGUgdGVtcGxhdGUgZmlsZVxuICAgICAgdG1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCBcIm1hbmFnZWQtcGxhdGZvcm0tXCIpKTtcbiAgICAgIGNvbnN0IHRlbXBsYXRlRmlsZU5hbWUgPSBcIk1hbmFnZWRQbGF0Zm9ybVRlbXBsYXRlLnRlbXBsYXRlLmpzb25cIjtcbiAgICAgIGNvbnN0IGRlc3RQYXRoID0gcGF0aC5qb2luKHRtcERpciwgdGVtcGxhdGVGaWxlTmFtZSk7XG5cbiAgICAgIC8vIENvcHkgb25seSB0aGUgdGVtcGxhdGUgZmlsZVxuICAgICAgZnMuY29weUZpbGVTeW5jKHRlbXBsYXRlUGF0aCwgZGVzdFBhdGgpO1xuXG4gICAgICAvLyBEZXBsb3kgdGhlIHRlbXBsYXRlIHRvIHRoZSBTMyBidWNrZXRcbiAgICAgIG5ldyBCdWNrZXREZXBsb3ltZW50KHRoaXMsIFwiRGVwbG95TWFuYWdlZFBsYXRmb3JtVGVtcGxhdGVcIiwge1xuICAgICAgICBzb3VyY2VzOiBbU291cmNlLmFzc2V0KHRtcERpcildLFxuICAgICAgICBkZXN0aW5hdGlvbkJ1Y2tldDogcHJvcHMudGVtcGxhdGVCdWNrZXQsXG4gICAgICAgIGRlc3RpbmF0aW9uS2V5UHJlZml4OiBcIm1hbmFnZWQtcGxhdGZvcm1cIixcbiAgICAgICAgcmV0YWluT25EZWxldGU6IGZhbHNlXG4gICAgICB9KTtcblxuICAgICAgLy8gVXNlIHJlZ2lvbi1hZ25vc3RpYyBTMyBVUkwgZm9ybWF0XG4gICAgICBjb25zdCB0ZW1wbGF0ZVVSTCA9IGBodHRwczovLyR7cHJvcHMudGVtcGxhdGVCdWNrZXQuYnVja2V0TmFtZX0uczMuYW1hem9uYXdzLmNvbS9tYW5hZ2VkLXBsYXRmb3JtLyR7dGVtcGxhdGVGaWxlTmFtZX1gO1xuXG4gICAgICBuZXcgQ2ZuU3RhY2tTZXQodGhpcywgXCJNYW5hZ2VkUGxhdGZvcm1TdGFja1NldFwiLCB7XG4gICAgICAgIHBlcm1pc3Npb25Nb2RlbDogXCJTRVJWSUNFX01BTkFHRURcIixcbiAgICAgICAgc3RhY2tTZXROYW1lOiBgTWFuYWdlZFBsYXRmb3JtLSR7c3RhY2suc3RhY2tOYW1lfWAsXG4gICAgICAgIGRlc2NyaXB0aW9uOlxuICAgICAgICAgIFwiTWFuYWdlZFBsYXRmb3JtIFN0YWNrU2V0IGZvciB0aGUgcGxhdGZvcm0gYWNjb3VudCAoSVBBTSBpbmZyYXN0cnVjdHVyZSBvbmx5KVwiLFxuICAgICAgICBjYXBhYmlsaXRpZXM6IFtcbiAgICAgICAgICBcIkNBUEFCSUxJVFlfSUFNXCIsXG4gICAgICAgICAgXCJDQVBBQklMSVRZX05BTUVEX0lBTVwiLFxuICAgICAgICAgIFwiQ0FQQUJJTElUWV9BVVRPX0VYUEFORFwiXG4gICAgICAgIF0sXG4gICAgICAgIHRlbXBsYXRlVXJsOiB0ZW1wbGF0ZVVSTCxcbiAgICAgICAgYXV0b0RlcGxveW1lbnQ6IHtcbiAgICAgICAgICBlbmFibGVkOiBmYWxzZSwgLy8gUGxhdGZvcm0gYWNjb3VudCBpcyBzcGVjaWZpYywgbm90IGF1dG8tZGVwbG95ZWRcbiAgICAgICAgICByZXRhaW5TdGFja3NPbkFjY291bnRSZW1vdmFsOiB0cnVlXG4gICAgICAgIH0sXG4gICAgICAgIGNhbGxBczogXCJERUxFR0FURURfQURNSU5cIixcbiAgICAgICAgb3BlcmF0aW9uUHJlZmVyZW5jZXM6IHtcbiAgICAgICAgICByZWdpb25Db25jdXJyZW5jeVR5cGU6IFwiUEFSQUxMRUxcIixcbiAgICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICAgIGZhaWx1cmVUb2xlcmFuY2VQZXJjZW50YWdlOiAwIC8vIE5vIHRvbGVyYW5jZSBhcyBpdCdzIGEgc2luZ2xlIGFjY291bnRcbiAgICAgICAgfSxcbiAgICAgICAgc3RhY2tJbnN0YW5jZXNHcm91cDogW1xuICAgICAgICAgIHtcbiAgICAgICAgICAgIGRlcGxveW1lbnRUYXJnZXRzOiB7XG4gICAgICAgICAgICAgIGFjY291bnRzOiBbcHJvcHMucGxhdGZvcm1BY2NvdW50SWRdIC8vIERlcGxveSBvbmx5IHRvIHBsYXRmb3JtIGFjY291bnRcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICByZWdpb25zOiBwcm9wcy5yZWdpb25zLFxuICAgICAgICAgICAgcGFyYW1ldGVyT3ZlcnJpZGVzOiBbXG4gICAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgICBwYXJhbWV0ZXJLZXk6IFwiQWNjb3VudElkXCIsXG4gICAgICAgICAgICAgICAgcGFyYW1ldGVyVmFsdWU6IHByb3BzLnBsYXRmb3JtQWNjb3VudElkXG4gICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgICBwYXJhbWV0ZXJLZXk6IFwiUmVnaW9uXCIsXG4gICAgICAgICAgICAgICAgcGFyYW1ldGVyVmFsdWU6IHByb3BzLnJlZ2lvbnNbMF0gLy8gUHJpbWFyeSByZWdpb24gZm9yIElQQU1cbiAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgXVxuICAgICAgICAgIH1cbiAgICAgICAgXVxuICAgICAgfSk7XG4gICAgfSBmaW5hbGx5IHtcbiAgICAgIC8vIENsZWFuIHVwIHRlbXBvcmFyeSBkaXJlY3RvcnlcbiAgICAgIGlmICh0bXBEaXIgJiYgZnMuZXhpc3RzU3luYyh0bXBEaXIpKSB7XG4gICAgICAgIGZzLnJtU3luYyh0bXBEaXIsIHsgcmVjdXJzaXZlOiB0cnVlLCBmb3JjZTogdHJ1ZSB9KTtcbiAgICAgIH1cbiAgICB9XG4gIH1cbn1cbiJdfQ==
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
import { Stack, StackProps } from "aws-cdk-lib";
|
|
2
|
-
import { Construct } from "constructs";
|
|
3
|
-
export interface ManagedAccountStackSetProps extends StackProps {
|
|
4
|
-
}
|
|
5
|
-
/**
|
|
6
|
-
* A StackSet-compatible version of ManagedAccount that uses CloudFormation parameters
|
|
7
|
-
* for accountId and region instead of hardcoded values.
