Merge branch 'main' into develop

CODEOWNERS

@@ -0,0 +1 @@
+* @aws-quickstart/aws_quickstart_team

README.md

@@ -1,3 +1,3 @@
-# quickstart-examples
+# AWS Partner Solution examples
 
-This GitHub repository contains example AWS Quick Start templates, including AWS CloudFormation, deployment guide, and diagram templates. It also includes examples that are discussed in the [Infrastructure & Automation blog](https://aws.amazon.com/blogs/infrastructure-and-automation/).
+This GitHub repository contains example files for [AWS Partner Solutions](https://aws.amazon.com/solutions/browse-all/?solutions-all.sort-by=item.additionalFields.sortDate&solutions-all.sort-order=desc&awsf.Content-Type=*all&awsf.AWS-Product%20Category=*all), including AWS CloudFormation templates, deployment guides, and architecture diagrams. It also includes examples that are discussed in posts on the [Integration & Automation Blog](https://aws.amazon.com/blogs/infrastructure-and-automation/).

blog-assets/change-cfn-stack-name/01-vpc-basic.yaml

@@ -0,0 +1,12 @@
+AWSTemplateFormatVersion: 2010-09-09
+
+Description: "Deploys a VPC (qs-1t72ibrq5)"
+
+Resources:
+  Vpc:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock: 10.0.0.0/16
+      Tags:
+        - Key: Name
+          Value: rename-stack-demo

blog-assets/change-cfn-stack-name/02-vpc-retain.yaml

@@ -0,0 +1,13 @@
+AWSTemplateFormatVersion: 2010-09-09
+
+Description: Deploys a VPC
+
+Resources:
+  Vpc:
+    Type: AWS::EC2::VPC
+    DeletionPolicy: Retain
+    Properties:
+      CidrBlock: 10.0.0.0/16
+      Tags:
+        - Key: Name
+          Value: rename-stack-demo

blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml

@@ -4,6 +4,11 @@ Parameters:
   AccessCIDR:
     Default: 0.0.0.0/0
     Type: String
+  KeyPairName:
+    Description: Name of an existing key pair, which allows you to securely connect to your bastion instance after it launches.
+      Leave empty to proceed without a key pair. You would need to use AWS Systems Manager Session Manager to connect to the provisioned EC2 instances.
+    Type: String
+    Default: ""
   JobName:
     Type: String
     Default: 'job-example'
@@ -21,16 +26,13 @@ Parameters:
     Default: 'aws-quickstart'
   PreworkScriptObject:
     Type: String
-    Default: 'quickstart-examples/blog-assets/eks-cluster-prework/script/pw-script.sh'
+    Default: 'quickstart-examples/blog-assets/eks-cluster-prework/scripts/pw-script.sh'
 Resources:
   EKSStack:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: 'https://aws-quickstart.s3.amazonaws.com/quickstart-amazon-eks/templates/amazon-eks-entrypoint-new-vpc.template.yaml'
       Parameters:
-        # QuickStart properties
-        QSS3BucketName: aws-quickstart
-        QSS3KeyPrefix: quickstart-amazon-eks/
         # Cluster properties
         ProvisionBastionHost: Enabled
         RemoteAccessCIDR: !Ref AccessCIDR
@@ -45,20 +47,16 @@ Resources:
       AwsCliCommand: !Sub "eks describe-cluster --name ${EKSStack.Outputs.EKSClusterName} --query 'cluster.identity.oidc.{issuer:issuer}'"
       IdField: 'issuer'
   PreworkStack:
+    DependsOn: EKSStack
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: 'https://aws-quickstart.s3.amazonaws.com/quickstart-examples/blog-assets/eks-cluster-prework/templates/prework.template.yaml'
       Parameters:
-        ClusterName: !Sub "EKSStack.Outputs.EKSClusterName"
+        ClusterName: !GetAtt "EKSStack.Outputs.EKSClusterName"
         PreworkScriptBucket: !Ref PreworkScriptBucket
         PreworkScriptObject: !Ref PreworkScriptObject
         JobName: !Ref JobName
         KubernetesNameSpace: "prework-example"
-        OIDCProvider: !Sub
-          - "${OIDCProvider1}/${OIDCProvider2}/${OIDCProvider3}"
-          - OIDCProvider1: !Select [ 2, !Split [ "/", !Ref GetOIDCProvider ] ]
-            OIDCProvider2: !Select [ 3, !Split [ "/", !Ref GetOIDCProvider ] ]
-            OIDCProvider3: !Select [ 4, !Split [ "/", !Ref GetOIDCProvider ] ]
 Outputs:
   EKSClusterName:
     Value: !GetAtt EKSStack.Outputs.EKSClusterName

