def clean(parameter_store, deployment_map): """ Function used to remove stale entries in Parameter Store and Deployment Pipelines that are no longer in the Deployment Map """ current_pipeline_parameters = parameter_store.fetch_parameters_by_path( '/deployment/') parameter_store = ParameterStore(DEPLOYMENT_ACCOUNT_REGION, boto3) cloudformation = CloudFormation( region=DEPLOYMENT_ACCOUNT_REGION, deployment_account_region=DEPLOYMENT_ACCOUNT_REGION, role=boto3) stacks_to_remove = [] for parameter in current_pipeline_parameters: name = parameter.get('Name').split('/')[-2] if name not in [ p.get('name') for p in deployment_map.map_contents['pipelines'] ]: parameter_store.delete_parameter(name) stacks_to_remove.append(name) for stack in list(set(stacks_to_remove)): cloudformation.delete_stack("{0}-{1}".format(ADF_PIPELINE_PREFIX, stack))
def worker_thread(sts, region, account_id, role, event): partition = get_partition(REGION_DEFAULT) role = sts.assume_cross_account_role( f'arn:{partition}:iam::{account_id}:role/{role}', 'remove_base') parameter_store = ParameterStore(region, role) paginator = parameter_store.client.get_paginator('describe_parameters') page_iterator = paginator.paginate() for page in page_iterator: for parameter in page['Parameters']: if 'Used by The AWS Deployment Framework' in parameter.get( 'Description', ''): parameter_store.delete_parameter(parameter.get('Name')) cloudformation = CloudFormation( region=region, deployment_account_region=event.get('deployment_account_region'), role=role, wait=True, stack_name=None, s3=None, s3_key_path=None, account_id=account_id) return cloudformation.delete_all_base_stacks()
def lambda_handler(event, _): message = extract_message(event) pipeline = extract_pipeline(message) parameter_store = ParameterStore(os.environ["AWS_REGION"], boto3) secrets_manager = boto3.client( "secretsmanager", region_name=os.environ["AWS_REGION"] ) channel = parameter_store.fetch_parameter( name="/notification_endpoint/{0}".format(pipeline["name"]), with_decryption=False, ) # All slack url"s must be stored in /adf/slack/channel_name since ADF only has access to the /adf/ prefix by default url = secrets_manager.get_secret_value( SecretId="/notification_endpoint/hooks/slack/{0}".format(channel) )["SecretString"] if is_approval(message): send_message(url[channel], create_approval(channel, message)) return if is_bootstrap(event): send_message(url[channel], create_bootstrap_message_text(channel, message)) return if is_text(message): send_message(url, create_bootstrap_message_text(channel, message)) return send_message(url[channel], create_pipeline_message_text(channel, pipeline)) return
def main(): parameter_store = ParameterStore(DEPLOYMENT_ACCOUNT_REGION, boto3) deployment_map = DeploymentMap(parameter_store, os.environ["ADF_PIPELINE_PREFIX"]) s3 = S3(DEPLOYMENT_ACCOUNT_REGION, boto3, S3_BUCKET_NAME) sts = STS(boto3) role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}-org-access-adf'.format( MASTER_ACCOUNT_ID, parameter_store.fetch_parameter('cross_account_access_role')), 'pipeline') organizations = Organizations(role) clean(parameter_store, deployment_map) for p in deployment_map.map_contents.get('pipelines'): pipeline = Pipeline(p) for target in p['targets']: target_structure = TargetStructure(target) for step in target_structure.target: for path in step.get('path'): try: regions = step.get( 'regions', p.get('regions', DEPLOYMENT_ACCOUNT_REGION)) pipeline.stage_regions.append(regions) pipeline_target = Target(path, regions, target_structure, organizations) pipeline_target.fetch_accounts_for_target() except BaseException: raise Exception( "Failed to return accounts for {0}".format(path)) pipeline.template_dictionary["targets"].append( target_structure.account_list) if DEPLOYMENT_ACCOUNT_REGION not in regions: pipeline.stage_regions.append(DEPLOYMENT_ACCOUNT_REGION) parameters = pipeline.generate_parameters() pipeline.generate() deployment_map.update_deployment_parameters(pipeline) s3_object_path = upload_if_required(s3, pipeline) store_regional_parameter_config(pipeline, parameter_store) cloudformation = CloudFormation( region=DEPLOYMENT_ACCOUNT_REGION, deployment_account_region=DEPLOYMENT_ACCOUNT_REGION, role=boto3, template_url=s3_object_path, parameters=parameters, wait=True, stack_name="{0}-{1}".format(os.environ["ADF_PIPELINE_PREFIX"], pipeline.name), s3=None, s3_key_path=None) cloudformation.create_stack()
