diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..6bdaa99 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,6 @@ +*Issue #, if available:* + +*Description of changes:* + + +By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. diff --git a/.gitignore b/.gitignore index dbf1ad5..970f1df 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,11 @@ **/.nyc_output **/global-s3-assets **/regional-s3-assets -**/npm-debug.log \ No newline at end of file +**/npm-debug.log + +#cdk related files +*cdk.out* +*.d.ts +source/bin/*.js +source/lib/*.js +source/test/*.js \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 9640a0f..bc26e94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [5.3.3] - 2020-09-16 +### Added +- Modified the solution to utilize cdk solution constructs. + +### Fixed +- UUID Depenency changes + ## [5.3.2] - 2020-01-21 ### Fixed - SQS KMS key diff --git a/NOTICE.txt b/NOTICE.txt index e95c08e..4901cbc 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -1,6 +1,6 @@ AWS Limit Monitor Solution -Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/ or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, diff --git a/README.md b/README.md index 4b4ce93..7bb1d27 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ The AWS Limit Monitor Solution is a reference implementation that provides a foundation for monitoring AWS service limits. Customers can leverage the solution to monitor limits across services supported by Amazon Trusted Advisor; in multiple regions and multiple AWS accounts. The solution integrates with Amazon SNS and Slack to notify customers for service limits approaching thresholds. ## Getting Started -To get started with the AWS Limit Monitor Solution, please review the solution documentation. https://aws.amazon.com/answers/account-management/limit-monitor/ +To get started with the AWS Limit Monitor Solution, please review the solution documentation. [Documentation](https://aws.amazon.com/solutions/implementations/limit-monitor/) ## Running unit tests for customization * Clone the repository, then make the desired code changes @@ -18,13 +18,15 @@ chmod +x ./run-unit-tests.sh \n ``` export TEMPLATE_OUTPUT_BUCKET=my-bucket-name # bucket where cfn template will reside export DIST_OUTPUT_BUCKET=my-bucket-name # bucket where customized code will reside +export SOLUTION_NAME=aws-limit-monitor # Solution name +export SOLUTION_VERSION=v5.3.3 # Solution version ``` _Note:_ You would have to create 2 buckets, one with prefix 'my-bucket-name' and another regional bucket with prefix 'my-bucket-name-'; aws_region is where you are testing the customized solution. Also, the assets in bucket should be publicly accessible * Now build the distributable: ``` chmod +x ./build-s3-dist.sh \n -./build-s3-dist.sh $DIST_OUTPUT_BUCKET $TEMPLATE_OUTPUT_BUCKET \n +./build-s3-dist.sh $DIST_OUTPUT_BUCKET $SOLUTION_NAME $SOLUTION_VERSION $TEMPLATE_OUTPUT_BUCKET \n ``` * Deploy the distributable to an Amazon S3 bucket in your account. _Note:_ you must have the AWS Command Line Interface installed. @@ -42,73 +44,55 @@ The AWS Limit Monitor Solution project consists of 4 microservices which is depl ``` |-source/ - |-services/ - |-customhelper/ [ microservice for handling cloudformation custom resources ] - |-lib/ - |-[ service module unit tests ] - |-index.js [main module] - |-logger.js [logger module] - |-metrics-helper.js [ helper module for sending anonymous metrics ] - |-index.js [ injection point for microservice ] - |-package.json - |-limitreport/ [ microservice for summarizing service limits ] - |-lib/ - |-[ service module unit tests ] - |-index.js [main module] - |-limit-report.js [message handling module] - |-logger.js [logger module] - |-metrics-helper.js [ helper module for sending anonymous metrics ] - |-index.js [ injection point for microservice ] - |-package.json - |-slacknotify/ [ microservice for sending slack notifications ] - |-lib/ - |-[ service module unit tests ] - |-index.js [main module] - |-logger.js [logger module] - |-slack-notify.js [slack messaging module] - |-index.js [ injection point for microservice ] - |-package.json - |-tarefresh/ [ microservice for refreshing TA checks ] - |-lib/ - |-[ service module unit tests ] - |-index.js [main module] - |-logger.js [logger module] - |-ta-refresh.js [TA checks module] - |-index.js [ injection point for microservice ] - |-package.json -``` -*** - -#### v5.0 changes - -```bash -* Hub and Spoke model to support multiple accounts -* Service level granularity with Trusted Advisor service limit checks -* DynamoDB for storing current limit usage and details -* Slack workspace integration for notifications -``` - -#### v5.1.1 changes - -```bash -* SlackHookURLKey and SlackChannelKey parameters added to primary template for slack workspace -* Slack ssm parameters will be created with the provided keys