|
|
8
|
-
*/
|
|
9
|
-
export declare class ManagedAccountStackSet extends Stack {
|
|
10
|
-
constructor(scope: Construct, id: string, props?: ManagedAccountStackSetProps);
|
|
11
|
-
}
|
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ManagedAccountStackSet = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const managedAccount_1 = require("./managedAccount");
|
|
6
|
-
/**
|
|
7
|
-
* A StackSet-compatible version of ManagedAccount that uses CloudFormation parameters
|
|
8
|
-
* for accountId and region instead of hardcoded values.
|
|
9
|
-
*/
|
|
10
|
-
class ManagedAccountStackSet extends aws_cdk_lib_1.Stack {
|
|
11
|
-
constructor(scope, id, props) {
|
|
12
|
-
super(scope, id, props);
|
|
13
|
-
// Create parameters that will be populated by StackSet
|
|
14
|
-
const accountIdParam = new aws_cdk_lib_1.CfnParameter(this, "AccountId", {
|
|
15
|
-
type: "String",
|
|
16
|
-
description: "The AWS Account ID where this stack is being deployed",
|
|
17
|
-
default: this.account
|
|
18
|
-
});
|
|
19
|
-
const regionParam = new aws_cdk_lib_1.CfnParameter(this, "Region", {
|
|
20
|
-
type: "String",
|
|
21
|
-
description: "The AWS Region where this stack is being deployed",
|
|
22
|
-
default: this.region
|
|
23
|
-
});
|
|
24
|
-
// Create the ManagedAccount resources using parameter values
|
|
25
|
-
const managedAccount = new managedAccount_1.ManagedAccount(this, "ManagedAccountResources", {
|
|
26
|
-
accountId: accountIdParam.valueAsString,
|
|
27
|
-
region: regionParam.valueAsString,
|
|
28
|
-
env: {
|
|
29
|
-
account: accountIdParam.valueAsString,
|
|
30
|
-
region: regionParam.valueAsString
|
|
31
|
-
}
|
|
32
|
-
});
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
exports.ManagedAccountStackSet = ManagedAccountStackSet;
|
|
36
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWFuYWdlZEFjY291bnRTdGFja1NldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL2xpYi9wYXR0ZXJucy9hd3MvbWFuYWdlZEFjY291bnRTdGFja1NldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBOEQ7QUFFOUQscURBQWtEO0FBTWxEOzs7R0FHRztBQUNILE1BQWEsc0JBQXVCLFNBQVEsbUJBQUs7SUFDL0MsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FBbUM7UUFFbkMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsdURBQXVEO1FBQ3ZELE1BQU0sY0FBYyxHQUFHLElBQUksMEJBQVksQ0FBQyxJQUFJLEVBQUUsV0FBVyxFQUFFO1lBQ3pELElBQUksRUFBRSxRQUFRO1lBQ2QsV0FBVyxFQUFFLHVEQUF1RDtZQUNwRSxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87U0FDdEIsQ0FBQyxDQUFDO1FBRUgsTUFBTSxXQUFXLEdBQUcsSUFBSSwwQkFBWSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDbkQsSUFBSSxFQUFFLFFBQVE7WUFDZCxXQUFXLEVBQUUsbURBQW1EO1lBQ2hFLE9BQU8sRUFBRSxJQUFJLENBQUMsTUFBTTtTQUNyQixDQUFDLENBQUM7UUFFSCw2REFBNkQ7UUFDN0QsTUFBTSxjQUFjLEdBQUcsSUFBSSwrQkFBYyxDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtZQUN6RSxTQUFTLEVBQUUsY0FBYyxDQUFDLGFBQWE7WUFDdkMsTUFBTSxFQUFFLFdBQVcsQ0FBQyxhQUFhO1lBQ2pDLEdBQUcsRUFBRTtnQkFDSCxPQUFPLEVBQUUsY0FBYyxDQUFDLGFBQWE7Z0JBQ3JDLE1BQU0sRUFBRSxXQUFXLENBQUMsYUFBYTthQUNsQztTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQS9CRCx3REErQkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5QYXJhbWV0ZXIsIFN0YWNrLCBTdGFja1Byb3BzIH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgTWFuYWdlZEFjY291bnQgfSBmcm9tIFwiLi9tYW5hZ2VkQWNjb3VudFwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIE1hbmFnZWRBY2NvdW50U3RhY2tTZXRQcm9wcyBleHRlbmRzIFN0YWNrUHJvcHMge1xuICAvLyBBZGRpdGlvbmFsIHByb3BzIGlmIG5lZWRlZFxufVxuXG4vKipcbiAqIEEgU3RhY2tTZXQtY29tcGF0aWJsZSB2ZXJzaW9uIG9mIE1hbmFnZWRBY2NvdW50IHRoYXQgdXNlcyBDbG91ZEZvcm1hdGlvbiBwYXJhbWV0ZXJzXG4gKiBmb3IgYWNjb3VudElkIGFuZCByZWdpb24gaW5zdGVhZCBvZiBoYXJkY29kZWQgdmFsdWVzLlxuICovXG5leHBvcnQgY2xhc3MgTWFuYWdlZEFjY291bnRTdGFja1NldCBleHRlbmRzIFN0YWNrIHtcbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzPzogTWFuYWdlZEFjY291bnRTdGFja1NldFByb3BzXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwgcHJvcHMpO1xuXG4gICAgLy8gQ3JlYXRlIHBhcmFtZXRlcnMgdGhhdCB3aWxsIGJlIHBvcHVsYXRlZCBieSBTdGFja1NldFxuICAgIGNvbnN0IGFjY291bnRJZFBhcmFtID0gbmV3IENmblBhcmFtZXRlcih0aGlzLCBcIkFjY291bnRJZFwiLCB7XG4gICAgICB0eXBlOiBcIlN0cmluZ1wiLFxuICAgICAgZGVzY3JpcHRpb246IFwiVGhlIEFXUyBBY2NvdW50IElEIHdoZXJlIHRoaXMgc3RhY2sgaXMgYmVpbmcgZGVwbG95ZWRcIixcbiAgICAgIGRlZmF1bHQ6IHRoaXMuYWNjb3VudFxuICAgIH0pO1xuXG4gICAgY29uc3QgcmVnaW9uUGFyYW0gPSBuZXcgQ2ZuUGFyYW1ldGVyKHRoaXMsIFwiUmVnaW9uXCIsIHtcbiAgICAgIHR5cGU6IFwiU3RyaW5nXCIsXG4gICAgICBkZXNjcmlwdGlvbjogXCJUaGUgQVdTIFJlZ2lvbiB3aGVyZSB0aGlzIHN0YWNrIGlzIGJlaW5nIGRlcGxveWVkXCIsXG4gICAgICBkZWZhdWx0OiB0aGlzLnJlZ2lvblxuICAgIH0pO1xuXG4gICAgLy8gQ3JlYXRlIHRoZSBNYW5hZ2VkQWNjb3VudCByZXNvdXJjZXMgdXNpbmcgcGFyYW1ldGVyIHZhbHVlc1xuICAgIGNvbnN0IG1hbmFnZWRBY2NvdW50ID0gbmV3IE1hbmFnZWRBY2NvdW50KHRoaXMsIFwiTWFuYWdlZEFjY291bnRSZXNvdXJjZXNcIiwge1xuICAgICAgYWNjb3VudElkOiBhY2NvdW50SWRQYXJhbS52YWx1ZUFzU3RyaW5nLFxuICAgICAgcmVnaW9uOiByZWdpb25QYXJhbS52YWx1ZUFzU3RyaW5nLFxuICAgICAgZW52OiB7XG4gICAgICAgIGFjY291bnQ6IGFjY291bnRJZFBhcmFtLnZhbHVlQXNTdHJpbmcsXG4gICAgICAgIHJlZ2lvbjogcmVnaW9uUGFyYW0udmFsdWVBc1N0cmluZ1xuICAgICAgfVxuICAgIH0pO1xuICB9XG59XG4iXX0=
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
import { Stack, StackProps } from "aws-cdk-lib";
|
|
2
|
-
import { Construct } from "constructs";
|
|
3
|
-
export interface ManagedPlatformStackSetProps extends StackProps {
|
|
4
|
-
}
|
|
5
|
-
/**
|
|
6
|
-
* A StackSet-compatible version of ManagedPlatform that uses CloudFormation parameters
|
|
7
|
-
* for accountId and region.