def lambda_handler(event, _): # Return if we need to update the pipelines only if event.get('update_only'): LOGGER.info('Will only update pipelines for this execution.') return event try: sts = STS(boto3) parameter_store = ParameterStore( event.get('deployment_account_region'), boto3) for region in list( set([event.get('deployment_account_region')] + event.get("regions"))): kms_key_arn = parameter_store.fetch_parameter( "/cross_region/kms_arn/{0}".format(region)) s3_bucket = parameter_store.fetch_parameter( "/cross_region/s3_regional_bucket/{0}".format(region)) for account_id in event.get('account_ids'): try: role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}'.format( account_id, 'adf-cloudformation-deployment-role'), 'base_cfn_role') IAMUpdater(kms_key_arn, s3_bucket, role) kms = KMS(region, boto3, kms_key_arn, account_id) kms.enable_cross_account_access() except ClientError: continue return event except BaseException as error: LOGGER.exception(error)
def prepare_deployment_account(sts, deployment_account_id, config): """ Ensures configuration is up to date on the deployment account and returns the role that can be assumed by the master account to access the deployment account """ deployment_account_role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}'.format(deployment_account_id, config.cross_account_access_role), 'master') for region in list( set([config.deployment_account_region] + config.target_regions)): deployment_account_parameter_store = ParameterStore( region, deployment_account_role) deployment_account_parameter_store.put_parameter( 'organization_id', os.environ["ORGANIZATION_ID"]) deployment_account_parameter_store = ParameterStore( config.deployment_account_region, deployment_account_role) deployment_account_parameter_store.put_parameter( 'deployment_account_bucket', DEPLOYMENT_ACCOUNT_S3_BUCKET_NAME) if '@' not in config.notification_endpoint: config.notification_channel = config.notification_endpoint config.notification_endpoint = "arn:aws:lambda:{0}:{1}:function:SendSlackNotification".format( config.deployment_account_region, deployment_account_id) for item in ('cross_account_access_role', 'notification_type', 'notification_endpoint', 'notification_channel'): if getattr(config, item) is not None: deployment_account_parameter_store.put_parameter( '/notification_endpoint/main' if item == 'notification_channel' else item, str(getattr(config, item))) return deployment_account_role
def main(): LOGGER.info('ADF Version %s', ADF_VERSION) LOGGER.info("ADF Log Level is %s", ADF_LOG_LEVEL) parameter_store = ParameterStore(DEPLOYMENT_ACCOUNT_REGION, boto3) deployment_map = DeploymentMap(parameter_store, ADF_PIPELINE_PREFIX) s3 = S3(DEPLOYMENT_ACCOUNT_REGION, S3_BUCKET_NAME) sts = STS() role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}-readonly'.format( MASTER_ACCOUNT_ID, parameter_store.fetch_parameter('cross_account_access_role')), 'pipeline') organizations = Organizations(role) clean(parameter_store, deployment_map) try: auto_create_repositories = parameter_store.fetch_parameter( 'auto_create_repositories') except ParameterNotFoundError: auto_create_repositories = 'enabled' threads = [] for p in deployment_map.map_contents.get('pipelines'): thread = PropagatingThread(target=worker_thread, args=(p, organizations, auto_create_repositories, s3, deployment_map, parameter_store)) thread.start() threads.append(thread) for thread in threads: thread.join()
def update_master_account_parameters(parsed_event, parameter_store): """ Update the Master account parameter store in us-east-1 with the deployment_account_id then updates the main deployment region with that same value """ parameter_store.put_parameter('deployment_account_id', parsed_event.account_id) parameter_store = ParameterStore(parsed_event.deployment_account_region, boto3) parameter_store.put_parameter('deployment_account_id', parsed_event.account_id)
def __init__(self): # The scope of permissions request from the user self._scope = "playlist-modify-public" # Parameter store to get and update Spotify secrets self._parameter_store = ParameterStore('Spotify', constants.SPOTIFY_SECRETS) self._sp_oauth = self._init_spotify_oauth() self._client = self._init_spotify_client()
