@ossy/deployment-tools 0.0.64 → 0.0.66

package/README.md

@@ -39,6 +39,32 @@ npx --yes @ossy/deployment-tools deploy \
 
 ## Infrastructure
 
+We use AWS to host our infrastructure and all of it is defined in JavaScript with the help of
+(AWS CDK)[https://aws.amazon.com/cdk/].
+
+### Adding a new AWS account
+We have a different account for each service and environment.
+To add a new account follow the steps below.
+
+- Create an email group in GoogleAdmin with **public post access**.
+  The email should follow the pattern <service-name>-<env>@ossy.se.
+  If it's an account for prod use <service-name>@ossy.se.
+  Don't forgett to add yourself and other relevant people to the group.
+- Log into our root organisation account and create a new aws account
+  with the same naming pattern and email as described above.
+- Log out of the organisation account then send a password reset request to the
+  newly created account using the new email.
+- Create a new user in the account with the same name as the account.
+  In the same process add the AdministratorAccess managed policy to the user.
+- Create an access key to the account and add it as a (named profile)[https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html] on your computer
+- Create a keypair in the correct region and download it
+- Add the new environment to the platforms.json file in this repository
+  - don't forget to add the keypair
+- run the cdk ls command to make sure the new stack is picked up
+- run cdk bootstrap for the account and region. This will create necessary resources like roles used by aws cdk.
+- add the stack name to workflow options
+
+
 <!-- Deploys AWS infrastructure
 ```
 npx --yes @ossy/deployment-tools infrastructure deploy

package/cdk.context.json

@@ -1,6 +1,41 @@
 {
-  "vpc-provider:account=322874034009:filter.isDefault=true:region=eu-north-1:returnAsymmetricSubnets=true": {
-    "vpcId": "vpc-50df1939",
+  "hosted-zone:account=858451553223:domainName=ossy.se:region=eu-north-1": {
+    "Id": "/hostedzone/Z09424571CVOTIJV8Z50C",
+    "Name": "ossy.se."
+  },
+  "vpc-provider:account=858451553223:filter.isDefault=true:region=eu-north-1:returnAsymmetricSubnets=true": {
+    "vpcId": "vpc-0298c165cd8861f90",
+    "vpcCidrBlock": "172.31.0.0/16",
+    "availabilityZones": [],
+    "subnetGroups": [
+      {
+        "name": "Public",
+        "type": "Public",
+        "subnets": [
+          {
+            "subnetId": "subnet-06e0c3bfe4895164e",
+            "cidr": "172.31.16.0/20",
+            "availabilityZone": "eu-north-1a",
+            "routeTableId": "rtb-02d1f0d66595c107f"
+          },
+          {
+            "subnetId": "subnet-06518594205611f1f",
+            "cidr": "172.31.32.0/20",
+            "availabilityZone": "eu-north-1b",
+            "routeTableId": "rtb-02d1f0d66595c107f"
+          },
+          {
+            "subnetId": "subnet-0edc385e74651c812",
+            "cidr": "172.31.0.0/20",
+            "availabilityZone": "eu-north-1c",
+            "routeTableId": "rtb-02d1f0d66595c107f"
+          }
+        ]
+      }
+    ]
+  },
+  "vpc-provider:account=426023801260:filter.isDefault=true:region=eu-north-1:returnAsymmetricSubnets=true": {
+    "vpcId": "vpc-07f00a86e35e47534",
     "vpcCidrBlock": "172.31.0.0/16",
     "availabilityZones": [],
     "subnetGroups": [
@@ -9,29 +44,29 @@
         "type": "Public",
         "subnets": [
           {
-            "subnetId": "subnet-b88e49d1",
+            "subnetId": "subnet-0e14b1b1a87fa46db",
             "cidr": "172.31.16.0/20",
             "availabilityZone": "eu-north-1a",
-            "routeTableId": "rtb-2ce32245"
+            "routeTableId": "rtb-0d999e16443becd03"
           },
           {
-            "subnetId": "subnet-6bed0b10",
+            "subnetId": "subnet-08428891d5e493330",
             "cidr": "172.31.32.0/20",
             "availabilityZone": "eu-north-1b",
-            "routeTableId": "rtb-2ce32245"
+            "routeTableId": "rtb-0d999e16443becd03"
           },
           {
-            "subnetId": "subnet-6d999827",
+            "subnetId": "subnet-02821be03760e8d34",
             "cidr": "172.31.0.0/20",
             "availabilityZone": "eu-north-1c",
-            "routeTableId": "rtb-2ce32245"
+            "routeTableId": "rtb-0d999e16443becd03"
           }
         ]
       }
     ]
   },
-  "hosted-zone:account=322874034009:domainName=ossy.se:region=eu-north-1": {
-    "Id": "/hostedzone/Z05895872N99P5G3TLU28",
+  "hosted-zone:account=426023801260:domainName=ossy.se:region=eu-north-1": {
+    "Id": "/hostedzone/Z01074843R7T9G6P0BW11",
     "Name": "ossy.se."
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ossy/deployment-tools",
-  "version": "0.0.64",
+  "version": "0.0.66",
   "description": "Collection of scripts and tools to aid deployment of containers and static files to Amazon Web Services through GitHub Actions",