|
|
8
|
-
*
|
|
9
|
-
* Note: This creates IPAM infrastructure but not the individual account pools,
|
|
10
|
-
* as those require concrete account names at synthesis time. The pools should
|
|
11
|
-
* be created separately after the organization accounts are known.
|
|
12
|
-
*
|
|
13
|
-
* This is designed to be deployed ONLY to the platform account.
|
|
14
|
-
*/
|
|
15
|
-
export declare class ManagedPlatformStackSet extends Stack {
|
|
16
|
-
constructor(scope: Construct, id: string, props?: ManagedPlatformStackSetProps);
|
|
17
|
-
}
|
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ManagedPlatformStackSet = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const managedAccount_1 = require("./managedAccount");
|
|
6
|
-
const ipam_1 = require("../../config/aws/ipam");
|
|
7
|
-
/**
|
|
8
|
-
* A StackSet-compatible version of ManagedPlatform that uses CloudFormation parameters
|
|
9
|
-
* for accountId and region.
|
|
10
|
-
*
|
|
11
|
-
* Note: This creates IPAM infrastructure but not the individual account pools,
|
|
12
|
-
* as those require concrete account names at synthesis time. The pools should
|
|
13
|
-
* be created separately after the organization accounts are known.
|
|
14
|
-
*
|
|
15
|
-
* This is designed to be deployed ONLY to the platform account.
|
|
16
|
-
*/
|
|
17
|
-
class ManagedPlatformStackSet extends aws_cdk_lib_1.Stack {
|
|
18
|
-
constructor(scope, id, props) {
|
|
19
|
-
super(scope, id, props);
|
|
20
|
-
// Create parameters that will be populated by StackSet
|
|
21
|
-
const accountIdParam = new aws_cdk_lib_1.CfnParameter(this, "AccountId", {
|
|
22
|
-
type: "String",
|
|
23
|
-
description: "The AWS Account ID where this stack is being deployed",
|
|
24
|
-
default: this.account
|
|
25
|
-
});
|
|
26
|
-
const regionParam = new aws_cdk_lib_1.CfnParameter(this, "Region", {
|
|
27
|
-
type: "String",
|
|
28
|
-
description: "The AWS Region where this stack is being deployed",
|
|
29
|
-
default: this.region
|
|
30
|
-
});
|
|
31
|
-
// First, deploy the base ManagedAccount resources
|
|
32
|
-
const managedAccount = new managedAccount_1.ManagedAccount(this, "ManagedAccountResources", {
|
|
33
|
-
accountId: accountIdParam.valueAsString,
|
|
34
|
-
region: regionParam.valueAsString,
|
|
35
|
-
env: {
|
|