ONLY if they do not exist already -* Regex pattern matching for account id, allowing only 12 digit, coma separated and double quoted ids -* Fix in concurrent CW Event Bus put permission (PR #18) -``` - -#### v5.2 changes - -```bash -* Added Trusted Advisor service limit checks for Route53 and DynamoDB -* Fixed mapping between DynamoDB attributes and TA keys -* Fixed incorrect attribute mappings + |-bin + |-lambda + |-services/ + |-customhelper/ [ microservice for handling cloudformation custom resources ] + |-lib/ + |-[ service module unit tests ] + |-index.js [main module] + |-logger.js [logger module] + |-metrics-helper.js [ helper module for sending anonymous metrics ] + |-index.js [ injection point for microservice ] + |-package.json + |-limitreport/ [ microservice for summarizing service limits ] + |-lib/ + |-[ service module unit tests ] + |-index.js [main module] + |-limit-report.js [message handling module] + |-logger.js [logger module] + |-metrics-helper.js [ helper module for sending anonymous metrics ] + |-index.js [ injection point for microservice ] + |-package.json + |-slacknotify/ [ microservice for sending slack notifications ] + |-lib/ + |-[ service module unit tests ] + |-index.js [main module] + |-logger.js [logger module] + |-slack-notify.js [slack messaging module] + |-index.js [ injection point for microservice ] + |-package.json + |-tarefresh/ [ microservice for refreshing TA checks ] + |-lib/ + |-[ service module unit tests ] + |-index.js [main module] + |-logger.js [logger module] + |-ta-refresh.js [TA checks module] + |-index.js [ injection point for microservice ] + |-package.json + |-test + |-lib + |-cdk.json + |-jest.config.js + |-package.json + |-README.md + |-tsconfig.json ``` *** *** -Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); You may not use this file except in compliance with the License. diff --git a/deployment/build-open-source-dist.sh b/deployment/build-open-source-dist.sh new file mode 100755 index 0000000..5a3a3cb --- /dev/null +++ b/deployment/build-open-source-dist.sh @@ -0,0 +1,136 @@ +#!/bin/bash +# +# This script packages your project into an open-source solution distributable +# that can be published to sites like GitHub. +# +# Important notes and prereq's: +# 1. The initialize-repo.sh script must have been run in order for this script to +# function properly. +# 2. This script should be run from the repo's /deployment folder. +# +# This script will perform the following tasks: +# 1. Remove any old dist files from previous runs. +# 2. Package the GitHub contribution and pull request templates (typically +# found in the /.github folder). +# 3. Package the /source folder along with the necessary root-level +# open-source artifacts (i.e. CHANGELOG, etc.). +# 4. Remove any unecessary artifacts from the /open-source folder (i.e. +# node_modules, package-lock.json, etc.). +# 5. Zip up the /open-source folder and create the distributable. +# 6. Remove any temporary files used for staging. +# +# Parameters: +# - solution-name: name of the solution for consistency + +# Check to see if the required parameters have been provided: +if [ -z "$1" ]; then + echo "Please provide the trademark approved solution name for the open source package." + echo "For example: ./build-open-source-dist.sh trademarked-solution-name" + exit 1 +fi + +# Get reference for all important folders +source_template_dir="$PWD" +dist_dir="$source_template_dir/open-source" +source_dir="$source_template_dir/../source" +github_dir="$source_template_dir/../.github" +dist_deployment_dir="$dist_dir/deployment" + +echo "------------------------------------------------------------------------------" +echo "[Init] Remove any old dist files from previous runs" +echo "------------------------------------------------------------------------------" + +echo "rm -rf $dist_dir" +rm -rf $dist_dir +echo "mkdir -p $dist_dir" +mkdir -p $dist_dir + +echo "------------------------------------------------------------------------------" +echo "Copying deployment folder" +echo "------------------------------------------------------------------------------" +echo "rm -rf $dist_deployment_dir" +rm -rf $dist_deployment_dir +echo "mkdir -p $dist_deployment_dir" +mkdir -p $dist_deployment_dir + +cp $source_template_dir/build-s3-dist.sh $dist_deployment_dir/ +cp $source_template_dir/build-open-source-dist.sh $dist_deployment_dir/ +cp $source_template_dir/run-unit-tests.sh $dist_deployment_dir/ + +echo "------------------------------------------------------------------------------" +echo "[Packing] GitHub templates" +echo "------------------------------------------------------------------------------" + +echo "cp -r $github_dir $dist_dir" +cp -r $github_dir $dist_dir + +echo "------------------------------------------------------------------------------" +echo "[Packing] Source