@fjall/components-infrastructure 0.14.1 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/patterns/aws/ec2.d.ts +43 -0
- package/dist/lib/patterns/aws/ec2.js +123 -0
- package/package.json +3 -3
- package/dist/lib/config/aws/bootstrap.d.ts +0 -12
- package/dist/lib/config/aws/bootstrap.js +0 -72
- package/dist/lib/config/aws/bootstrap.original.d.ts +0 -13
- package/dist/lib/config/aws/bootstrap.original.js +0 -94
- package/dist/lib/config/aws/bootstrapAccounts.d.ts +0 -12
- package/dist/lib/config/aws/bootstrapAccounts.js +0 -89
- package/dist/lib/config/aws/bootstrapMultiRegion.example.d.ts +0 -15
- package/dist/lib/config/aws/bootstrapMultiRegion.example.js +0 -105
- package/dist/lib/config/aws/bootstrapSelfManaged.example.d.ts +0 -13
- package/dist/lib/config/aws/bootstrapSelfManaged.example.js +0 -56
- package/dist/lib/config/aws/managedAccountStackSet.d.ts +0 -16
- package/dist/lib/config/aws/managedAccountStackSet.js +0 -75
- package/dist/lib/config/aws/managedPlatformStackSet.d.ts +0 -24
- package/dist/lib/config/aws/managedPlatformStackSet.js +0 -101
- package/dist/lib/patterns/aws/managedAccountStackSet.d.ts +0 -11
- package/dist/lib/patterns/aws/managedAccountStackSet.js +0 -36
- package/dist/lib/patterns/aws/managedPlatformStackSet.d.ts +0 -17
- package/dist/lib/patterns/aws/managedPlatformStackSet.js +0 -45
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.d.ts +0 -11
- package/dist/lib/resources/aws/iam/identityCenter/assignmentNew.js +0 -102
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.d.ts +0 -24
- package/dist/lib/resources/aws/iam/identityCenter/lambda/assignmentHandler.js +0 -246
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { BlockDevice, IMachineImage, IVpc, SubnetType, UserData, SecurityGroup, IConnectable, Connections } from "aws-cdk-lib/aws-ec2";
|
|
2
|
+
import { Construct } from "constructs";
|
|
3
|
+
import { StackProps } from "aws-cdk-lib";
|
|
4
|
+
import { Role } from "aws-cdk-lib/aws-iam";
|
|
5
|
+
import { KeyValue } from "../../types";
|
|
6
|
+
interface ExistingVpcConfig {
|
|
7
|
+
vpcId?: string;
|
|
8
|
+
subnetType?: SubnetType;
|
|
9
|
+
}
|
|
10
|
+
interface NewVpcConfig {
|
|
11
|
+
subnetType: SubnetType;
|
|
12
|
+
}
|
|
13
|
+
export type VpcProps = ExistingVpcConfig | NewVpcConfig;
|
|
14
|
+
interface Ec2InstanceProps extends StackProps {
|
|
15
|
+
spotCapacityPercentage?: number;
|
|
16
|
+
blockDevices?: BlockDevice[];
|
|
17
|
+
accountId?: string;
|
|
18
|
+
serviceName: string;
|
|
19
|
+
vpc: VpcProps;
|
|
20
|
+
minCapcity?: number;
|
|
21
|
+
maxCapacity?: number;
|
|
22
|
+
instanceType: string;
|
|
23
|
+
machineImage?: IMachineImage;
|
|
24
|
+
userData?: UserData;
|
|
25
|
+
role?: Role;
|
|
26
|
+
enableSSH?: boolean;
|
|
27
|
+
tags: KeyValue;
|
|
28
|
+
}
|
|
29
|
+
export declare class Ec2Instance extends Construct implements IConnectable {
|
|
30
|
+
private launchTemplate;
|
|
31
|
+
vpc: IVpc;
|
|
32
|
+
asgSecurityGroup: SecurityGroup;
|
|
33
|
+
private autoScalingGroup;
|
|
34
|
+
private keyPair;
|
|
35
|
+
constructor(scope: Construct, id: string, props: Ec2InstanceProps);
|
|
36
|
+
connections: Connections;
|
|
37
|
+
addVpc(props: Ec2InstanceProps): void;
|
|
38
|
+
addKeyPair(props: Ec2InstanceProps): void;
|
|
39
|
+
addLaunchTemplate(props: Ec2InstanceProps): void;
|
|
40
|
+
addAutoScalingGroup(props: Ec2InstanceProps): void;
|
|
41
|
+
suspendAutoScaling(): void;
|
|
42
|
+
}
|
|
43
|
+
export {};
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Ec2Instance = void 0;
|
|
4
|
+
const aws_ec2_1 = require("aws-cdk-lib/aws-ec2");
|
|
5
|
+
const constructs_1 = require("constructs");
|
|
6
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
7
|
+
const tagResource_1 = require("../../utils/tagResource");
|
|
8
|
+
const aws_autoscaling_1 = require("aws-cdk-lib/aws-autoscaling");
|
|
9
|
+
const awsCustomResource_1 = require("../../resources/aws/utilities/awsCustomResource");
|
|
10
|
+
const custom_resources_1 = require("aws-cdk-lib/custom-resources");
|
|
11
|
+
const vpc_1 = require("../../resources/aws/networking/vpc");
|
|
12
|
+
class Ec2Instance extends constructs_1.Construct {
|
|
13
|
+
constructor(scope, id, props) {
|
|
14
|
+
super(scope, id);
|
|
15
|
+
this.addVpc(props);
|
|
16
|
+
if (props.enableSSH) {
|
|
17
|
+
this.addKeyPair(props);
|
|
18
|
+
}
|
|
19
|
+
this.addLaunchTemplate(props);
|
|
20
|
+
this.addAutoScalingGroup(props);
|
|
21
|
+
this.suspendAutoScaling();
|
|
22
|
+
//TODO: Add load balancer as boolean prop, then configure load balancer
|
|
23
|
+
}
|
|
24
|
+
addVpc(props) {
|
|
25
|
+
if ("vpcId" in props.vpc) {
|
|
26
|
+
this.vpc = vpc_1.Vpc.fromLookup(this, `${props.serviceName}Vpc`, {
|
|
27
|
+
vpcId: props.vpc.vpcId
|
|
28
|
+
});
|
|
29
|
+
}
|
|
30
|
+
else {
|
|
31
|
+
this.vpc = new vpc_1.Vpc(this, `${props.serviceName}Vpc`, {
|
|
32
|
+
accountId: props.accountId,
|
|
33
|
+
tags: props.tags,
|
|
34
|
+
subnetConfiguration: [
|
|
35
|
+
{
|
|
36
|
+
name: `${props.serviceName}`,
|
|
37
|
+
subnetType: props.vpc.subnetType || aws_ec2_1.SubnetType.PRIVATE_WITH_EGRESS
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
});
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
addKeyPair(props) {
|
|
44
|
+
// TODO: Breakout into a seperate construct for use with better prop handling
|
|
45
|
+
this.keyPair = new aws_ec2_1.KeyPair(this, "KeyPair", {
|
|
46
|
+
keyPairName: `${props.serviceName}KeyPair`
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
addLaunchTemplate(props) {
|
|
50
|
+
this.asgSecurityGroup = new aws_ec2_1.SecurityGroup(this, `AsgSecurityGroup`, {
|
|
51
|
+
vpc: this.vpc,
|
|
52
|
+
description: `Security group for the ${props.serviceName} auto scaling group`
|
|
53
|
+
});
|
|
54
|
+
if (props.enableSSH) {
|
|
55
|
+
this.asgSecurityGroup.addIngressRule(aws_ec2_1.Peer.anyIpv4(), aws_ec2_1.Port.tcp(22), "Allow SSH");
|
|
56
|
+
}
|
|
57
|
+
this.launchTemplate = new aws_ec2_1.LaunchTemplate(this, "LaunchTemplate", {
|
|
58
|
+
launchTemplateName: `${props.serviceName}LaunchTemplate`,
|
|
59
|
+
instanceType: new aws_ec2_1.InstanceType(`${props.instanceType}`),
|
|
60
|
+
machineImage: props.machineImage || aws_ec2_1.MachineImage.latestAmazonLinux2(),
|
|
61
|
+
userData: props.userData,
|
|
62
|
+
role: props.role,
|
|
63
|
+
blockDevices: props?.blockDevices,
|
|
64
|
+
securityGroup: this.asgSecurityGroup,
|
|
65
|
+
detailedMonitoring: true,
|
|
66
|
+
requireImdsv2: true,
|
|
67
|
+
httpPutResponseHopLimit: 2,
|
|
68
|
+
httpTokens: aws_ec2_1.LaunchTemplateHttpTokens.REQUIRED,
|
|
69
|
+
instanceMetadataTags: true,
|
|
70
|
+
keyPair: this.keyPair
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
addAutoScalingGroup(props) {
|
|
74
|
+
// TODO: Support spot instances
|
|
75
|
+
// TODO: Handle terminating EC2 instances when updating, currently hangs.