36
|
-
account: accountIdParam.valueAsString,
|
|
37
|
-
region: regionParam.valueAsString
|
|
38
|
-
}
|
|
39
|
-
});
|
|
40
|
-
// Create IPAM infrastructure (without pools)
|
|
41
|
-
const ipam = new ipam_1.Ipam(this, "Ipam");
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
exports.ManagedPlatformStackSet = ManagedPlatformStackSet;
|
|
45
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWFuYWdlZFBsYXRmb3JtU3RhY2tTZXQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvcGF0dGVybnMvYXdzL21hbmFnZWRQbGF0Zm9ybVN0YWNrU2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUE4RDtBQUU5RCxxREFBa0Q7QUFDbEQsZ0RBQTZDO0FBTTdDOzs7Ozs7Ozs7R0FTRztBQUNILE1BQWEsdUJBQXdCLFNBQVEsbUJBQUs7SUFDaEQsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FBb0M7UUFFcEMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsdURBQXVEO1FBQ3ZELE1BQU0sY0FBYyxHQUFHLElBQUksMEJBQVksQ0FBQyxJQUFJLEVBQUUsV0FBVyxFQUFFO1lBQ3pELElBQUksRUFBRSxRQUFRO1lBQ2QsV0FBVyxFQUFFLHVEQUF1RDtZQUNwRSxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87U0FDdEIsQ0FBQyxDQUFDO1FBRUgsTUFBTSxXQUFXLEdBQUcsSUFBSSwwQkFBWSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDbkQsSUFBSSxFQUFFLFFBQVE7WUFDZCxXQUFXLEVBQUUsbURBQW1EO1lBQ2hFLE9BQU8sRUFBRSxJQUFJLENBQUMsTUFBTTtTQUNyQixDQUFDLENBQUM7UUFFSCxrREFBa0Q7UUFDbEQsTUFBTSxjQUFjLEdBQUcsSUFBSSwrQkFBYyxDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtZQUN6RSxTQUFTLEVBQUUsY0FBYyxDQUFDLGFBQWE7WUFDdkMsTUFBTSxFQUFFLFdBQVcsQ0FBQyxhQUFhO1lBQ2pDLEdBQUcsRUFBRTtnQkFDSCxPQUFPLEVBQUUsY0FBYyxDQUFDLGFBQWE7Z0JBQ3JDLE1BQU0sRUFBRSxXQUFXLENBQUMsYUFBYTthQUNsQztTQUNGLENBQUMsQ0FBQztRQUVILDZDQUE2QztRQUM3QyxNQUFNLElBQUksR0FBRyxJQUFJLFdBQUksQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDdEMsQ0FBQztDQUNGO0FBbENELDBEQWtDQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IENmblBhcmFtZXRlciwgU3RhY2ssIFN0YWNrUHJvcHMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBNYW5hZ2VkQWNjb3VudCB9IGZyb20gXCIuL21hbmFnZWRBY2NvdW50XCI7XG5pbXBvcnQgeyBJcGFtIH0gZnJvbSBcIi4uLy4uL2NvbmZpZy9hd3MvaXBhbVwiO1xuXG5leHBvcnQgaW50ZXJmYWNlIE1hbmFnZWRQbGF0Zm9ybVN0YWNrU2V0UHJvcHMgZXh0ZW5kcyBTdGFja1Byb3BzIHtcbiAgLy8gQWRkaXRpb25hbCBwcm9wcyBpZiBuZWVkZWRcbn1cblxuLyoqXG4gKiBBIFN0YWNrU2V0LWNvbXBhdGlibGUgdmVyc2lvbiBvZiBNYW5hZ2VkUGxhdGZvcm0gdGhhdCB1c2VzIENsb3VkRm9ybWF0aW9uIHBhcmFtZXRlcnNcbiAqIGZvciBhY2NvdW