def __init__(self): self._api_service_name = "youtube" self._api_version = "v3" # The scopes of permissions request from the user self._scopes = ["https://www.googleapis.com/auth/youtube.readonly"] # Parameter store to get and update Spotify secrets self._parameter_store = ParameterStore('Youtube', constants.YOUTUBE_SECRETS) self._credentials = self._init_credentials() self._client = self._init_youtube_client()
def main(): #pylint: disable=R0915 LOGGER.info('ADF Version %s', ADF_VERSION) LOGGER.info("ADF Log Level is %s", ADF_LOG_LEVEL) parameter_store = ParameterStore(DEPLOYMENT_ACCOUNT_REGION, boto3) deployment_map = DeploymentMap(parameter_store, ADF_PIPELINE_PREFIX) s3 = S3(DEPLOYMENT_ACCOUNT_REGION, S3_BUCKET_NAME) sts = STS() role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}-readonly'.format( MASTER_ACCOUNT_ID, parameter_store.fetch_parameter('cross_account_access_role')), 'pipeline') organizations = Organizations(role) clean(parameter_store, deployment_map) for p in deployment_map.map_contents.get('pipelines'): pipeline = Pipeline(p) for target in p.get('targets', []): target_structure = TargetStructure(target) for step in target_structure.target: for path in step.get('path'): regions = step.get( 'regions', p.get('regions', DEPLOYMENT_ACCOUNT_REGION)) step_name = step.get('name') params = step.get('params', {}) pipeline.stage_regions.append(regions) pipeline_target = Target(path, regions, target_structure, organizations, step_name, params) pipeline_target.fetch_accounts_for_target() pipeline.template_dictionary["targets"].append( target_structure.account_list) if DEPLOYMENT_ACCOUNT_REGION not in regions: pipeline.stage_regions.append(DEPLOYMENT_ACCOUNT_REGION) parameters = pipeline.generate_parameters() pipeline.generate() deployment_map.update_deployment_parameters(pipeline) s3_object_path = upload_pipeline(s3, pipeline) store_regional_parameter_config(pipeline, parameter_store) cloudformation = CloudFormation( region=DEPLOYMENT_ACCOUNT_REGION, deployment_account_region=DEPLOYMENT_ACCOUNT_REGION, role=boto3, template_url=s3_object_path, parameters=parameters, wait=True, stack_name="{0}-{1}".format(ADF_PIPELINE_PREFIX, pipeline.name), s3=None, s3_key_path=None, account_id=DEPLOYMENT_ACCOUNT_ID) cloudformation.create_stack()
def configure_generic_account(sts, event, region, role): """ Fetches the kms_arn from the deployment account main region and adds the it plus the deployment_account_id parameter to the target account so it can be consumed in CloudFormation. These are required for the global.yml in all target accounts. """ try: deployment_account_role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}'.format( event['deployment_account_id'], event['cross_account_access_role'] ), 'configure_generic' ) parameter_store_deployment_account = ParameterStore( event['deployment_account_region'], deployment_account_role ) parameter_store_target_account = ParameterStore( region, role ) kms_arn = parameter_store_deployment_account.fetch_parameter('/cross_region/kms_arn/{0}'.format(region)) except (ClientError, ParameterNotFoundError): raise GenericAccountConfigureError( 'Account {0} cannot yet be bootstrapped ' 'as the Deployment Account has not yet been bootstrapped. ' 'Have you moved your Deployment account into the deployment OU?'.format(event['account_id']) ) parameter_store_target_account.put_parameter('kms_arn', kms_arn) parameter_store_target_account.put_parameter('deployment_account_id', event['deployment_account_id'])
def _store_cross_region_config(self): """ Stores cross_account_access_role Parameter in Parameter Store on the master account in deployment account main region. """ self.client_deployment_region = ParameterStore( self.deployment_account_region, boto3) self.client_deployment_region.put_parameter( 'cross_account_access_role', self.cross_account_access_role)
def fetch_required_ssm_params(regions): output = {} for region in regions: parameter_store = ParameterStore(region, boto3) output[region] = { "s3": parameter_store.fetch_parameter('/cross_region/s3_regional_bucket/{0}'.format(region)), "kms": parameter_store.fetch_parameter('/cross_region/kms_arn/{0}'.format(region)) } if region == DEPLOYMENT_ACCOUNT_REGION: output[region]["modules"] = parameter_store.fetch_parameter('deployment_account_bucket') return output
def configure_deployment_account_parameters(event, role): """ Applies the Parameters from adfconfig plus other essential Parameters to the Deployment Account in each region as defined in adfconfig.yml """ for region in list( set([event["deployment_account_region"]] + event["regions"])): parameter_store = ParameterStore(region, role) for key, value in event['deployment_account_parameters'].items(): parameter_store.put_parameter(key, value)
def worker_thread(account_id, sts, config, s3, cache, kms_dict): """ The Worker thread function that is created for each account in which CloudFormation create_stack is called """ LOGGER.debug("%s - Starting new worker thread", account_id) organizations = Organizations(role=boto3, account_id=account_id) ou_id = organizations.get_parent_info().get("ou_parent_id") account_state = is_account_in_invalid_state(ou_id, config.config) if account_state: LOGGER.info("%s %s", account_id, account_state) return account_path = organizations.build_account_path( ou_id, [], # Initial empty array to hold OU Path, cache) try: role = ensure_generic_account_can_be_setup(sts, config, account_id) # Regional base stacks can be updated after global for region in list( set([config.deployment_account_region] + config.target_regions)): # Ensuring the kms_arn on the target account is up-to-date parameter_store = ParameterStore(region, role) parameter_store.put_parameter('kms_arn', kms_dict[region]) cloudformation = CloudFormation( region=region, deployment_account_region=config.deployment_account_region, role=role, wait=True, stack_name=None, s3=s3, s3_key_path=account_path, account_id=account_id) try: cloudformation.create_stack() except GenericAccountConfigureError as error: if 'Unable to fetch parameters' in str(error): LOGGER.error( '%s - Failed to update its base stack due to missing parameters (deployment_account_id or kms_arn), ' 'ensure this account has been bootstrapped correctly by being moved from the root ' 'into an Organizational Unit within AWS Organizations.', account_id) raise Exception from error except GenericAccountConfigureError as generic_account_error: LOGGER.info(generic_account_error) return
def main(): LOGGER.info('ADF Version %s', ADF_VERSION) LOGGER.info("ADF Log Level is %s", ADF_LOG_LEVEL) parameter_store = ParameterStore( DEPLOYMENT_ACCOUNT_REGION, boto3 ) deployment_map = DeploymentMap( parameter_store, ADF_PIPELINE_PREFIX ) s3 = S3( DEPLOYMENT_ACCOUNT_REGION, S3_BUCKET_NAME ) sts = STS() role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}-readonly'.format( MASTER_ACCOUNT_ID, parameter_store.fetch_parameter('cross_account_access_role') ), 'pipeline' ) organizations = Organizations(role) clean(parameter_store, deployment_map) try: auto_create_repositories = parameter_store.fetch_parameter('auto_create_repositories') except ParameterNotFoundError: auto_create_repositories = 'enabled' threads = [] for counter, p in enumerate(deployment_map.map_contents.get('pipelines')): thread = PropagatingThread(target=worker_thread, args=( p, organizations, auto_create_repositories, s3, deployment_map, parameter_store )) thread.start() threads.append(thread) _batcher = counter % 10 if _batcher == 9: # 9 meaning we have hit a set of 10 threads since n % 10 _interval = random.randint(5, 11) LOGGER.debug('Waiting for %s seconds before starting next batch of 10 threads.', _interval) time.sleep(_interval) for thread in threads: thread.join()
def update_deployment_account_output_parameters( deployment_account_region, region, deployment_account_role, cloudformation): """ Update parameters on the deployment account across target regions based on the output of CloudFormation base stacks in the deployment account. """ deployment_account_parameter_store = ParameterStore( deployment_account_region, deployment_account_role ) parameter_store = ParameterStore( region, deployment_account_role ) for key, value in cloudformation.get_stack_regional_outputs().items(): deployment_account_parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value ) parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value )