   "source": "./src/index.js",
   "main": "./src/index.js",
@@ -15,16 +15,17 @@
   "bin": "./src/index.cli.js",
   "dependencies": {
     "@actions/core": "^1.10.0",
-    "@aws-sdk/client-sqs": "^3.186.0",
-    "@aws-sdk/client-sts": "^3.188.0",
+    "@aws-sdk/client-sqs": "^3.245.0",
+    "@aws-sdk/client-sts": "^3.245.0",
     "arg": "^5.0.2",
-    "aws-cdk-lib": "2.47.0",
-    "constructs": "^10.0.0",
+    "aws-cdk-lib": "^2.59.0",
+    "constructs": "^10.1.211",
     "express": "^4.18.1",
+    "nanoid": "^3.3.4",
     "node-fetch": "^2.6.7"
   },
   "devDependencies": {
-    "aws-cdk": "2.47.0",
+    "aws-cdk": "^2.59.0",
     "jest": "^27.5.1",
     "jsdoc": "^3.6.11"
   }

package/src/cms/cli.js

@@ -0,0 +1,46 @@
+#!/usr/bin/env node
+const { readFileSync } = require('fs')
+const arg = require('arg')
+const fetch = require('node-fetch')
+const { PlatformDeploymentService } = require('./platform-deployment')
+const { logInfo, logError } = require('../log')
+
+const getTokenPayload = token =>
+  JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString())
+
+
+const import = options => {
+
+  const parsedArgs = arg({
+    '--authentication': String,
+    '--a': '--authentication',
+
+    '--resource-templates': String,
+    '-t': '--resource-templates'
+  }, { argv: options })
+
+  logInfo({ message: '[CMS] reading files' })
+  const token = parsedArgs['--authentication']
+  const tokenPayload = getTokenPayload(token)
+  const templates = readFileSync(resolve(parsedArgs['--resource-templates']), 'utf8')
+
+  if (!token) return logError({ message: '[CMS] No token provided with --authentication'})
+  if (!templates) return logError({ message: '[CMS] No templates provided with --resource-templates'})
+
+  logInfo({ message: '[CMS] uploading files' })
+
+  fetch(
+    `https://cms.ossy.se/api/v0/workspaces/${tokenPayload?.workspaceId}/resource-templates`,
+    { method: 'POST', headers: { 'Authorization': token }, body: templates }
+  )
+  .then(() => logInfo({ message: '[CMS] done' }))
+  .catch(error => logError({ message: '[CMS] Error', error }))
+}
+
+module.exports = {
+  handler: ([command, ...options]) => {
+    !!command
+      ? { deploy }[command](options)
+      : logError({ message: '[CMS] No command provided' })
+  }
+}

package/src/config/platform-config.js

@@ -42,7 +42,10 @@ class PlatformConfigService {
     }
 
     const awsDeploymentSqsArn = `https://sqs.${withDefaults.awsRegion}.amazonaws.com/${withDefaults.awsAccountId}/${withDefaults.platformName}-${withDefaults.activeEnvironment}`
-    const awsRoleToAssume = process.env.CI ? 'github-ci-role' : undefined
+
+    const awsRoleToAssume = process.env.CI
+      ? `github-ci-role-${withDefaults.platformName}`
+      : undefined
 
     return {
       ...withDefaults,

package/src/index.cli.js

@@ -7,7 +7,8 @@ const loadHandler = {
   aws: () => require('./aws-credentials/cli.js'),
   deployment: () => require('./deploy/cli.js'),
   template: () => require('./template/cli.js'),
-  server: () => require('./server/cli.js')
+  server: () => require('./server/cli.js'),
+  cms: () => require('./cms/cli.js')
 }[handlerName]
 
 !!loadHandler && loadHandler().handler(restArgs)

package/src/infrastructure/container-server/container-server.js

@@ -50,7 +50,9 @@ class ContainerServer extends Construct {
   constructor(scope, id, props) {
     super(scope, id)
 
-    const hostedZone = HostedZone.fromLookup(this, 'HostedZone', { domainName: props.platformConfig.domain })
+    const hostedZone = new HostedZone(this, 'HostedZone', {
+      zoneName: `${props.platformConfig.activeEnvironment}.${props.platformConfig.domain}`
+    })
 
     const vpc = Vpc.fromLookup(this, 'VPC', {
       isDefault: true

package/src/infrastructure/platform-stack.js

@@ -3,6 +3,7 @@ const { Stack, Duration, RemovalPolicy } = require('aws-cdk-lib')
 const { Queue } = require('aws-cdk-lib/aws-sqs')
 const { Bucket, BucketEncryption, BlockPublicAccess } = require('aws-cdk-lib/aws-s3')
 const { Source, BucketDeployment } = require('aws-cdk-lib/aws-s3-deployment')
+const { nanoid } = require('nanoid')
 
 const { ContainerServer } = require('./container-server')
 
@@ -28,8 +29,10 @@ class PlatformStack extends Stack {
         receiveMessageWaitTime: Duration.seconds(20)
       })
 
+      const bucketName =
+
       const platformConfigBucket = new Bucket(this, 'PlatformConfig', {
-        bucketName: `${props.config.platformName}-${props.config.activeEnvironment}`,
+        bucketName: `${props.config.platformName}-${props.config.activeEnvironment}-${nanoid().toLowerCase().replaceAll('_', '').replaceAll('-', '')}`,
         blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
         encryption: BucketEncryption.S3_MANAGED,
         removalPolicy: RemovalPolicy.DESTROY,