folder" +echo "------------------------------------------------------------------------------" + +echo "cp -r $source_dir $dist_dir" +cp -r $source_dir $dist_dir + +echo "------------------------------------------------------------------------------" +echo "[Packing] Files from the root level of the project" +echo "------------------------------------------------------------------------------" + +echo "cp $source_template_dir/../LICENSE.txt $dist_dir" +cp $source_template_dir/../LICENSE.txt $dist_dir + +echo "cp $source_template_dir/../NOTICE.txt $dist_dir" +cp $source_template_dir/../NOTICE.txt $dist_dir + +echo "cp $source_template_dir/../README.md $dist_dir" +cp $source_template_dir/../README.md $dist_dir + +echo "cp $source_template_dir/../CODE_OF_CONDUCT.md $dist_dir" +cp $source_template_dir/../CODE_OF_CONDUCT.md $dist_dir + +echo "cp $source_template_dir/../CONTRIBUTING.md $dist_dir" +cp $source_template_dir/../CONTRIBUTING.md $dist_dir + +echo "cp $source_template_dir/../CHANGELOG.md $dist_dir" +cp $source_template_dir/../CHANGELOG.md $dist_dir + +echo "cp $source_template_dir/../.gitignore $dist_dir" +cp $source_template_dir/../.gitignore $dist_dir + +echo "------------------------------------------------------------------------------" +echo "[Packing] Clean up the open-source distributable" +echo "------------------------------------------------------------------------------" +echo $dist_dir +# General cleanup of node_modules and package-lock.json files +echo "find $dist_dir -iname "node_modules" -type d -exec rm -rf "{}" \; 2> /dev/null" +find $dist_dir -iname "node_modules" -type d -exec rm -rf "{}" \; 2> /dev/null +echo "find $dist_dir -iname "package-lock.json" -type f -exec rm -f "{}" \; 2> /dev/null" +find $dist_dir -iname "package-lock.json" -type f -exec rm -f "{}" \; 2> /dev/null +echo "find $dist_dir -iname ".nyc_output" -type d -exec rm -rf "{}" \; 2> /dev/null" +find $dist_dir -iname ".nyc_output" -type d -exec rm -rf "{}" \; 2> /dev/null +echo "find $dist_dir -iname "cdk.out" -type d -exec rm -rf "{}" \; 2> /dev/null" +find $dist_dir -iname "cdk.out" -type d -exec rm -rf "{}" \; 2> /dev/null +echo "find $dist_dir -iname "dist" -type d -exec rm -rf "{}" \; 2> /dev/null" +find $dist_dir -iname "dist" -type d -exec rm -rf "{}" \; 2> /dev/null +echo "find $dist_dir -iname "coverage" -type d -exec rm -rf "{}" \; 2> /dev/null" +find $dist_dir -iname "coverage" -type d -exec rm -rf "{}" \; 2> /dev/null + +echo "------------------------------------------------------------------------------" +echo "[Packing] Create GitHub (open-source) zip file" +echo "------------------------------------------------------------------------------" + +# Create the zip file +echo "cd $dist_dir" +cd $dist_dir +echo "zip -q -r9 ../$1.zip ." +zip -q -r9 ../$1.zip . + +# Cleanup any temporary/unnecessary files +echo "Clean up open-source folder" +echo "rm -rf * .*" +rm -rf * .* + +# Place final zip file in $dist_dir +echo "mv ../$1.zip ." +mv ../$1.zip . + +echo "Completed building $1.zip dist" \ No newline at end of file diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh index fc06d3d..83b191b 100755 --- a/deployment/build-s3-dist.sh +++ b/deployment/build-s3-dist.sh @@ -1,124 +1,239 @@ -#!/bin/bash +#!/bin/bash +# +# This script packages your project into a solution distributable that can be +# used as an input to the solution builder validation pipeline. +# +# Important notes and prereq's: +# 1. The initialize-repo.sh script must have been run in order for this script to +# function properly. +# 2. This script should be run from the repo's /deployment folder. # -# This assumes all of the OS-level configuration has been completed and git repo has already been cloned -# -# This script should be run from the repo's deployment directory -# cd deployment -# ./build-s3-dist.sh source-bucket-base-name trademarked-solution-name version-code -# -# Paramenters: -# - source-bucket-base-name: Name for the S3 bucket location where the template will source the Lambda -# code from. The template will append '-[region_name]' to this bucket name. -# For example: ./build-s3-dist.sh solutions my-solution v1.0.0 -# The template will then expect the source code to be located in the solutions-[region_name] bucket -# -# - trademarked-solution-name: name of the solution for consistency -# -# - version-code: version of the package - -# Check to see if input has been provided: -if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] || [ -z "$4" ]; then - echo "Please provide the base source bucket name, trademark approved solution name, version and template bucket name where the lambda code will eventually reside." - echo "For example: ./build-s3-dist.sh solutions trademarked-solution-name v1.0.0" - exit 1 -fi +# This script will perform the following tasks: +# 1. Remove any old dist files from previous