def lambda_handler(event, _): parameter_store = ParameterStore(REGION_DEFAULT, boto3) configuration_options = ast.literal_eval( parameter_store.fetch_parameter('config')) to_root_option = list( filter(lambda option: option.get("name", []) == "to-root", configuration_options.get('moves'))) action = to_root_option.pop().get('action') account_id = event.get('account_id') execute_move_action(action, account_id, parameter_store, event) return event
def update_deployment_account_output_parameters( deployment_account_region, region, kms_and_bucket_dict, deployment_account_role, cloudformation): """ Update parameters on the deployment account across target regions based on the output of CloudFormation base stacks in the deployment account. """ deployment_account_parameter_store = ParameterStore( deployment_account_region, deployment_account_role ) parameter_store = ParameterStore( region, deployment_account_role ) outputs = cloudformation.get_stack_regional_outputs() kms_and_bucket_dict[region] = {} kms_and_bucket_dict[region]['kms'] = outputs['kms_arn'] kms_and_bucket_dict[region]['s3_regional_bucket'] = outputs['s3_regional_bucket'] for key, value in outputs.items(): deployment_account_parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value ) parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value ) return kms_and_bucket_dict
def main(): LOGGER.info('ADF Version %s', ADF_VERSION) LOGGER.info("ADF Log Level is %s", ADF_LOG_LEVEL) _create_inputs_folder() parameter_store = ParameterStore( DEPLOYMENT_ACCOUNT_REGION, boto3 ) s3 = S3(DEPLOYMENT_ACCOUNT_REGION, SHARED_MODULES_BUCKET) deployment_map = DeploymentMap( parameter_store, s3, ADF_PIPELINE_PREFIX ) sts = STS() role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}-readonly'.format( MASTER_ACCOUNT_ID, parameter_store.fetch_parameter('cross_account_access_role') ), 'pipeline' ) organizations = Organizations(role) clean(parameter_store, deployment_map) ensure_event_bus_status(ORGANIZATION_ID) try: auto_create_repositories = parameter_store.fetch_parameter('auto_create_repositories') except ParameterNotFoundError: auto_create_repositories = 'enabled' threads = [] _cache = Cache() for p in deployment_map.map_contents.get('pipelines', []): _source_account_id = p.get('default_providers', {}).get('source', {}).get('properties', {}).get('account_id', {}) if _source_account_id and int(_source_account_id) != int(DEPLOYMENT_ACCOUNT_ID) and not _cache.check(_source_account_id): rule = Rule(p['default_providers']['source']['properties']['account_id']) rule.create_update() _cache.add(p['default_providers']['source']['properties']['account_id'], True) thread = PropagatingThread(target=worker_thread, args=( p, organizations, auto_create_repositories, deployment_map, parameter_store )) thread.start() threads.append(thread) for thread in threads: thread.join()
def main(): accounts = read_config_files(ACCOUNTS_FOLDER) if not bool(accounts): LOGGER.info(f"Found {len(accounts)} account(s) in configuration file(s). Account provisioning will not continue.") return LOGGER.info(f"Found {len(accounts)} account(s) in configuration file(s).") organizations = Organizations(boto3) all_accounts = organizations.get_accounts() parameter_store = ParameterStore(os.environ.get('AWS_REGION', 'us-east-1'), boto3) adf_role_name = parameter_store.fetch_parameter('cross_account_access_role') for account in accounts: try: account_id = next(acc["Id"] for acc in all_accounts if acc["Name"] == account.full_name) except StopIteration: # If the account does not exist yet.. account_id = None create_or_update_account(organizations, account, adf_role_name, account_id)
def configure_master_account_parameters(event): """ Update the Master account parameter store in us-east-1 with the deployment_account_id then updates the main deployment region with that same value """ parameter_store_master_account_region = ParameterStore(os.environ["AWS_REGION"], boto3) parameter_store_master_account_region.put_parameter('deployment_account_id', event['account_id']) parameter_store_deployment_account_region = ParameterStore(event['deployment_account_region'], boto3) parameter_store_deployment_account_region.put_parameter('deployment_account_id', event['account_id'])
