aws-architect 6.7.51 → 6.7.52

package/CHANGELOG.md

@@ -3,6 +3,8 @@ This is the changelog for [AWS Architect](readme.md).
 
 ## 6.7 ##
 * Fix handlers for /route and /route/ so that the index.html is always duplicated.
+* Add support for organizational stack set deployment
+
 ## 6.6 ##
 * Add support to `deleteWebsiteVersion(version)`
 * Fix `The function must be in an Active state. The current state for function arn:aws:lambda:Function:514 is Pending`.

package/index.d.ts

@@ -38,6 +38,11 @@ interface StackSetConfiguration {
   regions: string[];
 }
 
+interface OrganizationalStackSetConfiguration {
+  changeSetName: string;
+  stackSetName: string;
+}
+
 
 interface StageDeploymentOptions {
   stage: string;
@@ -64,6 +69,7 @@ declare class AwsArchitect {
   validateTemplate(stackTemplate: object): Promise<object>;
   deployTemplate(stackTemplate: object, stackConfiguration: StackConfiguration, parameters: object): Promise<object>;
   deployStackSetTemplate(stackTemplate: object, stackSetConfiguration: StackSetConfiguration, parameters: object): Promise<object>;
+  configureStackSetForAwsOrganization(stackTemplate: object, stackSetConfiguration: OrganizationalStackSetConfiguration, parameters: object): Promise<object>;
   deployStagePromise(stage: string, lambdaVersion: string): Promise<object>;
   removeStagePromise(stage: string, functionName: string): Promise<object>;
   cleanupPreviousFunctionVersions(functionName: string, forceRemovalOfAliases: string): Promise<object>;

package/index.js

@@ -151,6 +151,28 @@ AwsArchitect.prototype.deployStackSetTemplate = async function(stackTemplate, st
   return this.CloudFormationDeployer.deployStackSetTemplate(accountId, stackTemplate, stackConfiguration, parameters, `${this.PackageMetadata.name}/${this.PackageMetadata.version}`);
 };
 
+AwsArchitect.prototype.configureStackSetForAwsOrganization = async function(stackTemplate, stackConfiguration, parameters) {
+  try {
+    await new aws.IAM().getRole({ RoleName: 'AWSCloudFormationStackSetExecutionRole' }).promise();
+  } catch (error) {
+    if (error.code === 'NoSuchEntity') {
+      throw { title: 'Role "AWSCloudFormationStackSetExecutionRole" must exist. See prerequisite for cloudformation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html' };
+    }
+    throw error;
+  }
+
+  try {
+    await new aws.IAM().getRole({ RoleName: 'AWSCloudFormationStackSetAdministrationRole' }).promise();
+  } catch (error) {
+    if (error.code === 'NoSuchEntity') {
+      throw { title: 'Role "AWSCloudFormationStackSetAdministrationRole" must exist. See prerequisite for cloudformation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html' };
+    }
+    throw error;
+  }
+
+  return this.CloudFormationDeployer.configureStackSetForAwsOrganization(stackTemplate, stackConfiguration, parameters);
+};
+
 AwsArchitect.prototype.deployStagePromise = AwsArchitect.prototype.DeployStagePromise = function(stage, lambdaVersion) {
   if (!stage) { throw new Error('Deployment stage is not defined.'); }
   if (!lambdaVersion) { throw new Error('Deployment lambdaVersion is not defined.'); }

package/lib/CloudFormationDeployer.js

@@ -1,4 +1,4 @@
-const { CloudFormation } = require('aws-sdk');
+const { CloudFormation, Organizations, EC2 } = require('aws-sdk');
 const Tmp = require('tmp');
 Tmp.setGracefulCleanup();
 const fs = require('fs-extra');
@@ -360,20 +360,10 @@ class CloudFormationDeployer {
 
     const existingStacks = await this.cloudFormationClient.listStackInstances({ StackSetName: options.stackSetName }).promise().then(data => data.Summaries);
     const existingRegions = existingStacks.map(s => s.Region);
-    const createParams = {
-      StackSetName: options.stackSetName,
-      Accounts: [accountId],
-      Regions: options.regions.filter(r => !existingRegions.some(e => e === r)),
-      OperationId: options.changeSetName,
-      OperationPreferences: {
-        FailureToleranceCount: 20,
-        MaxConcurrentCount: 20,
-        RegionConcurrencyType: 'PARALLEL'
-      }
-    };
+    const newRegions = options.regions.filter(r => !existingRegions.some(e => e === r));
 
     // If the stack already existed, and there are no new regions, all the stacks are updated then check to see if the template matches the new template
-    if (stackExists && !createParams.Regions.length && existingStacks.every(s => s.Status === 'CURRENT')) {
+    if (stackExists && !newRegions && existingStacks.every(s => s.Status === 'CURRENT')) {
       const regionStacks = await this.cloudFormationClient.listStacks({ StackStatusFilter: ['CREATE_COMPLETE', 'UPDATE_COMPLETE', 'UPDATE_ROLLBACK_COMPLETE'] }).promise()
       .then(r => r.StackSummaries);
 