|
|
76
|
+
this.autoScalingGroup = new aws_autoscaling_1.AutoScalingGroup(this, "AutoScalingGroup", {
|
|
77
|
+
vpc: this.vpc,
|
|
78
|
+
vpcSubnets: {
|
|
79
|
+
subnetType: props.enableSSH ? aws_ec2_1.SubnetType.PUBLIC : undefined
|
|
80
|
+
},
|
|
81
|
+
minCapacity: props.minCapcity,
|
|
82
|
+
maxCapacity: props.maxCapacity,
|
|
83
|
+
launchTemplate: this.launchTemplate,
|
|
84
|
+
cooldown: aws_cdk_lib_1.Duration.seconds(60),
|
|
85
|
+
groupMetrics: [aws_autoscaling_1.GroupMetrics.all()],
|
|
86
|
+
updatePolicy: aws_autoscaling_1.UpdatePolicy.replacingUpdate(),
|
|
87
|
+
newInstancesProtectedFromScaleIn: true,
|
|
88
|
+
// securityGroup: this.asgSecurityGroup,
|
|
89
|
+
terminationPolicies: [
|
|
90
|
+
aws_autoscaling_1.TerminationPolicy.OLDEST_LAUNCH_CONFIGURATION,
|
|
91
|
+
aws_autoscaling_1.TerminationPolicy.CLOSEST_TO_NEXT_INSTANCE_HOUR
|
|
92
|
+
],
|
|
93
|
+
ssmSessionPermissions: true
|
|
94
|
+
});
|
|
95
|
+
(0, tagResource_1.default)(this.autoScalingGroup, props.tags);
|
|
96
|
+
}
|
|
97
|
+
suspendAutoScaling() {
|
|
98
|
+
new awsCustomResource_1.AwsCustomResource(this, "SuspendAutoscaling", {
|
|
99
|
+
functionName: "suspendAutoScaling",
|
|
100
|
+
onCreate: {
|
|
101
|
+
service: "AutoScaling",
|
|
102
|
+
action: "suspendProcesses",
|
|
103
|
+
parameters: {
|
|
104
|
+
AutoScalingGroupName: this.autoScalingGroup.autoScalingGroupName,
|
|
105
|
+
ScalingProcesses: ["AZRebalance"]
|
|
106
|
+
},
|
|
107
|
+
physicalResourceId: custom_resources_1.PhysicalResourceId.of("suspendAutoScaling")
|
|
108
|
+
},
|
|
109
|
+
onUpdate: {
|
|
110
|
+
service: "AutoScaling",
|
|
111
|
+
action: "suspendProcesses",
|
|
112
|
+
parameters: {
|
|
113
|
+
AutoScalingGroupName: this.autoScalingGroup.autoScalingGroupName,
|
|
114
|
+
ScalingProcesses: ["AZRebalance"]
|
|
115
|
+
},
|
|
116
|
+
physicalResourceId: custom_resources_1.PhysicalResourceId.of("suspendAutoScaling")
|
|
117
|
+
},
|
|
118
|
+
resourceType: "Custom::suspendAutoscaling"
|
|
119
|
+
});
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
exports.Ec2Instance = Ec2Instance;
|
|
123
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWMyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL3BhdHRlcm5zL2F3cy9lYzIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsaURBaUI2QjtBQUM3QiwyQ0FBdUM7QUFDdkMsNkNBQW1EO0FBQ25ELHlEQUFrRDtBQUVsRCxpRUFLcUM7QUFFckMsdUZBQW9GO0FBQ3BGLG1FQUFrRTtBQUNsRSw0REFBeUQ7QUE2QnpELE1BQWEsV0FBWSxTQUFRLHNCQUFTO0lBT3hDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBdUI7UUFDL0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25CLElBQUksS0FBSyxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3BCLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDekIsQ0FBQztRQUNELElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUM5QixJQUFJLENBQUMsbUJBQW1CLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7UUFFMUIsdUVBQXVFO0lBQ3pFLENBQUM7SUFHRCxNQUFNLENBQUMsS0FBdUI7UUFDNUIsSUFBSSxPQUFPLElBQUksS0FBSyxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ3pCLElBQUksQ0FBQyxHQUFHLEdBQUcsU0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsR0FBRyxLQUFLLENBQUMsV0FBVyxLQUFLLEVBQUU7Z0JBQ3pELEtBQUssRUFBRSxLQUFLLENBQUMsR0FBRyxDQUFDLEtBQUs7YUFDdkIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksU0FBRyxDQUFDLElBQUksRUFBRSxHQUFHLEtBQUssQ0FBQyxXQUFXLEtBQUssRUFBRTtnQkFDbEQsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO2dCQUMxQixJQUFJLEVBQUUsS0FBSyxDQUFDLElBQUk7Z0JBQ2hCLG1CQUFtQixFQUFFO29CQUNuQjt3QkFDRSxJQUFJLEVBQUUsR0FBRyxLQUFLLENBQUMsV0FBVyxFQUFFO3dCQUM1QixVQUFVLEVBQUUsS0FBSyxDQUFDLEdBQUcsQ0FBQyxVQUFVLElBQUksb0JBQVUsQ0FBQyxtQkFBbUI7cUJBQ25FO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztJQUNILENBQUM7SUFFRCxVQUFVLENBQUMsS0FBdUI7UUFDaEMsNkVBQTZFO1FBQzdFLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxpQkFBTyxDQUFDLElBQUksRUFBRSxTQUFTLEVBQUU7WUFDMUMsV0FBVyxFQUFFLEdBQUcsS0FBSyxDQUFDLFdBQVcsU0FBUztTQUMzQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsaUJBQWlCLENBQUMsS0FBdUI7UUFDdkMsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksdUJBQWEsQ0FBQyxJQUFJLEVBQUUsa0JBQWtCLEVBQUU7WUFDbEUsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ2IsV0FBVyxFQUFFLDBCQUEwQixLQUFLLENBQUMsV0FBVyxxQkFBcUI7U0FDOUUsQ0FBQyxDQUFDO1FBRUgsSUFBSSxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDcEIsSUFBSSxDQUFDLGdCQUFnQixDQUFDLGNBQWMsQ0FDbEMsY0FBSSxDQUFDLE9BQU8sRUFBRSxFQUNkLGNBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQ1osV0FBVyxDQUNaLENBQUM7UUFDSixDQUFDO1FBRUQsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLHdCQUFjLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQy9ELGtCQUFrQixFQUFFLEdBQUcsS0FBSyxDQUFDLFdBQVcsZ0JBQWdCO1lBQ3hELFlBQVksRUFBRSxJQUFJLHNCQUFZLENBQUMsR0FBRyxLQUFLLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDdkQsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZLElBQUksc0JBQVksQ0FBQyxrQkFBa0IsRUFBRTtZQUNyRSxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1lBQ2hCLFlBQVksRUFBRSxLQUFLLEVBQUUsWUFBWTtZQUNqQyxhQUFhLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtZQUNwQyxrQkFBa0IsRUFBRSxJQUFJO1lBQ3hCLGFBQWEsRUFBRSxJQUFJO1lBQ25CLHVCQUF1QixFQUFFLENBQUM7WUFDMUIsVUFBVSxFQUFFLGtDQUF3QixDQUFDLFFBQVE7WUFDN0Msb0JBQW9CLEVBQUUsSUFBSTtZQUMxQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87U0FDdEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELG1CQUFtQixDQUFDLEtBQXVCO1FBQ3pDLCtCQUErQjtRQUMvQix5RUFBeUU7UUFDekUsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksa0NBQWdCLENBQUMsSUFBSSxFQUFFLGtCQUFrQixFQUFFO1lBQ3JFLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNiLFVBQVUsRUFBRTtnQkFDVixVQUFVLEVBQUUsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsb0JBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLFNBQVM7YUFDNUQ7WUFDRCxXQUFXLEVBQUUsS0FBSyxDQUFDLFVBQVU7WUFDN0IsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO1lBQzlCLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztZQUNuQyxRQUFRLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQzlCLFlBQVksRUFBRSxDQUFDLDhCQUFZLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDbEMsWUFBWSxFQUFFLDhCQUFZLENBQUMsZUFBZSxFQUFFO1lBQzVDLGdDQUFnQyxFQUFFLElBQUk7WUFDdEMsd0NBQXdDO1lBQ3hDLG1CQUFtQixFQUFFO2dCQUNuQixtQ0FBaUIsQ0FBQywyQkFBMkI7Z0JBQzdDLG1DQUFpQixDQUFDLDZCQUE2QjthQUNoRDtZQUNELHFCQUFxQixFQUFFLElBQUk7U0FDNUIsQ0FBQyxDQUFDO1FBQ0gsSUFBQSxxQkFBVyxFQUFDLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDakQsQ0FBQztJQUVELGtCQUFrQjtRQUNoQixJQUFJLHFDQUFpQixDQUFDLElBQUksRUFBRSxvQkFBb0IsRUFBRTtZQUNoRCxZQUFZLEVBQUUsb0JBQW9CO1lBQ2xDLFFBQVEsRUFBRTtnQkFDUixPQUFPLEVBQUUsYUFBYTtnQkFDdEIsTUFBTSxFQUFFLGtCQUFrQjtnQkFDMUIsVUFBVSxFQUFFO29CQUNWLG9CQUFvQixFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxvQkFBb0I7b0JBQ2hFLGdCQUFnQixFQUFFLENBQUMsYUFBYSxDQUFDO2lCQUNsQztnQkFDRCxrQkFBa0IsRUFBRSxxQ0FBa0IsQ0FBQyxFQUFFLENBQUMsb0JBQW9CLENBQUM7YUFDaEU7WUFDRCxRQUFRLEVBQUU7Z0JBQ1IsT0FBTyxFQUFFLGFBQWE7Z0JBQ3RCLE1BQU0sRUFBRSxrQkFBa0I7Z0JBQzFCLFVBQVUsRUFBRTtvQkFDVixvQkFBb0IsRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsb0JBQW9CO29CQUNoRSxnQkFBZ0IsRUFBRSxDQUFDLGFBQWEsQ0FBQztpQkFDbEM7Z0JBQ0Qsa0JBQWtCLEVBQUUscUNBQWtCLENBQUMsRUFBRSxDQUFDLG9CQUFvQixDQUFDO2FBQ2hFO1lBQ0QsWUFBWSxFQUFFLDRCQUE0QjtTQUMzQyxDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUFoSUQsa0NBZ0lDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgQmxvY2tEZXZpY2UsXG4gIElNYWNoaW5lSW1hZ2UsXG4gIEluc3RhbmNlVHlwZSxcbiAgSVZwYyxcbiAgTGF1bmNoVGVtcGxhdGUsXG4gIFN1Ym5ldFR5cGUsXG4gIFVzZXJEYXRhLFxuICBNYWNoaW5lSW1hZ2UsXG4gIExhdW5jaFRlbXBsYXRlSHR0cFRva2VucyxcbiAgS2V5UGFpcixcbiAgSUtleVBhaXIsXG4gIFNlY3VyaXR5R3JvdXAsXG4gIFBlZXIsXG4gIFBvcnQsXG4gIElDb25uZWN0YWJsZSxcbiAgQ29ubmVjdGlvbnNcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1lYzJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBEdXJhdGlvbiwgU3RhY2tQcm9wcyB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHRhZ1Jlc291cmNlIGZyb20gXCIuLi8uLi91dGlscy90YWdSZXNvdXJjZVwiO1xuaW1wb3J0IHsgUm9sZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQge1xuICBBdXRvU2NhbGluZ0dyb3VwLFxuICBHcm91cE1ldHJpY3MsXG4gIFRlcm1pbmF0aW9uUG9saWN5LFxuICBVcGRhdGVQb2xpY3lcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1hdXRvc2NhbGluZ1wiO1xuaW1wb3J0IHsgS2V5VmFsdWUgfSBmcm9tIFwiLi4vLi4vdHlwZXNcIjtcbmltcG9ydCB7IEF3c0N1c3RvbVJlc291cmNlIH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvdXRpbGl0aWVzL2F3c0N1c3RvbVJlc291cmNlXCI7XG5pbXBvcnQgeyBQaHlzaWNhbFJlc291cmNlSWQgfSBmcm9tIFwiYXdzLWNkay1saWIvY3VzdG9tLXJlc291cmNlc1wiO1xuaW1wb3J0IHsgVnBjIH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlcy9hd3MvbmV0d29ya2luZy92cGNcIjtcblxuaW50ZXJmYWNlIEV4aXN0aW5nVnBjQ29uZmlnIHtcbiAgdnBjSWQ/OiBzdHJpbmc7XG4gIHN1Ym5ldFR5cGU/OiBTdWJuZXRUeXBlO1xufVxuXG5pbnRlcmZhY2UgTmV3VnBjQ29uZmlnIHtcbiAgc3VibmV0VHlwZTogU3VibmV0VHlwZTtcbn1cblxuZXhwb3J0IHR5cGUgVnBjUHJvcHMgPSBFeGlzdGluZ1ZwY0NvbmZpZyB8IE5ld1ZwY0NvbmZpZztcblxuaW50ZXJmYWNlIEVjMkluc3RhbmNlUHJvcHMgZXh0ZW5kcyBTdGFja1Byb3BzIHtcbiAgc3BvdENhcGFjaXR5UGVyY2VudGFnZT86IG51bWJlcjtcbiAgYmxvY2tEZXZpY2VzPzogQmxvY2tEZXZpY2VbXTtcbiAgYWNjb3VudElkPzogc3RyaW5nO1xuICBzZXJ2aWNlTmFtZTogc3RyaW5nO1xuICB2cGM6IFZwY1Byb3BzO1xuICBtaW5DYXBjaXR5PzogbnVtYmVyO1xuICBtYXhDYXBhY2l0eT86IG51bWJlcjtcbiAgaW5zdGFuY2VUeXBlOiBzdHJpbmc7XG4gIG1hY2hpbmVJbWFnZT86IElNYWNoaW5lSW1hZ2U7XG4gIHVzZXJEYXRhPzogVXNlckRhdGE7XG4gIHJvbGU/OiBSb2xlO1xuICBlbmFibGVTU0g/OiBib29sZWFuO1xuICB0YWdzOiBLZXlWYWx1ZTtcbn1cblxuZXhwb3J0IGNsYXNzIEVjMkluc3RhbmNlIGV4dGVuZHMgQ29uc3RydWN0IGltcGxlbWVudHMgSUNvbm5lY3RhYmxlIHtcbiAgcHJpdmF0ZSBsYXVuY2hUZW1wbGF0ZTogTGF1bmNoVGVtcGxhdGU7XG4gIHB1YmxpYyB2cGM6IElWcGM7XG4gIHB1YmxpYyBhc2dTZWN1cml0eUdyb3VwOiBTZWN1cml0eUdyb3VwO1xuICBwcml2YXRlIGF1dG9TY2FsaW5nR3JvdXA6IEF1dG9TY2FsaW5nR3JvdXA7XG4gIHByaXZhdGUga2V5UGFpcjogSUtleVBhaXI7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEVjMkluc3RhbmNlUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgdGhpcy5hZGRWcGMocHJvcHMpO1xuICAgIGlmIChwcm9wcy5lbmFibGVTU0gpIHtcbiAgICAgIHRoaXMuYWRkS2V5UGFpcihwcm9wcyk7XG4gICAgfVxuICAgIHRoaXMuYWRkTGF1bmNoVGVtcGxhdGUocHJvcHMpO1xuICAgIHRoaXMuYWRkQXV0b1NjYWxpbmdHcm91cChwcm9wcyk7XG4gICAgdGhpcy5zdXNwZW5kQXV0b1NjYWxpbmcoKTtcblxuICAgIC8vVE9ETzogQWRkIGxvYWQgYmFsYW5jZXIgYXMgYm9vbGVhbiBwcm9wLCB0aGVuIGNvbmZpZ3VyZSBsb2FkIGJhbGFuY2VyXG4gIH1cbiAgY29ubmVjdGlvbnM6IENvbm5lY3Rpb25zO1xuXG4gIGFkZFZwYyhwcm9wczogRWMySW5zdGFuY2VQcm9wcykge1xuICAgIGlmIChcInZwY0lkXCIgaW4gcHJvcHMudnBjKSB7XG4gICAgICB0aGlzLnZwYyA9IFZwYy5mcm9tTG9va3VwKHRoaXMsIGAke3Byb3BzLnNlcnZpY2VOYW1lfVZwY2AsIHtcbiAgICAgICAgdnBjSWQ6IHByb3BzLnZwYy52cGNJZFxuICAgICAgfSk7XG4gICAgfSBlbHNlIHtcbiAgICAgIHRoaXMudnBjID0gbmV3IFZwYyh0aGlzLCBgJHtwcm9wcy5zZXJ2aWNlTmFtZX1WcGNgLCB7XG4gICAgICAgIGFjY291bnRJZDogcHJvcHMuYWNjb3VudElkLFxuICAgICAgICB0YWdzOiBwcm9wcy50YWdzLFxuICAgICAgICBzdWJuZXRDb25maWd1cmF0aW9uOiBbXG4gICAgICAgICAge1xuICAgICAgICAgICAgbmFtZTogYCR7cHJvcHMuc2VydmljZU5hbWV9YCxcbiAgICAgICAgICAgIHN1Ym5ldFR5cGU6IHByb3BzLnZwYy5zdWJuZXRUeXBlIHx8IFN1Ym5ldFR5cGUuUFJJVkFURV9XSVRIX0VHUkVTU1xuICAgICAgICAgIH1cbiAgICAgICAgXVxuICAgICAgfSk7XG4gICAgfVxuICB9XG5cbiAgYWRkS2V5UGFpcihwcm9wczogRWMySW5zdGFuY2VQcm9wcykge1xuICAgIC8vIFRPRE86IEJyZWFrb3V0IGludG8gYSBzZXBlcmF0ZSBjb25zdHJ1Y3QgZm9yIHVzZSB3aXRoIGJldHRlciBwcm9wIGhhbmRsaW5nXG4gICAgdGhpcy5rZXlQYWlyID0gbmV3IEtleVBhaXIodGhpcywgXCJLZXlQYWlyXCIsIHtcbiAgICAgIGtleVBhaXJOYW1lOiBgJHtwcm9wcy5zZXJ2aWNlTmFtZX1LZXlQYWlyYFxuICAgIH0pO1xuICB9XG5cbiAgYWRkTGF1bmNoVGVtcGxhdGUocHJvcHM6IEVjMkluc3RhbmNlUHJvcHMpIHtcbiAgICB0aGlzLmFzZ1NlY3VyaXR5R3JvdXAgPSBuZXcgU2VjdXJpdHlHcm91cCh0aGlzLCBgQXNnU2VjdXJpdHlHcm91cGAsIHtcbiAgICAgIHZwYzogdGhpcy52cGMsXG4gICAgICBkZXNjcmlwdGlvbjogYFNlY3VyaXR5IGdyb3VwIGZvciB0aGUgJHtwcm9wcy5zZXJ2aWNlTmFtZX0gYXV0byBzY2FsaW5nIGdyb3VwYFxuICAgIH0pO1xuXG4gICAgaWYgKHByb3BzLmVuYWJsZVNTSCkge1xuICAgICAgdGhpcy5hc2dTZWN1cml0eUdyb3VwLmFkZEluZ3Jlc3NSdWxlKFxuICAgICAgICBQZWVyLmFueUlwdjQoKSxcbiAgICAgICAgUG9ydC50Y3AoMjIpLFxuICAgICAgICBcIkFsbG93IFNTSFwiXG4gICAgICApO1xuICAgIH1cblxuICAgIHRoaXMubGF1bmNoVGVtcGxhdGUgPSBuZXcgTGF1bmNoVGVtcGxhdGUodGhpcywgXCJMYXVuY2hUZW1wbGF0ZVwiLCB7XG4gICAgICBsYXVuY2hUZW1wbGF0ZU5hbWU6IGAke3Byb3BzLnNlcnZpY2VOYW1lfUxhdW5jaFRlbXBsYXRlYCxcbiAgICAgIGluc3RhbmNlVHlwZTogbmV3IEluc3RhbmNlVHlwZShgJHtwcm9wcy5pbnN0YW5jZVR5cGV9YCksXG4gICAgICBtYWNoaW5lSW1hZ2U6IHByb3BzLm1hY2hpbmVJbWFnZSB8fCBNYWNoaW5lSW1hZ2UubGF0ZXN0QW1hem9uTGludXgyKCksXG4gICAgICB1c2VyRGF0YTogcHJvcHMudXNlckRhdGEsXG4gICAgICByb2xlOiBwcm9wcy5yb2xlLFxuICAgICAgYmxvY2tEZXZpY2VzOiBwcm9wcz8uYmxvY2tEZXZpY2VzLFxuICAgICAgc2VjdXJpdHlHcm91cDogdGhpcy5hc2dTZWN1cml0eUdyb3VwLFxuICAgICAgZGV0YWlsZWRNb25pdG9yaW5nOiB0cnVlLFxuICAgICAgcmVxdWlyZUltZHN2MjogdHJ1ZSxcbiAgICAgIGh0dHBQdXRSZXNwb25zZUhvcExpbWl0OiAyLFxuICAgICAgaHR0cFRva2VuczogTGF1bmNoVGVtcGxhdGVIdHRwVG9rZW5zLlJFUVVJUkVELFxuICAgICAgaW5zdGFuY2VNZXRhZGF0YVRhZ3M6IHRydWUsXG4gICAgICBrZXlQYWlyOiB0aGlzLmtleVBhaXJcbiAgICB9KTtcbiAgfVxuXG4gIGFkZEF1dG9TY2FsaW5nR3JvdXAocHJvcHM6IEVjMkluc3RhbmNlUHJvcHMpIHtcbiAgICAvLyBUT0RPOiBTdXBwb3J0IHNwb3QgaW5zdGFuY2VzXG4gICAgLy8gVE9ETzogSGFuZGxlIHRlcm1pbmF0aW5nIEVDMiBpbnN0YW5jZXMgd2hlbiB1cGRhdGluZywgY3VycmVudGx5IGhhbmdzLlxuICAgIHRoaXMuYXV0b1NjYWxpbmdHcm91cCA9IG5ldyBBdXRvU2NhbGluZ0dyb3VwKHRoaXMsIFwiQXV0b1NjYWxpbmdHcm91cFwiLCB7XG4gICAgICB2cGM6IHRoaXMudnBjLFxuICAgICAgdnBjU3VibmV0czoge1xuICAgICAgICBzdWJuZXRUeXBlOiBwcm9wcy5lbmFibGVTU0ggPyBTdWJuZXRUeXBlLlBVQkxJQyA6IHVuZGVmaW5lZFxuICAgICAgfSxcbiAgICAgIG1pbkNhcGFjaXR5OiBwcm9wcy5taW5DYXBjaXR5LFxuICAgICAgbWF4Q2FwYWNpdHk6IHByb3BzLm1heENhcGFjaXR5LFxuICAgICAgbGF1bmNoVGVtcGxhdGU6IHRoaXMubGF1bmNoVGVtcGxhdGUsXG4gICAgICBjb29sZG93bjogRHVyYXRpb24uc2Vjb25kcyg2MCksXG4gICAgICBncm91cE1ldHJpY3M6IFtHcm91cE1ldHJpY3MuYWxsKCldLFxuICAgICAgdXBkYXRlUG9saWN5OiBVcGRhdGVQb2xpY3kucmVwbGFjaW5nVXBkYXRlKCksXG4gICAgICBuZXdJbnN0YW5jZXNQcm90ZWN0ZWRGcm9tU2NhbGVJbjogdHJ1ZSxcbiAgICAgIC8vIHNlY3VyaXR5R3JvdXA6IHRoaXMuYXNnU2VjdXJpdHlHcm91cCxcbiAgICAgIHRlcm1pbmF0aW9uUG9saWNpZXM6IFtcbiAgICAgICAgVGVybWluYXRpb25Qb2xpY3kuT0xERVNUX0xBVU5DSF9DT05GSUdVUkFUSU9OLFxuICAgICAgICBUZXJtaW5hdGlvblBvbGljeS5DTE9TRVNUX1RPX05FWFRfSU5TVEFOQ0VfSE9VUlxuICAgICAgXSxcbiAgICAgIHNzbVNlc3Npb25QZXJtaXNzaW9uczogdHJ1ZVxuICAgIH0pO1xuICAgIHRhZ1Jlc291cmNlKHRoaXMuYXV0b1NjYWxpbmdHcm91cCwgcHJvcHMudGFncyk7XG4gIH1cblxuICBzdXNwZW5kQXV0b1NjYWxpbmcoKSB7XG4gICAgbmV3IEF3c0N1c3RvbVJlc291cmNlKHRoaXMsIFwiU3VzcGVuZEF1dG9zY2FsaW5nXCIsIHtcbiAgICAgIGZ1bmN0aW9uTmFtZTogXCJzdXNwZW5kQXV0b1NjYWxpbmdcIixcbiAgICAgIG9uQ3JlYXRlOiB7XG4gICAgICAgIHNlcnZpY2U6IFwiQXV0b1NjYWxpbmdcIixcbiAgICAgICAgYWN0aW9uOiBcInN1c3BlbmRQcm9jZXNzZXNcIixcbiAgICAgICAgcGFyYW1ldGVyczoge1xuICAgICAgICAgIEF1dG9TY2FsaW5nR3JvdXBOYW1lOiB0aGlzLmF1dG9TY2FsaW5nR3JvdXAuYXV0b1NjYWxpbmdHcm91cE5hbWUsXG4gICAgICAgICAgU2NhbGluZ1Byb2Nlc3NlczogW1wiQVpSZWJhbGFuY2VcIl1cbiAgICAgICAgfSxcbiAgICAgICAgcGh5c2ljYWxSZXNvdXJjZUlkOiBQaHlzaWNhbFJlc291cmNlSWQub2YoXCJzdXNwZW5kQXV0b1NjYWxpbmdcIilcbiAgICAgIH0sXG4gICAgICBvblVwZGF0ZToge1xuICAgICAgICBzZXJ2aWNlOiBcIkF1dG9TY2FsaW5nXCIsXG4gICAgICAgIGFjdGlvbjogXCJzdXNwZW5kUHJvY2Vzc2VzXCIsXG4gICAgICAgIHBhcmFtZXRlcnM6IHtcbiAgICAgICAgICBBdXRvU2NhbGluZ0dyb3VwTmFtZTogdGhpcy5hdXRvU2NhbGluZ0dyb3VwLmF1dG9TY2FsaW5nR3JvdXBOYW1lLFxuICAgICAgICAgIFNjYWxpbmdQcm9jZXNzZXM6IFtcIkFaUmViYWxhbmNlXCJdXG4gICAgICAgIH0sXG4gICAgICAgIHBoeXNpY2FsUmVzb3VyY2VJZDogUGh5c2ljYWxSZXNvdXJjZUlkLm9mKFwic3VzcGVuZEF1dG9TY2FsaW5nXCIpXG4gICAgICB9LFxuICAgICAgcmVzb3VyY2VUeXBlOiBcIkN1c3RvbTo6c3VzcGVuZEF1dG9zY2FsaW5nXCJcbiAgICB9KTtcbiAgfVxufVxuIl19
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fjall/components-infrastructure",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.15.0",
|
|
4
4
|
"bin": {
|
|
5
5
|
"infrastructure": "bin/infrastructure.js"
|
|
6
6
|
},
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
"dependencies": {
|
|
36
36
|
"@aws-sdk/client-cost-explorer": "^3.717.0",
|
|
37
37
|
"@aws-sdk/client-organizations": "^3.716.0",
|
|
38
|
-
"@fjall/util": "^0.