runs. +# 2. Install dependencies for the cdk-solution-helper; responsible for +# converting standard 'cdk synth' output into solution assets. +# 3. Build and synthesize your CDK project. +# 4. Run the cdk-solution-helper on template outputs and organize +# those outputs into the /global-s3-assets folder. +# 5. Organize source code artifacts into the /regional-s3-assets folder. +# 6. Remove any temporary files used for staging. +# +# Parameters: +# - source-bucket-base-name: Name for the S3 bucket location where the template will source the Lambda +# code from. The template will append '-[region_name]' to this bucket name. +# For example: ./build-s3-dist.sh solutions v1.0.0 +# The template will then expect the source code to be located in the solutions-[region_name] bucket +# - solution-name: name of the solution for consistency +# - version-code: version of the package -# Get reference for all important folders -template_dir="$PWD" -template_dist_dir="$template_dir/global-s3-assets" -build_dist_dir="$template_dir/regional-s3-assets" -source_dir="$template_dir/../source" - -echo "------------------------------------------------------------------------------" -echo "[Init] Clean old dist folders" -echo "------------------------------------------------------------------------------" -echo "rm -rf $template_dist_dir" -rm -rf $template_dist_dir -echo "mkdir -p $template_dist_dir" -mkdir -p $template_dist_dir -echo "rm -rf $build_dist_dir" -rm -rf $build_dist_dir -echo "mkdir -p $build_dist_dir" -mkdir -p $build_dist_dir +# Important: CDK global version number +cdk_version=1.62 -echo "------------------------------------------------------------------------------" -echo "[Packing] Templates" -echo "------------------------------------------------------------------------------" -echo "cp $template_dir/*.template $template_dist_dir" -cp -R $template_dir/*.template $template_dist_dir/ +# Check to see if the required parameters have been provided: +if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] || [-z "$4"]; then + echo "Please provide the base source bucket name, trademark approved solution name, version and template bucket name where the lambda code will eventually reside." + echo "For example: ./build-s3-dist.sh solutions trademarked-solution-name v1.0.0 template-bucket" + exit 1 +fi + +export DIST_TEMPLATE_BUCKET=$4 +export DIST_VERSION=$3 +export DIST_OUTPUT_BUCKET=$1 +export SOLUTION_ID=SO0005 +export SOLUTION_NAME=$2 +export SOLUTION_TRADEMARKEDNAME=$2 + +# Functions to reduce repetitive code +# do_cmd will exit if the command has a non-zero return code. +do_cmd () { + echo "------ EXEC $*" + $* + rc=$? + if [ $rc -gt 0 ] + then + echo "Aborted - rc=$rc" + exit $rc + fi +} + +# Get reference for all important folders +template_dir="$PWD" +staging_dist_dir="$template_dir/staging" +template_dist_dir="$template_dir/global-s3-assets" +build_dist_dir="$template_dir/regional-s3-assets" +source_dir="$template_dir/../source" + +echo "------------------------------------------------------------------------------" +echo "[Init] Remove any old dist files from previous runs" +echo "------------------------------------------------------------------------------" -echo "Updating code source bucket in template with $1" -replace="s/%%BUCKET_NAME%%/$1/g" -sed -i '' -e $replace $template_dist_dir/*.template +echo "rm -rf $template_dist_dir" +do_cmd rm -rf $template_dist_dir +echo "mkdir -p $template_dist_dir" +do_cmd mkdir -p $template_dist_dir +echo "rm -rf $build_dist_dir" +do_cmd rm -rf $build_dist_dir +echo "mkdir -p $build_dist_dir" +do_cmd mkdir -p $build_dist_dir +echo "rm -rf $staging_dist_dir" +do_cmd rm -rf $staging_dist_dir +echo "mkdir -p $staging_dist_dir" +do_cmd mkdir -p $staging_dist_dir -replace="s/%%SOLUTION_NAME%%/$2/g" -sed -i '' -e $replace $template_dist_dir/*.template +echo "------------------------------------------------------------------------------" +echo "[Synth] CDK Project" +echo "------------------------------------------------------------------------------" -replace="s/%%VERSION%%/$3/g" -sed -i '' -e $replace $template_dist_dir/*.template +# Install the global aws-cdk package +echo "cd $source_dir" +cd $source_dir +echo "npm install -g aws-cdk@$cdk_version" +npm install -g aws-cdk@$cdk_version -replace="s/%%TEMPLATE_BUCKET_NAME%%/$4/g" -sed -i '' -e $replace $template_dist_dir/*.template +# Run npm run build && npm run test for the cdk component unit tests +echo "npm run build && npm run test" +do_cmd npm install +do_cmd npm run build && npm run test + +# Run all the lambda source code tests. +echo "$template_dir/run-unit-tests.sh" +do_cmd $template_dir/run-unit-tests.sh + +# Run 'cdk synth' to generate raw solution outputs +echo "cdk synth --output=$staging_dist_dir" +do_cmd cdk synth --output=$staging_dist_dir + +# Remove unnecessary output files +echo "cd $staging_dist_dir" +cd $staging_dist_dir +echo "rm tree.json manifest.json cdk.out" +do_cmd rm tree.json manifest.json cdk.out + +echo "------------------------------------------------------------------------------" +echo "[Packing] Template artifacts" +echo "------------------------------------------------------------------------------" + +# Move outputs from staging to template_dist_dir +echo "Move outputs from staging to template_dist_dir" +echo "cp $template_dir/*.template $template_dist_dir/" +do_cmd cp $staging_dist_dir/*.template.json $template_dist_dir/ +do_cmd rm *.template.json + +# Rename all *.template.json files to *.template +echo "Rename all *.template.json to *.template" +echo "copy templates and rename" +for f in $template_dist_dir/*.template.json; do + mv -- "$f" "${f%.template.json}.template" +done + +echo "------------------------------------------------------------------------------" +echo "[Packing] Source code artifacts" +echo "------------------------------------------------------------------------------" echo "------------------------------------------------------------------------------" echo "[Rebuild] Resources - Logger" echo "------------------------------------------------------------------------------" -cd $source_dir/resources/logger -npm run build +cd $source_dir/lambda/resources/logger +do_cmd npm run build echo "------------------------------------------------------------------------------" echo "[Rebuild] Resources - CW Metric helper" echo "------------------------------------------------------------------------------" -cd $source_dir/resources/cw-metric-poller -npm run build +cd $source_dir/lambda//resources/cw-metric-poller +do_cmd npm run build echo "------------------------------------------------------------------------------" echo "[Rebuild] Resources - Event Injector" echo "------------------------------------------------------------------------------" -cd $source_dir/resources/event-injector -npm run build +cd $source_dir/lambda/resources/event-injector +do_cmd npm run build echo "------------------------------------------------------------------------------" echo "[Rebuild] Services - Limit Report" echo "------------------------------------------------------------------------------" -cd $source_dir/services/limitreport -npm install -npm run build -npm run zip -cp dist/limtr-report-service.zip $build_dist_dir/limtr-report-service.zip +cd $source_dir/lambda/services/limitreport +do_cmd npm install +do_cmd npm run build +do_cmd npm run zip +do_cmd cp dist/limtr-report-service.zip $build_dist_dir/limtr-report-service.zip echo "------------------------------------------------------------------------------" echo "[Rebuild] Services - Slack Notify" echo "------------------------------------------------------------------------------" -cd $source_dir/services/slacknotify -npm install -npm run build -npm run zip -cp dist/limtr-slack-service.zip $build_dist_dir/limtr-slack-service.zip +cd $source_dir/lambda/services/slacknotify +do_cmd npm install +do_cmd npm run build +do_cmd npm run zip +do_cmd cp dist/limtr-slack-service.zip $build_dist_dir/limtr-slack-service.zip echo "------------------------------------------------------------------------------" echo "[Rebuild] Services - TA Refresh" echo "------------------------------------------------------------------------------" -cd $source_dir/services/tarefresh -npm install -npm run build -npm run zip -cp dist/limtr-refresh-service.zip $build_dist_dir/limtr-refresh-service.zip +cd $source_dir/lambda/services/tarefresh +do_cmd npm install +do_cmd npm run build +do_cmd npm run zip +do_cmd cp dist/limtr-refresh-service.zip $build_dist_dir/limtr-refresh-service.zip echo "------------------------------------------------------------------------------" echo "[Rebuild] Services - Custom Helper" echo "------------------------------------------------------------------------------" -cd $source_dir/services/customhelper -npm install -npm run build -npm run zip -cp dist/limtr-helper-service.zip $build_dist_dir/limtr-helper-service.zip +cd $source_dir/lambda/services/customhelper +do_cmd npm install +do_cmd npm run build +do_cmd npm run zip +do_cmd cp dist/limtr-helper-service.zip $build_dist_dir/limtr-helper-service.zip echo "------------------------------------------------------------------------------" echo "[Rebuild] Services - Service Quotas Checks" echo "------------------------------------------------------------------------------" -cd $source_dir/services/servicequotaschecks -npm install -npm run build -npm run zip -cp dist/service-quotas-checks-service.zip $build_dist_dir/service-quotas-checks-service.zip \ No newline at end of file +cd $source_dir/lambda/services/servicequotaschecks +do_cmd npm install +do_cmd npm run build +do_cmd npm run zip +do_cmd cp dist/service-quotas-checks-service.zip $build_dist_dir/service-quotas-checks-service.zip + +# General cleanup of node_modules and package-lock.json files +echo "find $staging_dist_dir -iname "node_modules" -type d -exec rm -rf "{}" \; 2> /dev/null" +find $staging_dist_dir -iname "node_modules" -type d -exec rm -rf "{}" \; 2> /dev/null +echo "find $staging_dist_dir -iname "package-lock.json" -type f -exec rm -f "{}" \; 2> /dev/null" +find $staging_dist_dir -iname "package-lock.json" -type f -exec rm -f "{}" \; 2> /dev/null + +# ... For each asset.* source code artifact in the temporary /staging folder... +cd $staging_dist_dir +for d in `find . -mindepth 1 -maxdepth 1 -type d`; do + + # Rename the artifact, removing the period for handler compatibility + pfname="$(basename -- $d)" + fname="$(echo $pfname | sed -e 's/\.//g')" + echo "zip -r $fname.zip $fname" + mv $d $fname + + # Zip the artifact + echo "zip -r $fname.zip $fname" + zip -r $fname.zip $fname + + # Copy the zipped artifact from /staging to /regional-s3-assets + echo "cp $fname.zip $build_dist_dir" + cp $fname.zip $build_dist_dir + + # Remove the old, unzipped artifact from /staging + echo "rm -rf $fname" + rm -rf $fname + + # Remove the old, zipped artifact from /staging + echo "rm $fname.zip" + rm $fname.zip + + # ... repeat until all source code artifacts are zipped and placed in the + # ... /regional-s3-assets folder + +done + +echo "------------------------------------------------------------------------------" +echo "[Cleanup] Remove temporary files" +echo "------------------------------------------------------------------------------" + +# Delete the temporary /staging folder +echo "rm -rf $staging_dist_dir" +rm -rf $staging_dist_dir diff --git a/deployment/limit-monitor-spoke.template b/deployment/limit-monitor-spoke.template deleted file mode 100644 index 1c36fa7..0000000 --- a/deployment/limit-monitor-spoke.template +++ /dev/null @@ -1,299 +0,0 @@ -# %%SOLUTION_NAME%% -# -# template for %%SOLUTION_NAME%% -# **DO NOT DELETE** -# -# author: aws-solutions-builder@ -AWSTemplateFormatVersion: 2010-09-09 - -Description: (SO0005s) - The AWS CloudFormation template for deployment of the %%SOLUTION_NAME%%. Version %%VERSION%% - Spoke Template - -Parameters: - # Master Account - MasterAccount: - Description: Account Id for the master account, eg. 999999000000 - Type: String - AllowedPattern: ^\d{12}$ - -Metadata: - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Limit Monitor Configuration - Parameters: - - MasterAccount - ParameterLabels: - MasterAccount: - default: Primary Account - -Mappings: - MetricsMap: - Send-Data: - SendAnonymousData: "Yes" - - RefreshRate: - CronSchedule: - Default: rate(1 day) # change if needed - - SourceCode: - General: - S3Bucket: %%BUCKET_NAME%% - KeyPrefix: "%%SOLUTION_NAME%%/%%VERSION%%" - TemplateBucket: %%TEMPLATE_BUCKET_NAME%% - - - EventsMap: - Checks: - Services: '"AutoScaling","CloudFormation","DynamoDB","EBS","EC2","ELB","IAM","Kinesis","RDS","Route53","SES","VPC"' #change if needed - -Resources: - # - # Limit Monitor Cloudwatch Rules - # [TAOkRule, TAWarnRule, TAErrorRule] - # - TAOkRule: - Type: AWS::Events::Rule - Properties: - Description: Limit Monitor Solution - Spoke - Rule for TA OK events - EventPattern: !Join - - "" - - - '{"account":["' - - !Ref AWS::AccountId - - '"],' - - '"source":["aws.trustedadvisor", "limit-monitor-solution"],' - - '"detail-type":["Trusted Advisor Check Item Refresh Notification", "Limit Monitor Checks"],' - - '"detail":{' - - '"status":[' - - '"OK"' - - "]," - - '"check-item-detail":{' - - '"Service":[' - - !FindInMap - - EventsMap - - Checks - - Services - - "]" - - "}" - - "}" - - "}" - State: ENABLED - Targets: - - Arn: !Sub arn:aws:events:us-east-1:${MasterAccount}:event-bus/default - Id: SpokeOkTarget - - TAWarnRule: - Type: AWS::Events::Rule - Properties: - Description: Limit Monitor Solution - Spoke - Rule for TA WARN events - EventPattern: !Join - - "" - - - '{"account":["' - - !Ref AWS::AccountId - - '"],' - - '"source":["aws.trustedadvisor", "limit-monitor-solution"],' - - '"detail-type":["Trusted Advisor Check Item Refresh Notification", "Limit Monitor Checks"],' - - '"detail":{' - - '"status":[' - - '"WARN"' - - "]," - - '"check-item-detail":{' - - '"Service":[' - - !FindInMap - - EventsMap - - Checks - - Services - - "]" - - "}" - - "}" - - "}" - State: ENABLED - Targets: - - Arn: !Sub arn:aws:events:us-east-1:${MasterAccount}:event-bus/default - Id: SpokeWarnTarget - - TASErrorRule: - Type: AWS::Events::Rule - Properties: - Description: Limit Monitor Solution - Spoke - Rule for TA ERROR events - EventPattern: !Join - - "" - - - '{"account":["' - - !Ref AWS::AccountId - - '"],' - - '"source":["aws.trustedadvisor", "limit-monitor-solution"],' - - '"detail-type":["Trusted Advisor Check Item Refresh Notification", "Limit Monitor