@@ -421,6 +411,17 @@ class CloudFormationDeployer {
       }
     }
 
+    const createParams = {
+      StackSetName: options.stackSetName,
+      Accounts: [accountId],
+      Regions: newRegions,
+      OperationId: options.changeSetName,
+      OperationPreferences: {
+        FailureToleranceCount: 20,
+        MaxConcurrentCount: 20,
+        RegionConcurrencyType: 'PARALLEL'
+      }
+    };
     if (createParams.Regions.length) {
       console.log(`Create a stack instance in regions: ${createParams.Regions.join(', ')}`);
       await this.cloudFormationClient.createStackInstances(createParams).promise();
@@ -446,6 +447,84 @@ class CloudFormationDeployer {
 
     return { title: 'Success' };
   }
+
+  async configureStackSetForAwsOrganization(template, options = {}, parameters = {}) {
+    if (template === null) { throw { error: '{template} object must be defined.' }; }
+    if (options.stackSetName === null) { throw { error: '{options.stackSetName} is a required property.' }; }
+
+    console.log(`Starting Configuration of the StackSet: ${options.stackSetName}`);
+
+    const templateString = this.getTemplateBody(template);
+    const stackParameters = {
+      StackSetName: options.stackSetName,
+      AutoDeployment: {
+        Enabled: true,
+        RetainStacksOnAccountRemoval: false
+      },
+      ManagedExecution: {
+        Active: true
+      },
+      Description: 'Deployed as an Organizational stack set',
+      PermissionModel: 'SERVICE_MANAGED',
+      Capabilities: ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM', 'CAPABILITY_AUTO_EXPAND'],
+      Tags: options.tags ? Object.keys(options.tags).map(t => ({ Key: t, Value: options.tags[t] })) : undefined,
+      TemplateBody: templateString
+    };
+
+    const stackExists = await this.stackSetExists(options.stackSetName);
+    if (!stackExists) {
+      console.log('Create stack set...');
+      await this.cloudFormationClient.createStackSet(stackParameters).promise();
+    }
+
+    const currentStackData = await this.cloudFormationClient.describeStackSet({ StackSetName: options.stackSetName }).promise().then(data => data.StackSet);
+    const rawRegions = await new EC2().describeRegions().promise().then(data => data.Regions.map(r => r.RegionName));
+    const newRegions = rawRegions.filter(r => !currentStackData.Regions || !currentStackData.Regions.some(e => e === r))
+    .filter(r => r !== 'eu-central-2');
+
+    // If the stack already existed, and there are no new regions, all the stacks are updated then check to see if the template matches the new template
+    if (stackExists && !newRegions.length) {
+      if (isEqual(tryParseJson(currentStackData.TemplateBody), tryParseJson(templateString))
+        && Object.keys(parameters).every(key => currentStackData.Parameters.find(p => p.ParameterKey === key && p.ParameterValue === parameters[key]))) {
+        console.log('Skipping deployment of stackset because template matches existing CF stack template');
+        return { title: 'Change set skipped, no changes detected.', code: 'SKIPPED' };
+      }
+    }
+
+    if (stackExists) {
+      console.log('Updating organizational stack set, stack will be updated asynchronously');
+      stackParameters.OperationId = `${options.changeSetName}-update`;
+      stackParameters.OperationPreferences = {
+        FailureToleranceCount: 20,
+        MaxConcurrentCount: 20,
+        RegionConcurrencyType: 'PARALLEL'
+      };
+
+      await this.cloudFormationClient.updateStackSet(stackParameters).promise();
+    }
+
+    const rootOrgsInfo = await new Organizations({ region: 'us-east-1' }).listRoots({}).promise();
+
+    const deployToAdditionalRegionsParams = {
+      StackSetName: options.stackSetName,
+      DeploymentTargets: {
+        OrganizationalUnitIds: rootOrgsInfo.Roots.map(org => org.Id)
+      },
+      Regions: newRegions,
+      OperationId: options.changeSetName,
+      OperationPreferences: {
+        FailureToleranceCount: 20,
+        MaxConcurrentCount: 20,
+        RegionConcurrencyType: 'PARALLEL'
+      }
+    };
+    if (deployToAdditionalRegionsParams.Regions.length || deployToAdditionalRegionsParams.DeploymentTargets.OrganizationalUnitIds.length) {
+      console.log(`Tracking StackSet accounts in Orgs: ${deployToAdditionalRegionsParams.DeploymentTargets.OrganizationalUnitIds.join(', ')}`);
+      await this.cloudFormationClient.createStackInstances(deployToAdditionalRegionsParams).promise();
+    }
+
+    return { title: 'Success' };
+  }
 }
 
 module.exports = CloudFormationDeployer;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aws-architect",
-  "version": "6.7.51",
+  "version": "6.7.52",
   "description": "AWS Architect is a node based tool to configure and deploy AWS-based microservices.",
   "main": "index.js",
   "types": "index.d.ts",