|
|
38
|
+
"@fjall/util": "^0.15.0",
|
|
39
39
|
"@pepperize/cdk-organizations": "^0.7.135",
|
|
40
40
|
"aws-cdk": "^2.146.0",
|
|
41
41
|
"aws-cdk-lib": "^2.146.0",
|
|
@@ -48,5 +48,5 @@
|
|
|
48
48
|
"overrides": {
|
|
49
49
|
"@smithy/core": "2.5.5"
|
|
50
50
|
},
|
|
51
|
-
"gitHead": "
|
|
51
|
+
"gitHead": "8758e15f758212d9a52e31efdcf143295ec93c16"
|
|
52
52
|
}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface BootstrapAccountsProps {
|
|
4
|
-
regions: string[];
|
|
5
|
-
templateBucket: S3Bucket;
|
|
6
|
-
organisationId: string;
|
|
7
|
-
organizationalUnitIds: string[];
|
|
8
|
-
}
|
|
9
|
-
export declare class BootstrapAccounts extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsProps);
|
|
11
|
-
}
|
|
12
|
-
export {};
|
|
@@ -1,72 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BootstrapAccounts = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const path = require("path");
|
|
7
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
8
|
-
const child_process_1 = require("child_process");
|
|
9
|
-
const fs = require("fs");
|
|
10
|
-
const os = require("os");
|
|
11
|
-
class BootstrapAccounts extends constructs_1.Construct {
|
|
12
|
-
constructor(scope, id, props) {
|
|
13
|
-
super(scope, id);
|
|
14
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
15
|
-
let tmpDir;
|
|
16
|
-
try {
|
|
17
|
-
// Generate the CDK bootstrap template
|
|
18
|
-
const templateContent = (0, child_process_1.execSync)(`cdk bootstrap --show-template`, {
|
|
19
|
-
encoding: "utf8"
|
|
20
|
-
});
|
|
21
|
-
// Create a temporary file to hold the template
|
|
22
|
-
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "cdk-bootstrap-"));
|
|
23
|
-
const templatePath = path.join(tmpDir, "cdk-bootstrap.template.yml");
|
|
24
|
-
fs.writeFileSync(templatePath, templateContent);
|
|
25
|
-
// Deploy the template to the S3 bucket
|
|
26
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployBootstrapTemplate", {
|
|
27
|
-
sources: [aws_s3_deployment_1.Source.asset(tmpDir)],
|
|
28
|
-
destinationBucket: props.templateBucket,
|
|
29
|
-
destinationKeyPrefix: "bootstrap",
|
|
30
|
-
retainOnDelete: false
|
|
31
|
-
});
|
|
32
|
-
}
|
|
33
|
-
catch (error) {
|
|
34
|
-
throw new Error(`Failed to generate CDK bootstrap template: ${error}`);
|
|
35
|
-
}
|
|
36
|
-
finally {
|
|
37
|
-
// Clean up temporary directory
|
|
38
|
-
if (tmpDir && fs.existsSync(tmpDir)) {
|
|
39
|
-
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
// Use region-agnostic S3 URL format
|
|
43
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
44
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
45
|
-
permissionModel: "SERVICE_MANAGED",
|
|
46
|
-
stackSetName: `CDKBootstrap-${stack.stackName}-${Date.now()}`,
|
|
47
|
-
description: "CDK Bootstrap StackSet for organization accounts",
|
|
48
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
49
|
-
templateUrl: templateURL,
|
|
50
|
-
autoDeployment: {
|
|
51
|
-
enabled: true,
|
|
52
|
-
retainStacksOnAccountRemoval: false
|
|
53
|
-
},
|
|
54
|
-
callAs: "SELF",
|
|
55
|
-
operationPreferences: {
|
|
56
|
-
regionConcurrencyType: "PARALLEL",
|
|
57
|
-
maxConcurrentPercentage: 100,
|
|
58
|
-
failureTolerancePercentage: 10
|
|
59
|
-
},
|
|
60
|
-
stackInstancesGroup: [
|
|
61
|
-
{
|
|
62
|
-
deploymentTargets: {
|
|
63
|
-
organizationalUnitIds: props.organizationalUnitIds
|
|
64
|
-
},
|
|
65
|
-
regions: props.regions
|
|
66
|
-
}
|
|
67
|
-
]
|
|
68
|
-
});
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
exports.BootstrapAccounts = BootstrapAccounts;
|
|
72
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL2NvbmZpZy9hd3MvYm9vdHN0cmFwLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUFpRDtBQUNqRCwyQ0FBdUM7QUFDdkMsNkJBQThCO0FBRTlCLHFFQUF5RTtBQUN6RSxpREFBeUM7QUFDekMseUJBQXlCO0FBQ3pCLHlCQUF5QjtBQVN6QixNQUFhLGlCQUFrQixTQUFRLHNCQUFTO0lBQzlDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNkI7UUFDckUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM3QixJQUFJLE1BQTBCLENBQUM7UUFFL0IsSUFBSSxDQUFDO1lBQ0gsc0NBQXNDO1lBQ3RDLE1BQU0sZUFBZSxHQUFHLElBQUEsd0JBQVEsRUFBQywrQkFBK0IsRUFBRTtnQkFDaEUsUUFBUSxFQUFFLE1BQU07YUFDakIsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLE1BQU0sR0FBRyxFQUFFLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sRUFBRSxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQztZQUNsRSxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsQ0FBQyxDQUFDO1lBQ3JFLEVBQUUsQ0FBQyxhQUFhLENBQUMsWUFBWSxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBRWhELHVDQUF1QztZQUN2QyxJQUFJLG9DQUFnQixDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtnQkFDcEQsT0FBTyxFQUFFLENBQUMsMEJBQU0sQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQy9CLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxjQUFjO2dCQUN2QyxvQkFBb0IsRUFBRSxXQUFXO2dCQUNqQyxjQUFjLEVBQUUsS0FBSzthQUN0QixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsOENBQThDLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDekUsQ0FBQztnQkFBUyxDQUFDO1lBQ1QsK0JBQStCO1lBQy9CLElBQUksTUFBTSxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDcEMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3RELENBQUM7UUFDSCxDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLE1BQU0sV0FBVyxHQUFHLFdBQVcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxVQUFVLHdEQUF3RCxDQUFDO1FBRXZILElBQUkseUJBQVcsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ2hDLGVBQWUsRUFBRSxpQkFBaUI7WUFDbEMsWUFBWSxFQUFFLGdCQUFnQixLQUFLLENBQUMsU0FBUyxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUM3RCxXQUFXLEVBQUUsa0RBQWtEO1lBQy9ELFlBQVksRUFBRSxDQUFDLHNCQUFzQixDQUFDO1lBQ3RDLFdBQVcsRUFBRSxXQUFXO1lBQ3hCLGNBQWMsRUFBRTtnQkFDZCxPQUFPLEVBQUUsSUFBSTtnQkFDYiw0QkFBNEIsRUFBRSxLQUFLO2FBQ3BDO1lBQ0QsTUFBTSxFQUFFLE1BQU07WUFDZCxvQkFBb0IsRUFBRTtnQkFDcEIscUJBQXFCLEVBQUUsVUFBVTtnQkFDakMsdUJBQXVCLEVBQUUsR0FBRztnQkFDNUIsMEJBQTBCLEVBQUUsRUFBRTthQUMvQjtZQUNELG1CQUFtQixFQUFFO2dCQUNuQjtvQkFDRSxpQkFBaUIsRUFBRTt3QkFDakIscUJBQXFCLEVBQUUsS0FBSyxDQUFDLHFCQUFxQjtxQkFDbkQ7b0JBQ0QsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO2lCQUN2QjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBL0RELDhDQStEQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFN0YWNrLCBDZm5TdGFja1NldCB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCBwYXRoID0gcmVxdWlyZShcInBhdGhcIik7XG5pbXBvcnQgeyBTM0J1Y2tldCB9IGZyb20gXCIuLi8uLi9yZXNvdXJjZXNcIjtcbmltcG9ydCB7IEJ1Y2tldERlcGxveW1lbnQsIFNvdXJjZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczMtZGVwbG95bWVudFwiO1xuaW1wb3J0IHsgZXhlY1N5bmMgfSBmcm9tIFwiY2hpbGRfcHJvY2Vzc1wiO1xuaW1wb3J0ICogYXMgZnMgZnJvbSBcImZzXCI7XG5pbXBvcnQgKiBhcyBvcyBmcm9tIFwib3NcIjtcblxuaW50ZXJmYWNlIEJvb3RzdHJhcEFjY291bnRzUHJvcHMge1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xuICBvcmdhbml6YXRpb25hbFVuaXRJZHM6IHN0cmluZ1tdO1xufVxuXG5leHBvcnQgY2xhc3MgQm9vdHN0cmFwQWNjb3VudHMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQm9vdHN0cmFwQWNjb3VudHNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHRoaXMpO1xuICAgIGxldCB0bXBEaXI6IHN0cmluZyB8IHVuZGVmaW5lZDtcblxuICAgIHRyeSB7XG4gICAgICAvLyBHZW5lcmF0ZSB0aGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZVxuICAgICAgY29uc3QgdGVtcGxhdGVDb250ZW50ID0gZXhlY1N5bmMoYGNkayBib290c3RyYXAgLS1zaG93LXRlbXBsYXRlYCwge1xuICAgICAgICBlbmNvZGluZzogXCJ1dGY4XCJcbiAgICAgIH0pO1xuXG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgZmlsZSB0byBob2xkIHRoZSB0ZW1wbGF0ZVxuICAgICAgdG1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCBcImNkay1ib290c3RyYXAtXCIpKTtcbiAgICAgIGNvbnN0IHRlbXBsYXRlUGF0aCA9IHBhdGguam