blog-assets/eks-cluster-prework/templates/prework.template.yaml

@@ -8,18 +8,14 @@ Parameters:
     Default: aws-quickstart
   PreworkScriptObject:
     Type: String
-    Default: "quickstart-examples/samples/eks-cluster-prework/scripts/pw-script.sh"
+    Default: "quickstart-examples/blog-assets/eks-cluster-prework/scripts/pw-script.sh"
   JobName:
     Type: String
-    Default: job-example
+    Default: example-job
     AllowedPattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
     ConstraintDescription: "a lowercase RFC 1123 subdomain must consist of lower case
       alphanumeric characters, '-' or '.', and must start and end with an alphanumeric
       character"
-  OIDCProvider:
-    Type: String
-    Description: Amazon EKS cluster OIDC provider, without the protocol (e.g., oidc.eks.us-east-1.amazonaws.com/id/SADFASFFASFXCCVXCVSDFSDF).
-    Default: ""
   KubernetesNameSpace:
     Type: String
     Default: "prework-example"
@@ -49,6 +45,7 @@ Resources:
           }
         - NameSpace: !Ref KubernetesNameSpace
           ResourceName: !Sub "pw-service-account-${JobName}"
+          OIDCProvider: !Join [ '', !Split [ 'https://', !Ref 'GetOIDCProvider' ] ]
       Path: "/"
       Policies:
         - PolicyName: root
@@ -60,7 +57,13 @@ Resources:
                   - s3:GetObject
                   - s3:HeadObject
                 Resource:
-                  -  !Sub "arn:aws:s3:::${PreworkScriptBucket}/${PreworkScriptObject}"
+                  - !Sub "arn:${AWS::Partition}:s3:::${PreworkScriptBucket}/${PreworkScriptObject}"
+  GetOIDCProvider:
+    Type: Custom::GetOIDCProvider
+    Properties:
+      ServiceToken: !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:eks-quickstart-ResourceReader"
+      AwsCliCommand: !Sub "eks describe-cluster --name ${ClusterName} --query 'cluster.identity.oidc.{issuer:issuer}'"
+      IdField: 'issuer'
   KubePreWorkNamespace:
     Type: "AWSQS::Kubernetes::Resource"
     Properties:
@@ -164,10 +167,9 @@ Resources:
                   args:
                   - >
                     sleep 15;
-                    yum update -y;
-                    yum install -y awscli;
                     export AWS_REGION=${AWS::Region};
                     export NS=${NameSpace};
+                    yum install -y aws-cli;
                     aws sts get-caller-identity;
                     aws s3 cp ${!S3_SCRIPT_URL} ./prework-script.sh &&
                     chmod +x ./prework-script.sh &&
@@ -184,4 +186,4 @@ Resources:
             backoffLimit: 4
         - ResourceName: !Sub "pw-job-${JobName}"
           NameSpace: !Ref "KubernetesNameSpace"
-          S3ScriptURL: !Sub "s3://${PreworkScriptBucket}/${PreworkScriptObject}"
+          S3ScriptURL: !Sub "s3://${PreworkScriptBucket}/${PreworkScriptObject}"

blog-assets/svcvirt-apigateway-cfn/template.yaml

@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 
-Description: AWS API Gateway working as a Service Virtualization
+Description: "AWS API Gateway working as a Service Virtualization (qs-1sq3s942d)"
 
