def create_update(self):
s3_object_path = s3.put_object(
"adf-build/repo_templates/codecommit.yml",
"{0}/adf-build/repo_templates/codecommit.yml".format(TARGET_DIR))
cloudformation = CloudFormation(
region=CODE_ACCOUNT_REGION,
deployment_account_region=CODE_ACCOUNT_REGION,
role=self.session,
template_url=s3_object_path,
parameters=self.define_repo_parameters(),
wait=True,
stack_name=self.stack_name,
s3=None,
s3_key_path=None,
account_id=DEPLOYMENT_ACCOUNT_ID,
)
# Update the stack if the repo and the adf contolled stack exist
update_stack = (self.repo_exists()
and cloudformation.get_stack_status())
if not self.repo_exists() or update_stack:
LOGGER.info(
'Creating Stack for Codecommit Repository %s on Account %s',
self.name, self.account_id)
cloudformation.create_stack()
def create_update(self):
s3_object_path = s3.put_object(
"adf-build/templates/codecommit.yml",
f"{TARGET_DIR}/adf-build/templates/codecommit.yml",
)
cloudformation = CloudFormation(
region=DEPLOYMENT_ACCOUNT_REGION,
deployment_account_region=DEPLOYMENT_ACCOUNT_REGION,
role=self.session,
template_url=s3_object_path,
parameters=self.define_repo_parameters(),
wait=True,
stack_name=self.stack_name,
s3=None,
s3_key_path=None,
account_id=DEPLOYMENT_ACCOUNT_ID,
)
# Update the stack if the repo and the ADF controlled stack exist,
# return if the repo exists but no stack (previously made)
_repo_exists = self.repo_exists()
_stack_exists = cloudformation.get_stack_status()
if _repo_exists and not _stack_exists:
return
if not _repo_exists and not _stack_exists:
LOGGER.info(
'Ensuring State for CodeCommit Repository Stack %s on Account %s',
self.name,
self.account_id,
)
cloudformation.create_stack()
def lambda_handler(event, _):
"""Main Lambda Entry point
"""
sts = STS()
account_id = event.get('account_id')
partition = get_partition(REGION_DEFAULT)
cross_account_access_role = event.get('cross_account_access_role')
role = sts.assume_cross_account_role(
f'arn:{partition}:iam::{account_id}:role/{cross_account_access_role}',
'master')
s3 = S3(REGION_DEFAULT, S3_BUCKET)
for region in list(
set([event['deployment_account_region']] + event['regions'])):
cloudformation = CloudFormation(
region=region,
deployment_account_region=event['deployment_account_region'],
role=role,
wait=False,
stack_name=None,
s3=s3,
s3_key_path=event['ou_name'],
account_id=account_id)
status = cloudformation.get_stack_status()
if status in ('CREATE_IN_PROGRESS', 'UPDATE_IN_PROGRESS'):
raise RetryError(f"CloudFormation Stack status: {status}")
if status in ('CREATE_FAILED', 'ROLLBACK_FAILED', 'DELETE_FAILED',
'UPDATE_ROLLBACK_FAILED', 'ROLLBACK_IN_PROGRESS',
'ROLLBACK_COMPLETE'):
raise Exception(
f"Account Bootstrap Failed - Account: {account_id} "
f"Region: {region} Status: {status}")
if event.get('is_deployment_account'):
update_deployment_account_output_parameters(
deployment_account_region=event['deployment_account_region'],
region=region,
deployment_account_role=role,
cloudformation=cloudformation)
return event
def lambda_handler(event, _):
"""Main Lambda Entry point
"""
sts = STS(boto3)
role = sts.assume_cross_account_role(
'arn:aws:iam::{0}:role/{1}'.format(
event.get('account_id'),
event.get('cross_account_iam_role'),
), 'master')
s3 = S3(REGION_DEFAULT, boto3, S3_BUCKET)
for region in list(
set([event.get('deployment_account_region')] +
event.get("regions"))):
cloudformation = CloudFormation(
region=region,
deployment_account_region=event.get('deployment_account_region'),
role=role,
wait=False,
stack_name=None,
s3=s3,
s3_key_path=event.get('ou_name'),
file_path=None,
)
status = cloudformation.get_stack_status()
if status in ("CREATE_IN_PROGRESS", "UPDATE_IN_PROGRESS"):
raise RetryError("Cloudformation Stack not yet complete")
# TODO Better waiting validation to ensure stack is not failed
if event.get('is_deployment_account'):
update_deployment_account_output_parameters(
deployment_account_region=event.get(
'deployment_account_region'),
region=region,
deployment_account_role=role,
cloudformation=cloudformation)
return event