Checks"],' - - '"detail":{' - - '"status":[' - - '"ERROR"' - - "]," - - '"check-item-detail":{' - - '"Service":[' - - !FindInMap - - EventsMap - - Checks - - Services - - "]" - - "}" - - "}" - - "}" - State: ENABLED - Targets: - - Arn: !Sub arn:aws:events:us-east-1:${MasterAccount}:event-bus/default - Id: SpokeErrorTarget - - # - # TA Refresh resources - # [TARefreshSchedule, TARefresher, TARefresherRole, TARefresherInvokePermission] - # - TARefreshSchedule: - Type: AWS::Events::Rule - Properties: - Description: Schedule to refresh TA checks - ScheduleExpression: !FindInMap [RefreshRate, CronSchedule, Default] - State: ENABLED - Targets: - - Arn: !Sub ${TARefresher.Arn} - Id: TARefreshRate - - TARefresher: - Type: AWS::Lambda::Function - Properties: - Description: Serverless Limit Monitor - Lambda function to summarize service limits - Environment: - Variables: - AWS_SERVICES: !FindInMap [EventsMap, Checks, Services] - LOG_LEVEL: "INFO" #change to WARN, ERROR or DEBUG as needed - - Handler: index.handler - Role: !Sub ${TARefresherRole.Arn} - Code: - S3Bucket: !Join ["-", [!FindInMap ["SourceCode", "General", "S3Bucket"],Ref: "AWS::Region"]] - S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],"limtr-refresh-service.zip"]] - Runtime: nodejs12.x - Timeout: 300 - - TARefresherRole: - Type: AWS::IAM::Role - # SO-Limit-M-41 - 07/30/2018 - cfn nag - # Fixed cfn nag error, allow support:* - Metadata: - cfn_nag: - rules_to_suppress: - - id: F3 - reason: Override the IAM role to allow support:* resource on its permissions policy - - id: W11 - reason: Override the IAM role to allow Resource:* for logs:PutLogEvents resource on its permissions policy - Properties: - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - Effect: Allow - Principal: - Service: lambda.amazonaws.com - Action: sts:AssumeRole - Path: / - Policies: - - PolicyName: !Sub Limit-Monitor-Refresher-Policy-${AWS::StackName} - PolicyDocument: - Version: "2012-10-17" - Statement: - - Effect: Allow - Action: - - logs:CreateLogGroup - - logs:CreateLogStream - - logs:PutLogEvents - Resource: !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/* - - Effect: Allow - Action: - - support:* - Resource: - - "*" - - Effect: Allow - Action: - - servicequotas:GetAWSDefaultServiceQuota - Resource: - - "*" - - TARefresherInvokePermission: - Type: AWS::Lambda::Permission - Properties: - FunctionName: !Sub ${TARefresher} - Action: lambda:InvokeFunction - Principal: !Sub events.amazonaws.com - SourceArn: !Sub ${TARefreshSchedule.Arn} - - # - # Helper resources - # LimtrHelperFunction, CreateUUID, DeploymentData, LimtrHelperRole - # - LimtrHelperFunction: - Type: AWS::Lambda::Function - Properties: - Handler: index.handler - Environment: - Variables: - LOG_LEVEL: "INFO" #change to WARN, ERROR or DEBUG as needed - Code: - S3Bucket: !Join ["-",[!FindInMap ["SourceCode", "General", "S3Bucket"],Ref: "AWS::Region"]] - S3Key: !Join ["/",[!FindInMap ["SourceCode", "General", "KeyPrefix"],"limtr-helper-service.zip"]] - Runtime: nodejs12.x - Timeout: 300 - Description: This function generates UUID, establishes cross account trust on CloudWatch Event Bus and sends anonymous metric - Role: !Sub ${LimtrHelperRole.Arn} - - CreateUUID: - Type: Custom::UUID - Properties: - ServiceToken: !GetAtt LimtrHelperFunction.Arn - - DeploymentData: - Type: Custom::DeploymentData - Properties: - ServiceToken: !GetAtt LimtrHelperFunction.Arn - SOLUTION: "SO0005s" - UUID: !Sub ${CreateUUID.UUID} - VERSION: %%VERSION%% - ANONYMOUS_DATA: !FindInMap [MetricsMap, Send-Data, SendAnonymousData] - - LimtrHelperRole: - Type: AWS::IAM::Role - Metadata: - cfn_nag: - rules_to_suppress: - - id: W11 - reason: Override the IAM role to allow support:* for logs:PutLogEvents resource on its permissions policy - Properties: - AssumeRolePolicyDocument: - Version: 2012-10-17 - Statement: - - Effect: Allow - Principal: - Service: lambda.amazonaws.com - Action: sts:AssumeRole - Path: / - Policies: - - PolicyName: Custom_Limtr_Helper_Permissions - PolicyDocument: - Version: 2012-10-17 - Statement: - - Effect: Allow - Action: - - logs:CreateLogGroup - - logs:CreateLogStream - - logs:PutLogEvents - Resource: !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/* - - limitCheckStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub - - 'https://s3.amazonaws.com/${S3Bucket}/${KeyPrefix}/service-quotas-checks.template' - - - S3Bucket: !FindInMap ["SourceCode", "General", "TemplateBucket"] - KeyPrefix: !FindInMap ["SourceCode", "General", "KeyPrefix"] - - -Outputs: - ServiceChecks: - Description: service limit checks monitored in the account - Value: !FindInMap [EventsMap, Checks, Services] diff --git a/deployment/limit-monitor.template b/deployment/limit-monitor.template deleted file mode 100644 index 4c91aed..0000000 --- a/deployment/limit-monitor.template +++ /dev/null @@ -1,753 +0,0 @@ -# %%SOLUTION_NAME%% -# -# template for %%SOLUTION_NAME%% -# **DO NOT DELETE** -# -# author: aws-solutions-builder@ -AWSTemplateFormatVersion: 2010-09-09 - -Description: (SO0005) - The AWS CloudFormation template for deployment of the %%SOLUTION_NAME%%. Version %%VERSION%% - Master Template - -Parameters: - # Email address to receive alerts - SNSEmail: - Description: The email address to subscribe for SNS limit alert messages, leave blank if SNS alerts not needed. - Type: String - - # Accounts where limits need to be audited - AccountList: - Description: List of comma-separated and double-quoted account numbers to monitor. If you leave this parameter blank, the solution will only monitor limits in the primary account. If you enter multiple secondary account IDs, you must also provide the primary account ID in this parameter. - Type: String - AllowedPattern: '^"\d{12}"(,"\d{12}")*$|(^\s*)$' - - # Events for SNS notification - SNSEvents: - Type: String - Default: '"WARN","ERROR"' - Description: List of alert levels to send email notifications. Must be double-quoted and comma separated. To disable email notifications, leave this blank. - - # Events for Slack notification - SlackEvents: - Type: String - Default: '"WARN","ERROR"' - Description: List of alert levels to send Slack notifications. Must be double-quoted and comma separated. To disable slack notifications, leave this blank. - - # Slack web hook URL - SlackHookURL: - Type: String - Description: "SSM parameter key for incoming Slack web hook URL. Leave blank if you do not wish to receive Slack notifications." - - # Slack channel name - SlackChannel: - Type: String - Description: "SSM parameter key for the Slack channel. Leave blank if you do not wish to receive Slack notifications." - -Metadata: - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Account Configuration - Parameters: - - AccountList - - Label: - default: Notification Configuration - Parameters: - - SNSEvents - - SNSEmail - - SlackEvents - - SlackHookURL - - SlackChannel - ParameterLabels: - AccountList: - default: Account List - SNSEmail: - default: Email Address - SNSEvents: - default: Email Notification Level - SlackEvents: - default: Slack Notification Level - SlackHookURL: - default: Slack Hook Url Key Name - SlackChannel: - default: Slack Channel Key Name - -Mappings: - MetricsMap: - Send-Data: - SendAnonymousData: "Yes" # change to 'No' if needed - - RefreshRate: - CronSchedule: - Default: rate(1 day) # change as needed - - SourceCode: - General: - S3Bucket: %%BUCKET_NAME%% - KeyPrefix: "%%SOLUTION_NAME%%/%%VERSION%%" - TemplateBucket: %%TEMPLATE_BUCKET_NAME%% - - EventsMap: - Checks: - Services: '"AutoScaling","CloudFormation","DynamoDB","EBS","EC2","ELB","IAM","Kinesis","RDS","Route53","SES","VPC"' #change if needed - -Conditions: - SingleAccnt: !Equals [!Ref AccountList, ""] - SNSTrue: !Not [!Equals [!Ref SNSEvents, ""]] - SlackTrue: !Not [!Equals [!Ref SlackEvents, ""]] - AnonymousMetric: - !Equals [!FindInMap [MetricsMap, Send-Data, SendAnonymousData], "Yes"] - -Resources: - # - # Limit Monitor Cloudwatch Rules - # [TASQSRule, TASNSRule, TASlackRule] - # - TASQSRule: - Type: AWS::Events::Rule - Properties: - Description: Limit Monitor Solution - Rule for TA SQS events - EventPattern: !Join - - "" - - - '{"account":[' - - !If - - SingleAccnt - - !Join - - "" - - - '"' - - !Ref AWS::AccountId - - '"' - - !Ref AccountList - - "]," - - '"source":["aws.trustedadvisor", "limit-monitor-solution"],' - - '"detail-type":["Trusted Advisor Check Item Refresh Notification", "Limit Monitor Checks"],' - - '"detail":{' - - '"status":[' - - '"OK","WARN","ERROR"' - - "]," - - '"check-item-detail":{' - - '"Service":[' - - !FindInMap [EventsMap, Checks, Services] - - "]" - - "}" - - "}" - - "}" - State: ENABLED - Targets: - - Arn: !Sub ${EventQueue.Arn} - Id: LimitMonitorSQSTarget - - TASNSRule: - Type: AWS::Events::Rule - Condition: SNSTrue - Properties: - Description: Limit Monitor Solution - Rule for TA SNS events - EventPattern: !Join - - "" - - - '{"account":[' - - !If - - SingleAccnt - - !Join - - "" - - - '"' - - !Ref AWS::AccountId - - '"' - - !Ref AccountList - - "]," - - '"source":["aws.trustedadvisor", "limit-monitor-solution"],' - - '"detail-type":["Trusted Advisor Check Item Refresh Notification", "Limit Monitor Checks"],' - - '"detail":{' - - '"status":[' - - !Ref SNSEvents - - "]," - - '"check-item-detail":{' - - '"Service":[' - - !FindInMap [EventsMap, Checks, Services] - - "]" - - "}" - - "}" - - "}" - State: ENABLED - # SO-Limit-M-41 - 07/30/2018 - Input transformer - # Using transformer to make SNS notification readable - Targets: - - Arn: !Sub ${SNSTopic} - Id: LimitMonitorSNSTarget - InputTransformer: - InputPathsMap: - limitdetails: "$.detail.check-item-detail" - time: "$.time" - account: "$.account" - InputTemplate: '"AWS-Account : || Timestamp :