9pbih0bXBEaXIsIFwiY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxcIik7XG4gICAgICBmcy53cml0ZUZpbGVTeW5jKHRlbXBsYXRlUGF0aCwgdGVtcGxhdGVDb250ZW50KTtcblxuICAgICAgLy8gRGVwbG95IHRoZSB0ZW1wbGF0ZSB0byB0aGUgUzMgYnVja2V0XG4gICAgICBuZXcgQnVja2V0RGVwbG95bWVudCh0aGlzLCBcIkRlcGxveUJvb3RzdHJhcFRlbXBsYXRlXCIsIHtcbiAgICAgICAgc291cmNlczogW1NvdXJjZS5hc3NldCh0bXBEaXIpXSxcbiAgICAgICAgZGVzdGluYXRpb25CdWNrZXQ6IHByb3BzLnRlbXBsYXRlQnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJib290c3RyYXBcIixcbiAgICAgICAgcmV0YWluT25EZWxldGU6IGZhbHNlXG4gICAgICB9KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZ2VuZXJhdGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZTogJHtlcnJvcn1gKTtcbiAgICB9IGZpbmFsbHkge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcG9yYXJ5IGRpcmVjdG9yeVxuICAgICAgaWYgKHRtcERpciAmJiBmcy5leGlzdHNTeW5jKHRtcERpcikpIHtcbiAgICAgICAgZnMucm1TeW5jKHRtcERpciwgeyByZWN1cnNpdmU6IHRydWUsIGZvcmNlOiB0cnVlIH0pO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIFVzZSByZWdpb24tYWdub3N0aWMgUzMgVVJMIGZvcm1hdFxuICAgIGNvbnN0IHRlbXBsYXRlVVJMID0gYGh0dHBzOi8vJHtwcm9wcy50ZW1wbGF0ZUJ1Y2tldC5idWNrZXROYW1lfS5zMy5hbWF6b25hd3MuY29tL2Jvb3RzdHJhcC9jZGstYm9vdHN0cmFwLnRlbXBsYXRlLnltbGA7XG5cbiAgICBuZXcgQ2ZuU3RhY2tTZXQodGhpcywgXCJTdGFja1NldFwiLCB7XG4gICAgICBwZXJtaXNzaW9uTW9kZWw6IFwiU0VSVklDRV9NQU5BR0VEXCIsXG4gICAgICBzdGFja1NldE5hbWU6IGBDREtCb290c3RyYXAtJHtzdGFjay5zdGFja05hbWV9LSR7RGF0ZS5ub3coKX1gLFxuICAgICAgZGVzY3JpcHRpb246IFwiQ0RLIEJvb3RzdHJhcCBTdGFja1NldCBmb3Igb3JnYW5pemF0aW9uIGFjY291bnRzXCIsXG4gICAgICBjYXBhYmlsaXRpZXM6IFtcIkNBUEFCSUxJVFlfTkFNRURfSUFNXCJdLFxuICAgICAgdGVtcGxhdGVVcmw6IHRlbXBsYXRlVVJMLFxuICAgICAgYXV0b0RlcGxveW1lbnQ6IHtcbiAgICAgICAgZW5hYmxlZDogdHJ1ZSxcbiAgICAgICAgcmV0YWluU3RhY2tzT25BY2NvdW50UmVtb3ZhbDogZmFsc2VcbiAgICAgIH0sXG4gICAgICBjYWxsQXM6IFwiU0VMRlwiLFxuICAgICAgb3BlcmF0aW9uUHJlZmVyZW5jZXM6IHtcbiAgICAgICAgcmVnaW9uQ29uY3VycmVuY3lUeXBlOiBcIlBBUkFMTEVMXCIsXG4gICAgICAgIG1heENvbmN1cnJlbnRQZXJjZW50YWdlOiAxMDAsXG4gICAgICAgIGZhaWx1cmVUb2xlcmFuY2VQZXJjZW50YWdlOiAxMFxuICAgICAgfSxcbiAgICAgIHN0YWNrSW5zdGFuY2VzR3JvdXA6IFtcbiAgICAgICAge1xuICAgICAgICAgIGRlcGxveW1lbnRUYXJnZXRzOiB7XG4gICAgICAgICAgICBvcmdhbml6YXRpb25hbFVuaXRJZHM6IHByb3BzLm9yZ2FuaXphdGlvbmFsVW5pdElkc1xuICAgICAgICAgIH0sXG4gICAgICAgICAgcmVnaW9uczogcHJvcHMucmVnaW9uc1xuICAgICAgICB9XG4gICAgICBdXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { Stack, StackProps } from "aws-cdk-lib";
|
|
2
|
-
import { Construct } from "constructs";
|
|
3
|
-
import { S3Bucket } from "../../resources";
|
|
4
|
-
interface BootstrapAccountsStackProps extends StackProps {
|
|
5
|
-
orgAccounts: string[];
|
|
6
|
-
regions: string[];
|
|
7
|
-
templateBucket: S3Bucket;
|
|
8
|
-
organisationId: string;
|
|
9
|
-
}
|
|
10
|
-
export declare class BootstrapAccounts extends Stack {
|
|
11
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsStackProps);
|
|
12
|
-
}
|
|
13
|
-
export {};
|
|
@@ -1,94 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BootstrapAccounts = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const cdk_stacksets_1 = require("cdk-stacksets");
|
|
6
|
-
const path = require("path");
|
|
7
|
-
const resources_1 = require("../../resources");
|
|
8
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
9
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
10
|
-
const child_process_1 = require("child_process");
|
|
11
|
-
const fs = require("fs");
|
|
12
|
-
const os = require("os");
|
|
13
|
-
class BootstrapAccounts extends aws_cdk_lib_1.Stack {
|
|
14
|
-
constructor(scope, id, props) {
|
|
15
|
-
super(scope, id, props);
|
|
16
|
-
let tmpDir;
|
|
17
|
-
try {
|
|
18
|
-
// Generate the CDK bootstrap template
|
|
19
|
-
const templateContent = (0, child_process_1.execSync)(`cdk bootstrap --show-template`, {
|
|
20
|
-
encoding: "utf8"
|
|
21
|
-
});
|
|
22
|
-
// Create a temporary file to hold the template
|
|
23
|
-
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "cdk-bootstrap-"));
|
|
24
|
-
const templatePath = path.join(tmpDir, "cdk-bootstrap.template.yml");
|
|
25
|
-
fs.writeFileSync(templatePath, templateContent);
|
|
26
|
-
// Deploy the template to the S3 bucket
|
|
27
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployBootstrapTemplate", {
|
|
28
|
-
sources: [aws_s3_deployment_1.Source.asset(tmpDir)],
|
|
29
|
-
destinationBucket: props.templateBucket,
|
|
30
|
-
destinationKeyPrefix: "bootstrap",
|
|
31
|
-
retainOnDelete: false
|
|
32
|
-
});
|
|
33
|
-
}
|
|
34
|
-
catch (error) {
|
|
35
|
-
throw new Error(`Failed to generate CDK bootstrap template: ${error}`);
|
|
36
|
-
}
|
|
37
|
-
finally {
|
|
38
|
-
// Clean up temporary directory
|
|
39
|
-
if (tmpDir && fs.existsSync(tmpDir)) {
|
|
40
|
-
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
// Deploy a bucket for each region to store StackSet assets
|
|
44
|
-
const bucketPrefix = "fjall-managed-organisation-bootstrap";
|
|
45
|
-
const assetBuckets = [];
|
|
46
|
-
for (const region of props.regions) {
|
|
47
|
-
const s3bucket = new resources_1.S3Bucket(this, `AssetBucket${region}`, {
|
|
48
|
-
bucketName: `${bucketPrefix}-${region}-${this.account}`
|
|
49
|
-
});
|
|
50
|
-
// Grant read access to the entire organisation
|
|
51
|
-
s3bucket.addToResourcePolicy(new aws_iam_1.PolicyStatement({
|
|
52
|
-
actions: ["s3:Get*", "s3:List*"],
|
|
53
|
-
resources: [s3bucket.arnForObjects("*"), s3bucket.bucketArn],
|
|
54
|
-
principals: [new aws_iam_1.OrganizationPrincipal(props.organisationId)]
|
|
55
|
-
}));
|
|
56
|
-
assetBuckets.push(s3bucket);
|
|
57
|
-
}
|
|
58
|
-
// Use region-agnostic S3 URL format
|
|
59
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
60
|
-
const stackSetStack = new BootstrapAccountsStackSet(this, "BootStrapAccountsStackSet", {
|
|
61
|
-
assetBuckets: assetBuckets,
|
|
62
|
-
assetBucketPrefix: bucketPrefix,
|
|
63
|
-
templateURL: templateURL
|
|
64
|
-
});
|
|
65
|
-
new cdk_stacksets_1.StackSet(this, "StackSet", {
|
|
66
|
-
template: cdk_stacksets_1.StackSetTemplate.fromStackSetStack(stackSetStack),
|
|
67
|
-
capabilities: [cdk_stacksets_1.Capability.NAMED_IAM],
|
|
68
|
-
deploymentType: cdk_stacksets_1.DeploymentType.serviceManaged({
|
|
69
|
-
delegatedAdmin: true,
|
|
70
|
-
autoDeployEnabled: true,
|
|
71
|
-
autoDeployRetainStacks: false
|
|
72
|
-
}),
|
|
73
|
-
target: cdk_stacksets_1.StackSetTarget.fromAccounts({
|
|
74
|
-
regions: props.regions,
|
|
75
|
-
accounts: props.orgAccounts
|
|
76
|
-
}),
|
|
77
|
-
operationPreferences: {
|
|
78
|
-
regionConcurrencyType: cdk_stacksets_1.RegionConcurrencyType.PARALLEL,
|
|
79
|
-
maxConcurrentPercentage: 100,
|
|
80
|
-
failureTolerancePercentage: 10
|
|
81
|
-
}
|
|
82
|
-
});
|
|
83
|
-
}
|
|
84
|
-
}
|
|
85
|
-
exports.BootstrapAccounts = BootstrapAccounts;
|
|
86
|
-
class BootstrapAccountsStackSet extends cdk_stacksets_1.StackSetStack {
|
|
87
|
-
constructor(scope, id, props) {
|
|
88
|
-
super(scope, id, props);
|
|
89
|
-
new aws_cdk_lib_1.CfnStack(this, "bootstrapTemplate", {
|
|
90
|
-
templateUrl: props.templateURL
|
|
91
|
-
});
|
|
92
|
-
}
|
|
93
|
-
}
|
|
94