def lambda_handler(event, _): target_role_policies = { 'adf-cloudformation-deployment-role': 'adf-cloudformation-deployment-role-policy-kms', 'adf-cloudformation-role': 'adf-cloudformation-role-policy' } role_policies = { 'adf-codepipeline-role': 'adf-codepipeline-role-policy', 'adf-cloudformation-deployment-role': 'adf-cloudformation-deployment-role-policy', 'adf-cloudformation-role': 'adf-cloudformation-role-policy' } sts = STS() partition = get_partition(REGION_DEFAULT) parameter_store = ParameterStore( region=event.get('deployment_account_region'), role=boto3 ) account_id = event.get("account_id") kms_key_arns = [] s3_buckets = [] for region in list(set([event.get('deployment_account_region')] + event.get("regions", []))): kms_key_arn = parameter_store.fetch_parameter( f"/cross_region/kms_arn/{region}" ) kms_key_arns.append(kms_key_arn) s3_bucket = parameter_store.fetch_parameter( f"/cross_region/s3_regional_bucket/{region}" ) s3_buckets.append(s3_bucket) try: role = sts.assume_cross_account_role( f'arn:{partition}:iam::{account_id}:role/adf-cloudformation-deployment-role', 'base_cfn_role' ) LOGGER.debug("Role has been assumed for %s", account_id) update_iam(role, s3_bucket, kms_key_arn, target_role_policies) except ClientError as err: LOGGER.debug("%s could not be assumed (%s), continuing", account_id, err, exc_info=True) continue update_iam(boto3, s3_buckets, kms_key_arns, role_policies) return event
def update_deployment_account_output_parameters(deployment_account_region, region, deployment_account_role, cloudformation): deployment_account_parameter_store = ParameterStore( deployment_account_region, deployment_account_role) regional_parameter_store = ParameterStore(region, deployment_account_role) # Regions needs to know to organization ID for Bucket Policy regional_parameter_store.put_parameter("organization_id", os.environ['ORGANIZATION_ID']) # Regions needs to store its kms arn and s3 bucket in master and regional for key, value in cloudformation.get_stack_regional_outputs().items(): LOGGER.info('Updating %s on deployment account in %s', key, region) deployment_account_parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value) regional_parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value)
def main(): parameters = Parameters( PROJECT_NAME, ParameterStore( DEPLOYMENT_ACCOUNT_REGION, boto3 ) ) parameters.create_parameter_files()
def prepare_deployment_account(sts, deployment_account_id, config): deployment_account_role = sts.assume_cross_account_role( 'arn:aws:iam::{0}:role/{1}'.format(deployment_account_id, config.cross_account_access_role), 'master') for region in list( set([config.deployment_account_region] + config.target_regions)): deployment_account_parameter_store = ParameterStore( region, deployment_account_role) deployment_account_parameter_store.put_parameter( 'organization_id', os.environ["ORGANIZATION_ID"]) deployment_account_parameter_store = ParameterStore( config.deployment_account_region, deployment_account_role) deployment_account_parameter_store.put_parameter( 'cross_account_access_role', str(config.cross_account_access_role)) deployment_account_parameter_store.put_parameter( 'deployment_account_bucket', DEPLOYMENT_ACCOUNT_S3_BUCKET) return deployment_account_role
def main(): s3 = S3(DEPLOYMENT_ACCOUNT_REGION, SHARED_MODULES_BUCKET) parameters = Parameters( PROJECT_NAME, ParameterStore( DEPLOYMENT_ACCOUNT_REGION, boto3 ), s3 ) parameters.create_parameter_files()
def main(): LOGGER.info('ADF Version %s', ADF_VERSION) LOGGER.info("ADF Log Level is %s", ADF_LOG_LEVEL) parameter_store = ParameterStore(DEPLOYMENT_ACCOUNT_REGION, boto3) s3 = S3(DEPLOYMENT_ACCOUNT_REGION, SHARED_MODULES_BUCKET) deployment_map = DeploymentMap(parameter_store, s3, ADF_PIPELINE_PREFIX) LOGGER.info('Cleaning Stale Deployment Map entries') clean(parameter_store, deployment_map)
def update_deployment_account_output_parameters(deployment_account_region, region, deployment_account_role, cloudformation): deployment_account_parameter_store = ParameterStore( deployment_account_region, deployment_account_role) parameter_store = ParameterStore(region, deployment_account_role) for key, value in cloudformation.get_stack_regional_outputs().items(): deployment_account_parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value) parameter_store.put_parameter( "/cross_region/{0}/{1}".format(key, region), value)