 Resources:
 
@@ -155,4 +155,4 @@ Resources:
       - PostMethod
     Properties:
       Description: Mock API Deployment
-      RestApiId: !Ref RestApi
+      RestApiId: !Ref RestApi

samples/cloudformation-cross-account/functions/source/CfnStackAssumeRole/lambda_function.py

@@ -3,7 +3,7 @@
 import string
 import logging
 import threading
-from botocore.vendored import requests
+import requests
 import json
 from botocore.credentials import (
     AssumeRoleCredentialFetcher,

samples/cloudformation-cross-account/functions/source/CfnStackAssumeRole/requirements.txt

@@ -0,0 +1 @@
+requests

samples/cloudformation-stack-ttl/scripts/deploy-admin-stack.sh

@@ -1,6 +1,6 @@
 #! /bin/bash
 
 aws cloudformation create-stack --stack-name --region us-east-1 cfn-admin-role-stack \
-  --template-url https://s3.amazonaws.com/quickstart-examples/samples/cloudformation-stack-ttl/templates/cloudformation-admin-iam.yaml \
+  --template-url https://s3.amazonaws.com/aws-quickstart/quickstart-examples/samples/cloudformation-stack-ttl/templates/cloudformation-admin-iam.yaml \
   --capabilities "CAPABILITY_IAM" "CAPABILITY_AUTO_EXPAND" \
-  --disable-rollback
+  --disable-rollback

samples/cloudformation-stack-ttl/scripts/deploy-demo-stack.sh

@@ -1,7 +1,7 @@
 #! /bin/bash
 
 aws cloudformation create-stack --stack-name --region us-east-1 demo-stack-ttl \
-  --template-url https://s3.amazonaws.com/quickstart-examples/samples/cloudformation-stack-ttl/templates/demo-stack-ttl.yaml \
+  --template-url https://s3.amazonaws.com/aws-quickstart/quickstart-examples/samples/cloudformation-stack-ttl/templates/demo-stack-ttl.yaml \
   --capabilities "CAPABILITY_IAM" "CAPABILITY_AUTO_EXPAND" \
   --role-arn "<ADD_CLOUDFORMATION_SERVICE_ROLE_ARN_HERE>" \
-  --disable-rollback
+  --disable-rollback

samples/cloudformation-stack-ttl/templates/cloudformation-stack-ttl.yaml

@@ -78,7 +78,7 @@ Resources:
         Variables:
           stackName: !Ref 'StackName'
       Handler: "index.handler"
-      Runtime: "python3.6"
+      Runtime: "python3.9"
       Timeout: "5"
       Role: !GetAtt DeleteCFNLambdaExecutionRole.Arn
   DeleteStackEventRule:
@@ -161,7 +161,7 @@ Resources:
                 status = cfnresponse.FAILED
                 cfnresponse.send(event, context, status, {}, None)
       Handler: "index.handler"
-      Runtime: "python3.6"
+      Runtime: "python3.9"
       Timeout: "5"
       Role: !GetAtt BasicLambdaExecutionRole.Arn
 

samples/session-manager-ssh/session-manager-example.yaml

@@ -66,7 +66,7 @@ Resources:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL:
-        Fn::Sub: https://aws-quickstart.s3.amazonaws.com/quickstart-aws-vpc/templates/aws-vpc.template
+        Fn::Sub: https://aws-quickstart.s3.amazonaws.com/quickstart-aws-vpc/templates/aws-vpc.template.yaml
       Parameters:
         AvailabilityZones:
           Fn::Join:

samples/session-manager-ssh/session-manager-ssh-example.yaml

@@ -70,7 +70,7 @@ Resources:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL:
-        Fn::Sub: https://aws-quickstart.s3.amazonaws.com/quickstart-aws-vpc/templates/aws-vpc.template
+        Fn::Sub: https://aws-quickstart.s3.amazonaws.com/quickstart-aws-vpc/templates/aws-vpc.template.yaml
       Parameters:
         AvailabilityZones:
           Fn::Join: