Automation improvements and updates from AWS (#52)

* Synced to latest AWS hosted quickstart * Removed outdated BastionAMIOS param * Updated test script
SolaceProducts · Jan 7, 2021 · 1101177 · 1101177
1 parent 25317ec
commit 1101177
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 23 deletions.
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -2,7 +2,7 @@ name: build
 
 # Controls when the action will run. 
 on:
-  pull_request:
+  pull_request_target:
 
   push:
 
@@ -48,24 +48,28 @@ jobs:
     - name: Copy test artifacts to test S3 bucket
       run: |
         MESSAGEBROKERNODEINSTANCETYPE=t2.small
-        sed -i "s@SolaceDockerImageParameterValue@${{ secrets.BROKER_DOCKER_IMAGE_REF }}@g" ci/solace-aws-ha-3az-prod-travistest.json
-        sed -i "s@EventBrokerNodeInstanceTypeParameterValue@${MESSAGEBROKERNODEINSTANCETYPE}@g" ci/solace-aws-ha-3az-prod-travistest.json
+        sed -i "s@SolaceDockerImageParameterValue@${{ secrets.BROKER_DOCKER_IMAGE_REF }}@g" ci/solace-aws-ha-3az-prod-test.json
+        sed -i "s@EventBrokerNodeInstanceTypeParameterValue@${MESSAGEBROKERNODEINSTANCETYPE}@g" ci/solace-aws-ha-3az-prod-test.json
         aws s3 mb s3://${{ env.TEST_S3_BUCKET }} || echo "s3 bucket already existed"
         export BUCKETREGION=`aws s3api get-bucket-location --bucket ${{ env.TEST_S3_BUCKET }} | grep LocationConstraint | awk -F' ' '{print $NF}' | tr -d '"'`
-        sed -i "s@SolaceStackRegionNAME@${AWS_DEFAULT_REGION}@g" ci/solace-aws-ha-3az-prod-travistest.json
-        sed -i "s@SolaceBucketRegionNAME@${BUCKETREGION}@g" ci/solace-aws-ha-3az-prod-travistest.json
+        sed -i "s@SolaceStackRegionNAME@${AWS_DEFAULT_REGION}@g" ci/solace-aws-ha-3az-prod-test.json
+        sed -i "s@SolaceBucketRegionNAME@${BUCKETREGION}@g" ci/solace-aws-ha-3az-prod-test.json
         aws s3 sync . s3://${{ env.TEST_S3_BUCKET }}/solace/eventbroker/latest --acl public-read
 
     - name: Test with production deployment option (create public subnet)
       run: |
-        aws cloudformation create-stack --stack-name $TESTSTACKNAME --template-body file://templates/solace-master.template --parameters file://ci/solace-aws-ha-3az-prod-travistest.json --on-failure ROLLBACK --capabilities CAPABILITY_NAMED_IAM
+        aws cloudformation create-stack --stack-name $TESTSTACKNAME --template-body file://templates/solace-master.template --parameters file://ci/solace-aws-ha-3az-prod-test.json --on-failure ROLLBACK --capabilities CAPABILITY_NAMED_IAM
         echo "Waiting for stack create complete"
         sleep 30; aws cloudformation describe-stacks --stack-name $TESTSTACKNAME
         until aws cloudformation describe-stacks --stack-name $TESTSTACKNAME | grep -m 1 -E 'CREATE_COMPLETE'; do
           sleep 10
-          if aws cloudformation describe-stacks --stack-name $TESTSTACKNAME | grep -m 1 -E 'DELETE_IN_PROGRESS'; then exit 1; fi
+          if aws cloudformation describe-stacks --stack-name $TESTSTACKNAME | grep -m 1 -E 'ROLLBACK_IN_PROGRESS'; then
+            aws cloudformation describe-stack-events --stack-name $TESTSTACKNAME
+            aws cloudformation describe-stacks --stack-name $TESTSTACKNAME
+            exit 1
+          fi
           sleep 10
-          done
+        done
         aws cloudformation describe-stack-events --stack-name $TESTSTACKNAME
         aws cloudformation describe-stacks --stack-name $TESTSTACKNAME
         echo "Pausing to get the ELB ready"; sleep 10
@@ -91,8 +95,8 @@ jobs:
       run: |
         export TESTSTACKNAME2="$TESTSTACKNAME-1"
         echo "TESTSTACKNAME2=$TESTSTACKNAME2" >> $GITHUB_ENV
-        sed -i "s@true@false@g" ci/solace-aws-ha-3az-prod-travistest.json
-        aws cloudformation create-stack --stack-name $TESTSTACKNAME2 --template-body file://templates/solace-master.template --parameters file://ci/solace-aws-ha-3az-prod-travistest.json --on-failure ROLLBACK --capabilities CAPABILITY_NAMED_IAM
+        sed -i "s@true@false@g" ci/solace-aws-ha-3az-prod-test.json
+        aws cloudformation create-stack --stack-name $TESTSTACKNAME2 --template-body file://templates/solace-master.template --parameters file://ci/solace-aws-ha-3az-prod-test.json --on-failure ROLLBACK --capabilities CAPABILITY_NAMED_IAM
         echo "Waiting for stack create complete"
         until aws cloudformation describe-stacks --stack-name $TESTSTACKNAME2 | grep -m 1 -E 'CREATE_COMPLETE|DELETE_IN_PROGRESS'; do sleep 10; done
         aws cloudformation describe-stack-events --stack-name $TESTSTACKNAME2

diff --git a/.gitmodules b/.gitmodules
@@ -1,8 +1,8 @@
 [submodule "submodules/quickstart-aws-vpc"]
 	path = submodules/quickstart-aws-vpc
 	url = [email protected]:aws-quickstart/quickstart-aws-vpc.git
-	branch = master
+	branch = main
 [submodule "submodules/quickstart-linux-bastion"]
 	path = submodules/quickstart-linux-bastion
 	url = [email protected]:aws-quickstart/quickstart-linux-bastion.git
-	branch = master
+	branch = main
diff --git a/ci/solace-aws-ha-3az-prod-travistest.json → ci/solace-aws-ha-3az-prod-test.json b/ci/solace-aws-ha-3az-prod-travistest.json → ci/solace-aws-ha-3az-prod-test.json
@@ -53,7 +53,7 @@
     },
     {
         "ParameterKey": "QSS3BucketName",
-        "ParameterValue": "solace-cf-quickstart-travistest"
+        "ParameterValue": "solace-cf-quickstart-ghtest"
     },
     {
         "ParameterKey": "QSS3BucketRegion",

diff --git a/submodules/quickstart-aws-vpc b/submodules/quickstart-aws-vpc
diff --git a/submodules/quickstart-linux-bastion b/submodules/quickstart-linux-bastion
diff --git a/templates/setup_sample_new_vpc.template b/templates/setup_sample_new_vpc.template
@@ -113,6 +113,33 @@ Resources:
         CreatePrivateSubnets: !Ref 'CreatePrivateSubnets'
         KeyPairName: !Ref 'KeyPairName'
         NumberOfAZs: !Ref 'NumberOfAZs'
+  BastionHostRole:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      Path: /
+      AssumeRolePolicyDocument:
+        Statement:
+          - Action:
+              - 'sts:AssumeRole'
+            Principal:
+              Service:
+                - !Sub 'ec2.${AWS::URLSuffix}'
+            Effect: Allow
+        Version: 2012-10-17
+      Policies:
+        - PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Action:
+                  - s3:GetObject
+                Resource: !Sub
+                  - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*
+                  - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
+                Effect: Allow
+          PolicyName: s3-policy
+      ManagedPolicyArns:
+        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore'
+        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy'
   BastionStack:
     Type: AWS::CloudFormation::Stack
     Condition: UsePrivateSubnets
@@ -124,12 +151,10 @@ Resources:
             S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
       Parameters:
         BastionInstanceType: t2.micro
-        BastionAMIOS: Amazon-Linux-HVM
         EnableBanner: 'true'
         BastionBanner: !Sub
-          - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/solace-banner.txt
-          - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
-            S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
+          - s3://${S3Bucket}/${QSS3KeyPrefix}scripts/solace-banner.txt
+          - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
         NumBastionHosts: '2'
         KeyPairName: !Ref 'KeyPairName'
         PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID'