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwLm9yaWdpbmFsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL2NvbmZpZy9hd3MvYm9vdHN0cmFwLm9yaWdpbmFsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDZDQUEwRDtBQUUxRCxpREFTdUI7QUFDdkIsNkJBQThCO0FBQzlCLCtDQUEyQztBQUMzQyxpREFBNkU7QUFDN0UscUVBQXlFO0FBQ3pFLGlEQUF5QztBQUN6Qyx5QkFBeUI7QUFDekIseUJBQXlCO0FBU3pCLE1BQWEsaUJBQWtCLFNBQVEsbUJBQUs7SUFDMUMsWUFDRSxLQUFnQixFQUNoQixFQUFVLEVBQ1YsS0FBa0M7UUFFbEMsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsSUFBSSxNQUEwQixDQUFDO1FBRS9CLElBQUksQ0FBQztZQUNILHNDQUFzQztZQUN0QyxNQUFNLGVBQWUsR0FBRyxJQUFBLHdCQUFRLEVBQUMsK0JBQStCLEVBQUU7Z0JBQ2hFLFFBQVEsRUFBRSxNQUFNO2FBQ2pCLENBQUMsQ0FBQztZQUVILCtDQUErQztZQUMvQyxNQUFNLEdBQUcsRUFBRSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7WUFDbEUsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztZQUNyRSxFQUFFLENBQUMsYUFBYSxDQUFDLFlBQVksRUFBRSxlQUFlLENBQUMsQ0FBQztZQUVoRCx1Q0FBdUM7WUFDdkMsSUFBSSxvQ0FBZ0IsQ0FBQyxJQUFJLEVBQUUseUJBQXlCLEVBQUU7Z0JBQ3BELE9BQU8sRUFBRSxDQUFDLDBCQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUMvQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsY0FBYztnQkFDdkMsb0JBQW9CLEVBQUUsV0FBVztnQkFDakMsY0FBYyxFQUFFLEtBQUs7YUFDdEIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixNQUFNLElBQUksS0FBSyxDQUFDLDhDQUE4QyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ3pFLENBQUM7Z0JBQVMsQ0FBQztZQUNULCtCQUErQjtZQUMvQixJQUFJLE1BQU0sSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7Z0JBQ3BDLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUN0RCxDQUFDO1FBQ0gsQ0FBQztRQUVELDJEQUEyRDtRQUMzRCxNQUFNLFlBQVksR0FBRyxzQ0FBc0MsQ0FBQztRQUM1RCxNQUFNLFlBQVksR0FBZSxFQUFFLENBQUM7UUFFcEMsS0FBSyxNQUFNLE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDbkMsTUFBTSxRQUFRLEdBQUcsSUFBSSxvQkFBUSxDQUFDLElBQUksRUFBRSxjQUFjLE1BQU0sRUFBRSxFQUFFO2dCQUMxRCxVQUFVLEVBQUUsR0FBRyxZQUFZLElBQUksTUFBTSxJQUFJLElBQUksQ0FBQyxPQUFPLEVBQUU7YUFDeEQsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLFFBQVEsQ0FBQyxtQkFBbUIsQ0FDMUIsSUFBSSx5QkFBZSxDQUFDO2dCQUNsQixPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDO2dCQUNoQyxTQUFTLEVBQUUsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxFQUFFLFFBQVEsQ0FBQyxTQUFTLENBQUM7Z0JBQzVELFVBQVUsRUFBRSxDQUFDLElBQUksK0JBQXFCLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFDO2FBQzlELENBQUMsQ0FDSCxDQUFDO1lBRUYsWUFBWSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM5QixDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLE1BQU0sV0FBVyxHQUFHLFdBQVcsS0FBSyxDQUFDLGNBQWMsQ0FBQyxVQUFVLHdEQUF3RCxDQUFDO1FBRXZILE1BQU0sYUFBYSxHQUFHLElBQUkseUJBQXlCLENBQ2pELElBQUksRUFDSiwyQkFBMkIsRUFDM0I7WUFDRSxZQUFZLEVBQUUsWUFBWTtZQUMxQixpQkFBaUIsRUFBRSxZQUFZO1lBQy9CLFdBQVcsRUFBRSxXQUFXO1NBQ3pCLENBQ0YsQ0FBQztRQUVGLElBQUksd0JBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQzdCLFFBQVEsRUFBRSxnQ0FBZ0IsQ0FBQyxpQkFBaUIsQ0FBQyxhQUFhLENBQUM7WUFDM0QsWUFBWSxFQUFFLENBQUMsMEJBQVUsQ0FBQyxTQUFTLENBQUM7WUFDcEMsY0FBYyxFQUFFLDhCQUFjLENBQUMsY0FBYyxDQUFDO2dCQUM1QyxjQUFjLEVBQUUsSUFBSTtnQkFDcEIsaUJBQWlCLEVBQUUsSUFBSTtnQkFDdkIsc0JBQXNCLEVBQUUsS0FBSzthQUM5QixDQUFDO1lBQ0YsTUFBTSxFQUFFLDhCQUFjLENBQUMsWUFBWSxDQUFDO2dCQUNsQyxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87Z0JBQ3RCLFFBQVEsRUFBRSxLQUFLLENBQUMsV0FBVzthQUM1QixDQUFDO1lBQ0Ysb0JBQW9CLEVBQUU7Z0JBQ3BCLHFCQUFxQixFQUFFLHFDQUFxQixDQUFDLFFBQVE7Z0JBQ3JELHVCQUF1QixFQUFFLEdBQUc7Z0JBQzVCLDBCQUEwQixFQUFFLEVBQUU7YUFDL0I7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUExRkQsOENBMEZDO0FBUUQsTUFBTSx5QkFBMEIsU0FBUSw2QkFBYTtJQUNuRCxZQUNFLEtBQWdCLEVBQ2hCLEVBQVUsRUFDVixLQUFxQztRQUVyQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUV4QixJQUFJLHNCQUFRLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO1lBQ3RDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztTQUMvQixDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0YiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBDZm5TdGFjaywgU3RhY2ssIFN0YWNrUHJvcHMgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQge1xuICBTdGFja1NldCxcbiAgU3RhY2tTZXRUZW1wbGF0ZSxcbiAgU3RhY2tTZXRUYXJnZXQsXG4gIFN0YWNrU2V0U3RhY2ssXG4gIERlcGxveW1lbnRUeXBlLFxuICBDYXBhYmlsaXR5LFxuICBTdGFja1NldFN0YWNrUHJvcHMsXG4gIFJlZ2lvbkNvbmN1cnJlbmN5VHlwZVxufSBmcm9tIFwiY2RrLXN0YWNrc2V0c1wiO1xuaW1wb3J0IHBhdGggPSByZXF1aXJlKFwicGF0aFwiKTtcbmltcG9ydCB7IFMzQnVja2V0IH0gZnJvbSBcIi4uLy4uL3Jlc291cmNlc1wiO1xuaW1wb3J0IHsgT3JnYW5pemF0aW9uUHJpbmNpcGFsLCBQb2xpY3lTdGF0ZW1lbnQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiO1xuaW1wb3J0IHsgQnVja2V0RGVwbG95bWVudCwgU291cmNlIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1zMy1kZXBsb3ltZW50XCI7XG5pbXBvcnQgeyBleGVjU3luYyB9IGZyb20gXCJjaGlsZF9wcm9jZXNzXCI7XG5pbXBvcnQgKiBhcyBmcyBmcm9tIFwiZnNcIjtcbmltcG9ydCAqIGFzIG9zIGZyb20gXCJvc1wiO1xuXG5pbnRlcmZhY2UgQm9vdHN0cmFwQWNjb3VudHNTdGFja1Byb3BzIGV4dGVuZHMgU3RhY2tQcm9wcyB7XG4gIG9yZ0FjY291bnRzOiBzdHJpbmdbXTtcbiAgcmVnaW9uczogc3RyaW5nW107XG4gIHRlbXBsYXRlQnVja2V0OiBTM0J1Y2tldDtcbiAgb3JnYW5pc2F0aW9uSWQ6IHN0cmluZztcbn1cblxuZXhwb3J0IGNsYXNzIEJvb3RzdHJhcEFjY291bnRzIGV4dGVuZHMgU3RhY2sge1xuICBjb25zdHJ1Y3RvcihcbiAgICBzY29wZTogQ29uc3RydWN0LFxuICAgIGlkOiBzdHJpbmcsXG4gICAgcHJvcHM6IEJvb3RzdHJhcEFjY291bnRzU3RhY2tQcm9wc1xuICApIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIGxldCB0bXBEaXI6IHN0cmluZyB8IHVuZGVmaW5lZDtcblxuICAgIHRyeSB7XG4gICAgICAvLyBHZW5lcmF0ZSB0aGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZVxuICAgICAgY29uc3QgdGVtcGxhdGVDb250ZW50ID0gZXhlY1N5bmMoYGNkayBib290c3RyYXAgLS1zaG93LXRlbXBsYXRlYCwge1xuICAgICAgICBlbmNvZGluZzogXCJ1dGY4XCJcbiAgICAgIH0pO1xuXG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgZmlsZSB0byBob2xkIHRoZSB0ZW1wbGF0ZVxuICAgICAgdG1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCBcImNkay1ib290c3RyYXAtXCIpKTtcbiAgICAgIGNvbnN0IHRlbXBsYXRlUGF0aCA9IHBhdGguam9pbih0bXBEaXIsIFwiY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxcIik7XG4gICAgICBmcy53cml0ZUZpbGVTeW5jKHRlbXBsYXRlUGF0aCwgdGVtcGxhdGVDb250ZW50KTtcblxuICAgICAgLy8gRGVwbG95IHRoZSB0ZW1wbGF0ZSB0byB0aGUgUzMgYnVja2V0XG4gICAgICBuZXcgQnVja2V0RGVwbG95bWVudCh0aGlzLCBcIkRlcGxveUJvb3RzdHJhcFRlbXBsYXRlXCIsIHtcbiAgICAgICAgc291cmNlczogW1NvdXJjZS5hc3NldCh0bXBEaXIpXSxcbiAgICAgICAgZGVzdGluYXRpb25CdWNrZXQ6IHByb3BzLnRlbXBsYXRlQnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJib290c3RyYXBcIixcbiAgICAgICAgcmV0YWluT25EZWxldGU6IGZhbHNlXG4gICAgICB9KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZ2VuZXJhdGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZTogJHtlcnJvcn1gKTtcbiAgICB9IGZpbmFsbHkge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcG9yYXJ5IGRpcmVjdG9yeVxuICAgICAgaWYgKHRtcERpciAmJiBmcy5leGlzdHNTeW5jKHRtcERpcikpIHtcbiAgICAgICAgZnMucm1TeW5jKHRtcERpciwgeyByZWN1cnNpdmU6IHRydWUsIGZvcmNlOiB0cnVlIH0pO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIERlcGxveSBhIGJ1Y2tldCBmb3IgZWFjaCByZWdpb24gdG8gc3RvcmUgU3RhY2tTZXQgYXNzZXRzXG4gICAgY29uc3QgYnVja2V0UHJlZml4ID0gXCJmamFsbC1tYW5hZ2VkLW9yZ2FuaXNhdGlvbi1ib290c3RyYXBcIjtcbiAgICBjb25zdCBhc3NldEJ1Y2tldHM6IFMzQnVja2V0W10gPSBbXTtcblxuICAgIGZvciAoY29uc3QgcmVnaW9uIG9mIHByb3BzLnJlZ2lvbnMpIHtcbiAgICAgIGNvbnN0IHMzYnVja2V0ID0gbmV3IFMzQnVja2V0KHRoaXMsIGBBc3NldEJ1Y2tldCR7cmVnaW9ufWAsIHtcbiAgICAgICAgYnVja2V0TmFtZTogYCR7YnVja2V0UHJlZml4fS0ke3JlZ2lvbn0tJHt0aGlzLmFjY291bnR9YFxuICAgICAgfSk7XG5cbiAgICAgIC8vIEdyYW50IHJlYWQgYWNjZXNzIHRvIHRoZSBlbnRpcmUgb3JnYW5pc2F0aW9uXG4gICAgICBzM2J1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXCJzMzpHZXQqXCIsIFwiczM6TGlzdCpcIl0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbczNidWNrZXQuYXJuRm9yT2JqZWN0cyhcIipcIiksIHMzYnVja2V0LmJ1Y2tldEFybl0sXG4gICAgICAgICAgcHJpbmNpcGFsczogW25ldyBPcmdhbml6YXRpb25QcmluY2lwYWwocHJvcHMub3JnYW5pc2F0aW9uSWQpXVxuICAgICAgICB9KVxuICAgICAgKTtcblxuICAgICAgYXNzZXRCdWNrZXRzLnB1c2goczNidWNrZXQpO1xuICAgIH1cblxuICAgIC8vIFVzZSByZWdpb24tYWdub3N0aWMgUzMgVVJMIGZvcm1hdFxuICAgIGNvbnN0IHRlbXBsYXRlVVJMID0gYGh0dHBzOi8vJHtwcm9wcy50ZW1wbGF0ZUJ1Y2tldC5idWNrZXROYW1lfS5zMy5hbWF6b25hd3MuY29tL2Jvb3RzdHJhcC9jZGstYm9vdHN0cmFwLnRlbXBsYXRlLnltbGA7XG5cbiAgICBjb25zdCBzdGFja1NldFN0YWNrID0gbmV3IEJvb3RzdHJhcEFjY291bnRzU3RhY2tTZXQoXG4gICAgICB0aGlzLFxuICAgICAgXCJCb290U3RyYXBBY2NvdW50c1N0YWNrU2V0XCIsXG4gICAgICB7XG4gICAgICAgIGFzc2V0QnVja2V0czogYXNzZXRCdWNrZXRzLFxuICAgICAgICBhc3NldEJ1Y2tldFByZWZpeDogYnVja2V0UHJlZml4LFxuICAgICAgICB0ZW1wbGF0ZVVSTDogdGVtcGxhdGVVUkxcbiAgICAgIH1cbiAgICApO1xuXG4gICAgbmV3IFN0YWNrU2V0KHRoaXMsIFwiU3RhY2tTZXRcIiwge1xuICAgICAgdGVtcGxhdGU6IFN0YWNrU2V0VGVtcGxhdGUuZnJvbVN0YWNrU2V0U3RhY2soc3RhY2tTZXRTdGFjayksXG4gICAgICBjYXBhYmlsaXRpZXM6IFtDYXBhYmlsaXR5Lk5BTUVEX0lBTV0sXG4gICAgICBkZXBsb3ltZW50VHlwZTogRGVwbG95bWVudFR5cGUuc2VydmljZU1hbmFnZWQoe1xuICAgICAgICBkZWxlZ2F0ZWRBZG1pbjogdHJ1ZSxcbiAgICAgICAgYXV0b0RlcGxveUVuYWJsZWQ6IHRydWUsXG4gICAgICAgIGF1dG9EZXBsb3lSZXRhaW5TdGFja3M6IGZhbHNlXG4gICAgICB9KSxcbiAgICAgIHRhcmdldDogU3RhY2tTZXRUYXJnZXQuZnJvbUFjY291bnRzKHtcbiAgICAgICAgcmVnaW9uczogcHJvcHMucmVnaW9ucyxcbiAgICAgICAgYWNjb3VudHM6IHByb3BzLm9yZ0FjY291bnRzXG4gICAgICB9KSxcbiAgICAgIG9wZXJhdGlvblByZWZlcmVuY2VzOiB7XG4gICAgICAgIHJlZ2lvbkNvbmN1cnJlbmN5VHlwZTogUmVnaW9uQ29uY3VycmVuY3lUeXBlLlBBUkFMTEVMLFxuICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICBmYWlsdXJlVG9sZXJhbmNlUGVyY2VudGFnZTogMTBcbiAgICAgIH1cbiAgICB9KTtcbiAgfVxufVxuXG5pbnRlcmZhY2UgQm9vdHN0cmFwQWNjb3VudHNTdGFja1NldFByb3BzIGV4dGVuZHMgU3RhY2tTZXRTdGFja1Byb3BzIHtcbiAgdGVtcGxhdGVVUkw6IHN0cmluZztcbiAgYXNzZXRCdWNrZXRzOiBTM0J1Y2tldFtdO1xuICBhc3NldEJ1Y2tldFByZWZpeDogc3RyaW5nO1xufVxuXG5jbGFzcyBCb290c3RyYXBBY2NvdW50c1N0YWNrU2V0IGV4dGVuZHMgU3RhY2tTZXRTdGFjayB7XG4gIGNvbnN0cnVjdG9yKFxuICAgIHNjb3BlOiBDb25zdHJ1Y3QsXG4gICAgaWQ6IHN0cmluZyxcbiAgICBwcm9wczogQm9vdHN0cmFwQWNjb3VudHNTdGFja1NldFByb3BzXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwgcHJvcHMpO1xuXG4gICAgbmV3IENmblN0YWNrKHRoaXMsIFwiYm9vdHN0cmFwVGVtcGxhdGVcIiwge1xuICAgICAgdGVtcGxhdGVVcmw6IHByb3BzLnRlbXBsYXRlVVJMXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface BootstrapAccountsProps {
|
|
4
|
-
orgAccounts: string[];
|
|
5
|
-
regions: string[];
|
|
6
|
-
templateBucket: S3Bucket;
|
|
7
|
-
organisationId: string;
|
|
8
|
-
}
|
|
9
|
-
export declare class BootstrapAccounts extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: BootstrapAccountsProps);
|
|
11
|
-
}
|
|
12
|
-
export {};
|
|
@@ -1,89 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BootstrapAccounts = void 0;
|
|
4
|
-
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
5
|
-
const constructs_1 = require("constructs");
|
|
6
|
-
const path = require("path");
|
|
7
|
-
const resources_1 = require("../../resources");
|
|
8
|
-
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
|
|
9
|
-
const aws_s3_deployment_1 = require("aws-cdk-lib/aws-s3-deployment");
|
|
10
|
-
const child_process_1 = require("child_process");
|
|
11
|
-
const fs = require("fs");
|
|
12
|
-
const os = require("os");
|
|
13
|
-
class BootstrapAccounts extends constructs_1.Construct {
|
|
14
|
-
constructor(scope, id, props) {
|
|
15
|
-
super(scope, id);
|
|
16
|
-
const stack = aws_cdk_lib_1.Stack.of(this);
|
|
17
|
-
let tmpDir;
|
|
18
|
-
try {
|
|
19
|
-
// Generate the CDK bootstrap template
|
|
20
|
-
const templateContent = (0, child_process_1.execSync)(`cdk bootstrap --show-template`, {
|
|
21
|
-
encoding: "utf8"
|
|
22
|
-
});
|
|
23
|
-
// Create a temporary file to hold the template
|
|
24
|
-
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "cdk-bootstrap-"));
|
|
25
|
-
const templatePath = path.join(tmpDir, "cdk-bootstrap.template.yml");
|
|
26
|
-
fs.writeFileSync(templatePath, templateContent);
|
|
27
|
-
// Deploy the template to the S3 bucket
|
|
28
|
-
new aws_s3_deployment_1.BucketDeployment(this, "DeployBootstrapTemplate", {
|
|
29
|
-
sources: [aws_s3_deployment_1.Source.asset(tmpDir)],
|
|
30
|
-
destinationBucket: props.templateBucket,
|
|
31
|
-
destinationKeyPrefix: "bootstrap",
|
|
32
|
-
retainOnDelete: false
|
|
33
|
-
});
|
|
34
|
-
}
|
|
35
|
-
catch (error) {
|
|
36
|
-
throw new Error(`Failed to generate CDK bootstrap template: ${error}`);
|
|
37
|
-
}
|
|
38
|
-
finally {
|
|
39
|
-
// Clean up temporary directory
|
|
40
|
-
if (tmpDir && fs.existsSync(tmpDir)) {
|
|
41
|
-
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
// Deploy a bucket for each region to store StackSet assets
|
|
45
|
-
const bucketPrefix = "fjall-stackset-assets";
|
|
46
|
-
const assetBuckets = [];
|
|
47
|
-
for (const region of props.regions) {
|
|
48
|
-
const s3bucket = new resources_1.S3Bucket(this, `AssetBucket${region}`, {
|
|
49
|
-
bucketName: `${bucketPrefix}-${region}-${stack.account}`
|
|
50
|
-
});
|
|
51
|
-
// Grant read access to the entire organisation
|
|
52
|
-
s3bucket.addToResourcePolicy(new aws_iam_1.PolicyStatement({
|
|
53
|
-
actions: ["s3:Get*", "s3:List*"],
|
|
54
|
-
resources: [s3bucket.arnForObjects("*"), s3bucket.bucketArn],
|
|
55
|
-
principals: [new aws_iam_1.OrganizationPrincipal(props.organisationId)]
|
|
56
|
-
}));
|
|
57
|
-
assetBuckets.push(s3bucket);
|
|
58
|
-
}
|
|
59
|
-
// Use region-agnostic S3 URL format
|
|
60
|
-
const templateURL = `https://${props.templateBucket.bucketName}.s3.amazonaws.com/bootstrap/cdk-bootstrap.template.yml`;
|
|
61
|
-
new aws_cdk_lib_1.CfnStackSet(this, "StackSet", {
|
|
62
|
-
permissionModel: "SERVICE_MANAGED",
|
|
63
|
-
stackSetName: `CDKBootstrap-${stack.stackName}`,
|
|
64
|
-
description: "CDK Bootstrap StackSet for organization accounts",
|
|
65
|
-
capabilities: ["CAPABILITY_NAMED_IAM"],
|
|
66
|
-
templateUrl: templateURL,
|
|
67
|
-
autoDeployment: {
|
|
68
|
-
enabled: true,
|
|
69
|
-
retainStacksOnAccountRemoval: false
|
|
70
|
-
},
|
|
71
|
-
callAs: "DELEGATED_ADMIN",
|
|
72
|
-
operationPreferences: {
|
|
73
|
-
regionConcurrencyType: "PARALLEL",
|
|
74
|
-
maxConcurrentPercentage: 100,
|
|
75
|
-
failureTolerancePercentage: 10
|
|
76
|
-
},
|
|
77
|
-
stackInstancesGroup: [
|
|
78
|
-
{
|
|
79
|
-
deploymentTargets: {
|
|
80
|
-
accounts: props.orgAccounts
|
|
81
|
-
},
|
|
82
|
-
regions: props.regions
|
|
83
|
-
}
|
|
84
|
-
]
|
|
85
|
-
});
|
|
86
|
-
}
|
|
87
|
-
}
|
|
88
|
-
exports.BootstrapAccounts = BootstrapAccounts;
|
|
89
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm9vdHN0cmFwQWNjb3VudHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9saWIvY29uZmlnL2F3cy9ib290c3RyYXBBY2NvdW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBdUU7QUFDdkUsMkNBQXVDO0FBQ3ZDLDZCQUE4QjtBQUM5QiwrQ0FBMkM7QUFDM0MsaURBQTZFO0FBQzdFLHFFQUF5RTtBQUN6RSxpREFBeUM7QUFDekMseUJBQXlCO0FBQ3pCLHlCQUF5QjtBQVN6QixNQUFhLGlCQUFrQixTQUFRLHNCQUFTO0lBQzlDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNkI7UUFDckUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM3QixJQUFJLE1BQTBCLENBQUM7UUFFL0IsSUFBSSxDQUFDO1lBQ0gsc0NBQXNDO1lBQ3RDLE1BQU0sZUFBZSxHQUFHLElBQUEsd0JBQVEsRUFBQywrQkFBK0IsRUFBRTtnQkFDaEUsUUFBUSxFQUFFLE1BQU07YUFDakIsQ0FBQyxDQUFDO1lBRUgsK0NBQStDO1lBQy9DLE1BQU0sR0FBRyxFQUFFLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sRUFBRSxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQztZQUNsRSxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsQ0FBQyxDQUFDO1lBQ3JFLEVBQUUsQ0FBQyxhQUFhLENBQUMsWUFBWSxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBRWhELHVDQUF1QztZQUN2QyxJQUFJLG9DQUFnQixDQUFDLElBQUksRUFBRSx5QkFBeUIsRUFBRTtnQkFDcEQsT0FBTyxFQUFFLENBQUMsMEJBQU0sQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQy9CLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxjQUFjO2dCQUN2QyxvQkFBb0IsRUFBRSxXQUFXO2dCQUNqQyxjQUFjLEVBQUUsS0FBSzthQUN0QixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsOENBQThDLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDekUsQ0FBQztnQkFBUyxDQUFDO1lBQ1QsK0JBQStCO1lBQy9CLElBQUksTUFBTSxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDcEMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3RELENBQUM7UUFDSCxDQUFDO1FBRUQsMkRBQTJEO1FBQzNELE1BQU0sWUFBWSxHQUFHLHVCQUF1QixDQUFDO1FBQzdDLE1BQU0sWUFBWSxHQUFlLEVBQUUsQ0FBQztRQUVwQyxLQUFLLE1BQU0sTUFBTSxJQUFJLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNuQyxNQUFNLFFBQVEsR0FBRyxJQUFJLG9CQUFRLENBQUMsSUFBSSxFQUFFLGNBQWMsTUFBTSxFQUFFLEVBQUU7Z0JBQzFELFVBQVUsRUFBRSxHQUFHLFlBQVksSUFBSSxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sRUFBRTthQUN6RCxDQUFDLENBQUM7WUFFSCwrQ0FBK0M7WUFDL0MsUUFBUSxDQUFDLG1CQUFtQixDQUMxQixJQUFJLHlCQUFlLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRSxDQUFDLFNBQVMsRUFBRSxVQUFVLENBQUM7Z0JBQ2hDLFNBQVMsRUFBRSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLEVBQUUsUUFBUSxDQUFDLFNBQVMsQ0FBQztnQkFDNUQsVUFBVSxFQUFFLENBQUMsSUFBSSwrQkFBcUIsQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUM7YUFDOUQsQ0FBQyxDQUNILENBQUM7WUFFRixZQUFZLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlCLENBQUM7UUFFRCxvQ0FBb0M7UUFDcEMsTUFBTSxXQUFXLEdBQUcsV0FBVyxLQUFLLENBQUMsY0FBYyxDQUFDLFVBQVUsd0RBQXdELENBQUM7UUFFdkgsSUFBSSx5QkFBVyxDQUFDLElBQUksRUFBRSxVQUFVLEVBQUU7WUFDaEMsZUFBZSxFQUFFLGlCQUFpQjtZQUNsQyxZQUFZLEVBQUUsZ0JBQWdCLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDL0MsV0FBVyxFQUFFLGtEQUFrRDtZQUMvRCxZQUFZLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQztZQUN0QyxXQUFXLEVBQUUsV0FBVztZQUN4QixjQUFjLEVBQUU7Z0JBQ2QsT0FBTyxFQUFFLElBQUk7Z0JBQ2IsNEJBQTRCLEVBQUUsS0FBSzthQUNwQztZQUNELE1BQU0sRUFBRSxpQkFBaUI7WUFDekIsb0JBQW9CLEVBQUU7Z0JBQ3BCLHFCQUFxQixFQUFFLFVBQVU7Z0JBQ2pDLHVCQUF1QixFQUFFLEdBQUc7Z0JBQzVCLDBCQUEwQixFQUFFLEVBQUU7YUFDL0I7WUFDRCxtQkFBbUIsRUFBRTtnQkFDbkI7b0JBQ0UsaUJBQWlCLEVBQUU7d0JBQ2pCLFFBQVEsRUFBRSxLQUFLLENBQUMsV0FBVztxQkFDNUI7b0JBQ0QsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO2lCQUN2QjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBcEZELDhDQW9GQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IENmblN0YWNrLCBTdGFjaywgU3RhY2tQcm9wcywgQ2ZuU3RhY2tTZXQgfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgcGF0aCA9IHJlcXVpcmUoXCJwYXRoXCIpO1xuaW1wb3J0IHsgUzNCdWNrZXQgfSBmcm9tIFwiLi4vLi4vcmVzb3VyY2VzXCI7XG5pbXBvcnQgeyBPcmdhbml6YXRpb25QcmluY2lwYWwsIFBvbGljeVN0YXRlbWVudCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyBCdWNrZXREZXBsb3ltZW50LCBTb3VyY2UgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzLWRlcGxveW1lbnRcIjtcbmltcG9ydCB7IGV4ZWNTeW5jIH0gZnJvbSBcImNoaWxkX3Byb2Nlc3NcIjtcbmltcG9ydCAqIGFzIGZzIGZyb20gXCJmc1wiO1xuaW1wb3J0ICogYXMgb3MgZnJvbSBcIm9zXCI7XG5cbmludGVyZmFjZSBCb290c3RyYXBBY2NvdW50c1Byb3BzIHtcbiAgb3JnQWNjb3VudHM6IHN0cmluZ1tdO1xuICByZWdpb25zOiBzdHJpbmdbXTtcbiAgdGVtcGxhdGVCdWNrZXQ6IFMzQnVja2V0O1xuICBvcmdhbmlzYXRpb25JZDogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgQm9vdHN0cmFwQWNjb3VudHMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQm9vdHN0cmFwQWNjb3VudHNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCBzdGFjayA9IFN0YWNrLm9mKHRoaXMpO1xuICAgIGxldCB0bXBEaXI6IHN0cmluZyB8IHVuZGVmaW5lZDtcblxuICAgIHRyeSB7XG4gICAgICAvLyBHZW5lcmF0ZSB0aGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZVxuICAgICAgY29uc3QgdGVtcGxhdGVDb250ZW50ID0gZXhlY1N5bmMoYGNkayBib290c3RyYXAgLS1zaG93LXRlbXBsYXRlYCwge1xuICAgICAgICBlbmNvZGluZzogXCJ1dGY4XCJcbiAgICAgIH0pO1xuXG4gICAgICAvLyBDcmVhdGUgYSB0ZW1wb3JhcnkgZmlsZSB0byBob2xkIHRoZSB0ZW1wbGF0ZVxuICAgICAgdG1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCBcImNkay1ib290c3RyYXAtXCIpKTtcbiAgICAgIGNvbnN0IHRlbXBsYXRlUGF0aCA9IHBhdGguam9pbih0bXBEaXIsIFwiY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxcIik7XG4gICAgICBmcy53cml0ZUZpbGVTeW5jKHRlbXBsYXRlUGF0aCwgdGVtcGxhdGVDb250ZW50KTtcblxuICAgICAgLy8gRGVwbG95IHRoZSB0ZW1wbGF0ZSB0byB0aGUgUzMgYnVja2V0XG4gICAgICBuZXcgQnVja2V0RGVwbG95bWVudCh0aGlzLCBcIkRlcGxveUJvb3RzdHJhcFRlbXBsYXRlXCIsIHtcbiAgICAgICAgc291cmNlczogW1NvdXJjZS5hc3NldCh0bXBEaXIpXSxcbiAgICAgICAgZGVzdGluYXRpb25CdWNrZXQ6IHByb3BzLnRlbXBsYXRlQnVja2V0LFxuICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJib290c3RyYXBcIixcbiAgICAgICAgcmV0YWluT25EZWxldGU6IGZhbHNlXG4gICAgICB9KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZ2VuZXJhdGUgQ0RLIGJvb3RzdHJhcCB0ZW1wbGF0ZTogJHtlcnJvcn1gKTtcbiAgICB9IGZpbmFsbHkge1xuICAgICAgLy8gQ2xlYW4gdXAgdGVtcG9yYXJ5IGRpcmVjdG9yeVxuICAgICAgaWYgKHRtcERpciAmJiBmcy5leGlzdHNTeW5jKHRtcERpcikpIHtcbiAgICAgICAgZnMucm1TeW5jKHRtcERpciwgeyByZWN1cnNpdmU6IHRydWUsIGZvcmNlOiB0cnVlIH0pO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIERlcGxveSBhIGJ1Y2tldCBmb3IgZWFjaCByZWdpb24gdG8gc3RvcmUgU3RhY2tTZXQgYXNzZXRzXG4gICAgY29uc3QgYnVja2V0UHJlZml4ID0gXCJmamFsbC1zdGFja3NldC1hc3NldHNcIjtcbiAgICBjb25zdCBhc3NldEJ1Y2tldHM6IFMzQnVja2V0W10gPSBbXTtcblxuICAgIGZvciAoY29uc3QgcmVnaW9uIG9mIHByb3BzLnJlZ2lvbnMpIHtcbiAgICAgIGNvbnN0IHMzYnVja2V0ID0gbmV3IFMzQnVja2V0KHRoaXMsIGBBc3NldEJ1Y2tldCR7cmVnaW9ufWAsIHtcbiAgICAgICAgYnVja2V0TmFtZTogYCR7YnVja2V0UHJlZml4fS0ke3JlZ2lvbn0tJHtzdGFjay5hY2NvdW50fWBcbiAgICAgIH0pO1xuXG4gICAgICAvLyBHcmFudCByZWFkIGFjY2VzcyB0byB0aGUgZW50aXJlIG9yZ2FuaXNhdGlvblxuICAgICAgczNidWNrZXQuYWRkVG9SZXNvdXJjZVBvbGljeShcbiAgICAgICAgbmV3IFBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgICAgYWN0aW9uczogW1wiczM6R2V0KlwiLCBcInMzOkxpc3QqXCJdLFxuICAgICAgICAgIHJlc291cmNlczogW3MzYnVja2V0LmFybkZvck9iamVjdHMoXCIqXCIpLCBzM2J1Y2tldC5idWNrZXRBcm5dLFxuICAgICAgICAgIHByaW5jaXBhbHM6IFtuZXcgT3JnYW5pemF0aW9uUHJpbmNpcGFsKHByb3BzLm9yZ2FuaXNhdGlvbklkKV1cbiAgICAgICAgfSlcbiAgICAgICk7XG5cbiAgICAgIGFzc2V0QnVja2V0cy5wdXNoKHMzYnVja2V0KTtcbiAgICB9XG5cbiAgICAvLyBVc2UgcmVnaW9uLWFnbm9zdGljIFMzIFVSTCBmb3JtYXRcbiAgICBjb25zdCB0ZW1wbGF0ZVVSTCA9IGBodHRwczovLyR7cHJvcHMudGVtcGxhdGVCdWNrZXQuYnVja2V0TmFtZX0uczMuYW1hem9uYXdzLmNvbS9ib290c3RyYXAvY2RrLWJvb3RzdHJhcC50ZW1wbGF0ZS55bWxgO1xuXG4gICAgbmV3IENmblN0YWNrU2V0KHRoaXMsIFwiU3RhY2tTZXRcIiwge1xuICAgICAgcGVybWlzc2lvbk1vZGVsOiBcIlNFUlZJQ0VfTUFOQUdFRFwiLFxuICAgICAgc3RhY2tTZXROYW1lOiBgQ0RLQm9vdHN0cmFwLSR7c3RhY2suc3RhY2tOYW1lfWAsXG4gICAgICBkZXNjcmlwdGlvbjogXCJDREsgQm9vdHN0cmFwIFN0YWNrU2V0IGZvciBvcmdhbml6YXRpb24gYWNjb3VudHNcIixcbiAgICAgIGNhcGFiaWxpdGllczogW1wiQ0FQQUJJTElUWV9OQU1FRF9JQU1cIl0sXG4gICAgICB0ZW1wbGF0ZVVybDogdGVtcGxhdGVVUkwsXG4gICAgICBhdXRvRGVwbG95bWVudDoge1xuICAgICAgICBlbmFibGVkOiB0cnVlLFxuICAgICAgICByZXRhaW5TdGFja3NPbkFjY291bnRSZW1vdmFsOiBmYWxzZVxuICAgICAgfSxcbiAgICAgIGNhbGxBczogXCJERUxFR0FURURfQURNSU5cIixcbiAgICAgIG9wZXJhdGlvblByZWZlcmVuY2VzOiB7XG4gICAgICAgIHJlZ2lvbkNvbmN1cnJlbmN5VHlwZTogXCJQQVJBTExFTFwiLFxuICAgICAgICBtYXhDb25jdXJyZW50UGVyY2VudGFnZTogMTAwLFxuICAgICAgICBmYWlsdXJlVG9sZXJhbmNlUGVyY2VudGFnZTogMTBcbiAgICAgIH0sXG4gICAgICBzdGFja0luc3RhbmNlc0dyb3VwOiBbXG4gICAgICAgIHtcbiAgICAgICAgICBkZXBsb3ltZW50VGFyZ2V0czoge1xuICAgICAgICAgICAgYWNjb3VudHM6IHByb3BzLm9yZ0FjY291bnRzXG4gICAgICAgICAgfSxcbiAgICAgICAgICByZWdpb25zOiBwcm9wcy5yZWdpb25zXG4gICAgICAgIH1cbiAgICAgIF1cbiAgICB9KTtcbiAgfVxufVxuIl19
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import { Construct } from "constructs";
|
|
2
|
-
import { S3Bucket } from "../../resources";
|
|
3
|
-
interface MultiRegionStackSetProps {
|
|
4
|
-
orgAccounts: string[];
|
|
5
|
-
regions: string[];
|
|
6
|
-
templateBucket: S3Bucket;
|
|
7
|
-
organisationId: string;
|
|
8
|
-
}
|
|
9
|
-
export declare class MultiRegionStackSetExample extends Construct {
|
|
10
|
-
constructor(scope: Construct, id: string, props: MultiRegionStackSetProps);
|
|
11
|
-
}
|
|
12
|
-
export declare class AlternativeMultiRegionApproach extends Construct {
|
|
13
|
-
constructor(scope: Construct, id: string, props: MultiRegionStackSetProps);
|
|
14
|
-
}
|
|
15
|
-
export {};
|