50SWQgYW5kIHJlZ2lvbi5cbiAqXG4gKiBOb3RlOiBUaGlzIGNyZWF0ZXMgSVBBTSBpbmZyYXN0cnVjdHVyZSBidXQgbm90IHRoZSBpbmRpdmlkdWFsIGFjY291bnQgcG9vbHMsXG4gKiBhcyB0aG9zZSByZXF1aXJlIGNvbmNyZXRlIGFjY291bnQgbmFtZXMgYXQgc3ludGhlc2lzIHRpbWUuIFRoZSBwb29scyBzaG91bGRcbiAqIGJlIGNyZWF0ZWQgc2VwYXJhdGVseSBhZnRlciB0aGUgb3JnYW5pemF0aW9uIGFjY291bnRzIGFyZSBrbm93bi5cbiAqXG4gKiBUaGlzIGlzIGRlc2lnbmVkIHRvIGJlIGRlcGxveWVkIE9OTFkgdG8gdGhlIHBsYXRmb3JtIGFjY291bnQuXG4gKi9cbmV4cG9ydCBjbGFzcyBNYW5hZ2VkUGxhdGZvcm1TdGFja1NldCBleHRlbmRzIFN0YWNrIHtcbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzPzogTWFuYWdlZFBsYXRmb3JtU3RhY2tTZXRQcm9wc1xuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIC8vIENyZWF0ZSBwYXJhbWV0ZXJzIHRoYXQgd2lsbCBiZSBwb3B1bGF0ZWQgYnkgU3RhY2tTZXRcbiAgICBjb25zdCBhY2NvdW50SWRQYXJhbSA9IG5ldyBDZm5QYXJhbWV0ZXIodGhpcywgXCJBY2NvdW50SWRcIiwge1xuICAgICAgdHlwZTogXCJTdHJpbmdcIixcbiAgICAgIGRlc2NyaXB0aW9uOiBcIlRoZSBBV1MgQWNjb3VudCBJRCB3aGVyZSB0aGlzIHN0YWNrIGlzIGJlaW5nIGRlcGxveWVkXCIsXG4gICAgICBkZWZhdWx0OiB0aGlzLmFjY291bnRcbiAgICB9KTtcblxuICAgIGNvbnN0IHJlZ2lvblBhcmFtID0gbmV3IENmblBhcmFtZXRlcih0aGlzLCBcIlJlZ2lvblwiLCB7XG4gICAgICB0eXBlOiBcIlN0cmluZ1wiLFxuICAgICAgZGVzY3JpcHRpb246IFwiVGhlIEFXUyBSZWdpb24gd2hlcmUgdGhpcyBzdGFjayBpcyBiZWluZyBkZXBsb3llZFwiLFxuICAgICAgZGVmYXVsdDogdGhpcy5yZWdpb25cbiAgICB9KTtcblxuICAgIC8vIEZpcnN0LCBkZXBsb3kgdGhlIGJhc2UgTWFuYWdlZEFjY291bnQgcmVzb3VyY2VzXG4gICAgY29uc3QgbWFuYWdlZEFjY291bnQgPSBuZXcgTWFuYWdlZEFjY291bnQodGhpcywgXCJNYW5hZ2VkQWNjb3VudFJlc291cmNlc1wiLCB7XG4gICAgICBhY2NvdW50SWQ6IGFjY291bnRJZFBhcmFtLnZhbHVlQXNTdHJpbmcsXG4gICAgICByZWdpb246IHJlZ2lvblBhcmFtLnZhbHVlQXNTdHJpbmcsXG4gICAgICBlbnY6IHtcbiAgICAgICAgYWNjb3VudDogYWNjb3VudElkUGFyYW0udmFsdWVBc1N0cmluZyxcbiAgICAgICAgcmVnaW9uOiByZWdpb25QYXJhbS52YWx1ZUFzU3RyaW5nXG4gICAgICB9XG4gICAgfSk7XG5cbiAgICAvLyBDcmVhdGUgSVBBTSBpbmZyYXN0cnVjdHVyZSAod2l0aG91dCBwb29scylcbiAgICBjb25zdCBpcGFtID0gbmV3IElwYW0odGhpcywgXCJJcGFtXCIpO1xuICB9XG59XG4iXX0=
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
export declare class AssignmentNew extends Construct {
|
|
3
|
-
constructor(scope: Construct, id: string, props: {
|
|
4
|
-
instanceArn: string;
|
|
5
|
-
permissionSetArn: string;
|
|
6
|
-
principalType: string;
|
|
7
|
-
principalId: string;
|
|
8
|
-
targetType: string;
|
|
9
|
-
targetId: string;
|
|
10
|
-
});
|
|
11
|
-
}
|