diff --git a/templates/solace-master.template b/templates/solace-master.template
@@ -254,6 +254,33 @@ Resources:
         CreatePrivateSubnets: !Ref 'CreatePrivateSubnets'
         KeyPairName: !Ref 'KeyPairName'
         NumberOfAZs: !Ref 'NumberOfAZs'
+  BastionHostRole:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      Path: /
+      AssumeRolePolicyDocument:
+        Statement:
+          - Action:
+              - 'sts:AssumeRole'
+            Principal:
+              Service:
+                - !Sub 'ec2.${AWS::URLSuffix}'
+            Effect: Allow
+        Version: 2012-10-17
+      Policies:
+        - PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Action:
+                  - s3:GetObject
+                Resource: !Sub
+                  - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*
+                  - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
+                Effect: Allow
+          PolicyName: s3-policy
+      ManagedPolicyArns:
+        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore'
+        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy'
   BastionStack:
     Type: AWS::CloudFormation::Stack
     Condition: UsePrivateSubnets
@@ -265,12 +292,10 @@ Resources:
             S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
       Parameters:
         BastionInstanceType: t2.micro
-        BastionAMIOS: Amazon-Linux-HVM
         EnableBanner: 'true'
         BastionBanner: !Sub
-          - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/solace-banner.txt
-          - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]
-            S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
+          - s3://${S3Bucket}/${QSS3KeyPrefix}scripts/solace-banner.txt
+          - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
         NumBastionHosts: '2'
         KeyPairName: !Ref 'KeyPairName'
         PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID'
+37 −0		.github/workflows/master-docs-build.yml
+4 −0		.gitmodules
+0 −0		.nojekyll
+354 −0		.taskcat.yml
+ −		docs/.DS_Store
+1 −0		docs/boilerplate
+1 −0		docs/generated/parameters/index.adoc
+1 −0		docs/generated/regions/index.adoc
+1 −0		docs/generated/services/index.adoc
+1 −0		docs/generated/services/metadata.adoc
+ −		docs/images/architecture_diagram.png
+ −		docs/images/aws-quickstart-graphic.png
+ −		docs/images/cfn_outputs.png
+14 −0		docs/partner_editable/_settings.adoc
+323 −0		docs/partner_editable/additional_info.adoc
+35 −0		docs/partner_editable/architecture.adoc
+52 −0		docs/partner_editable/deploy_steps.adoc
+5 −0		docs/partner_editable/deployment_options.adoc
+33 −0		docs/partner_editable/faq_troubleshooting.adoc
+3 −0		docs/partner_editable/licenses.adoc
+11 −0		docs/partner_editable/overview_target_and_usage.adoc
+1 −0		docs/partner_editable/pre-reqs.adoc
+18 −0		docs/partner_editable/product_description.adoc
+29 −0		docs/partner_editable/regions.adoc
+7 −0		docs/partner_editable/service_limits.adoc
+6 −0		docs/partner_editable/specialized_knowledge.adoc
+1 −1		templates/aws-vpc.template
+118 −29		templates/aws-vpc.template.yaml
+1 −0		.gitignore
+1 −1		.gitmodules
+62 −138		.taskcat.yml
+0 −46		ci/linux-bastion-master-amznlinux2hvm.json
+0 −47		ci/linux-bastion-master-centos7hvm.json
+0 −46		ci/linux-bastion-master-sles15hvm.json
+0 −46		ci/linux-bastion-master-us1604hvm.json
+0 −47		ci/linux-bastion-master-us1804hvm.json
+0 −37		ci/taskcat.yml
+32 −0		scripts/auditing_configure.sh
+10 −100		scripts/bastion_bootstrap.sh
+1 −1		submodules/quickstart-aws-vpc
+4 −5		templates/linux-bastion-master.template
+135 −122		templates/linux-bastion.template