Skip to content

nested stacks #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Sep 11, 2023
Merged

nested stacks #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5fbf050
refactor: Moved each services ancillary stacks to be nested inside te…
igorlg Sep 11, 2023
627b30f
chore: fix template.yaml linting
igorlg Sep 11, 2023
ca10761
test: add outputs that help with integration tests
igorlg Sep 11, 2023
a410729
chore: add description and comments to template.yaml sections
igorlg Sep 11, 2023
6339047
fix: typo in SAM policy template usage
igorlg Sep 11, 2023
ab6fe69
test: reorganised test events, refactored unit tests
igorlg Sep 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
183 changes: 94 additions & 89 deletions unicorn_contracts/integration/event-schemas.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
AWSTemplateFormatVersion: '2010-09-09'
Description: |
AWSTemplateFormatVersion: "2010-09-09"
Description: >
Defines the event bus policies that determine who can create rules on the event bus to
subscribe to events published by Unicorn Contracts Service.

Expand All @@ -19,20 +19,22 @@ Resources:
Type: AWS::EventSchemas::Registry
Properties:
Description: 'Event schemas for Unicorn Contracts'
RegistryName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
RegistryName:
Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"

EventRegistryPolicy:
Type: AWS::EventSchemas::RegistryPolicy
Properties:
RegistryName: !GetAtt EventRegistry.RegistryName
Properties:
RegistryName:
Fn::GetAtt: EventRegistry.RegistryName
Policy:
Version: '2012-10-17'
Statement:
- Sid: AllowExternalServices
Effect: Allow
Principal:
AWS:
- !Ref AWS::AccountId
- Ref: AWS::AccountId
Action:
- schemas:DescribeCodeBinding
- schemas:DescribeRegistry
Expand All @@ -42,99 +44,102 @@ Resources:
- schemas:ListSchemaVersions
- schemas:SearchSchemas
Resource:
- !GetAtt EventRegistry.RegistryArn
- !Sub "arn:${AWS::Partition}:schemas:${AWS::Region}:${AWS::AccountId}:schema/${EventRegistry.RegistryName}*"
- Fn::GetAtt: EventRegistry.RegistryArn
- Fn::Sub: "arn:${AWS::Partition}:schemas:${AWS::Region}:${AWS::AccountId}:schema/${EventRegistry.RegistryName}*"

ContractApprovedEventSchema:
Type: AWS::EventSchemas::Schema
Properties:
Type: 'OpenApi3'
RegistryName: !GetAtt EventRegistry.RegistryName
SchemaName: !Sub '${EventRegistry.RegistryName}@ContractStatusChanged'
RegistryName:
Fn::GetAtt: EventRegistry.RegistryName
SchemaName:
Fn::Sub: "${EventRegistry.RegistryName}@ContractStatusChanged"
Description: 'The schema for a request to publish a property'
Content: !Sub |
{
"openapi": "3.0.0",
"info": {
"version": "1.0.0",
"title": "ContractStatusChanged"
},
"paths": {},
"components": {
"schemas": {
"AWSEvent": {
"type": "object",
"required": [
"detail-type",
"resources",
"detail",
"id",
"source",
"time",
"region",
"version",
"account"
],
"x-amazon-events-detail-type": "ContractStatusChanged",
"x-amazon-events-source": "${EventRegistry.RegistryName}",
"properties": {
"detail": {
"$ref": "#/components/schemas/ContractStatusChanged"
},
"account": {
"type": "string"
},
"detail-type": {
"type": "string"
},
"id": {
"type": "string"
},
"region": {
"type": "string"
},
"resources": {
"type": "array",
"items": {
"type": "object"
Content:
Fn::Sub: |
{
"openapi": "3.0.0",
"info": {
"version": "1.0.0",
"title": "ContractStatusChanged"
},
"paths": {},
"components": {
"schemas": {
"AWSEvent": {
"type": "object",
"required": [
"detail-type",
"resources",
"detail",
"id",
"source",
"time",
"region",
"version",
"account"
],
"x-amazon-events-detail-type": "ContractStatusChanged",
"x-amazon-events-source": "${EventRegistry.RegistryName}",
"properties": {
"detail": {
"$ref": "#/components/schemas/ContractStatusChanged"
},
"account": {
"type": "string"
},
"detail-type": {
"type": "string"
},
"id": {
"type": "string"
},
"region": {
"type": "string"
},
"resources": {
"type": "array",
"items": {
"type": "object"
}
},
"source": {
"type": "string"
},
"time": {
"type": "string",
"format": "date-time"
},
"version": {
"type": "string"
}
},
"source": {
"type": "string"
},
"time": {
"type": "string",
"format": "date-time"
},
"version": {
"type": "string"
}
}
},
"ContractStatusChanged": {
"type": "object",
"required": [
"contract_last_modified_on",
"contract_id",
"contract_status",
"property_id"
],
"properties": {
"contract_id": {
"type": "string"
},
"contract_last_modified_on": {
"type": "string",
"format": "date-time"
},
"contract_status": {
"type": "string"
},
"property_id": {
"type": "string"
},
"ContractStatusChanged": {
"type": "object",
"required": [
"contract_last_modified_on",
"contract_id",
"contract_status",
"property_id"
],
"properties": {
"contract_id": {
"type": "string"
},
"contract_last_modified_on": {
"type": "string",
"format": "date-time"
},
"contract_status": {
"type": "string"
},
"property_id": {
"type": "string"
}
}
}
}
}
}
}
16 changes: 10 additions & 6 deletions unicorn_contracts/integration/subscriber-policies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,15 @@ Resources:
CrossServiceCreateRulePolicy:
Type: AWS::Events::EventBusPolicy
Properties:
EventBusName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsEventBus}}"
StatementId: !Sub "OnlyRulesForContractServiceEvents-${Stage}"
EventBusName:
Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsEventBus}}"
StatementId:
Fn::Sub: "OnlyRulesForContractServiceEvents-${Stage}"
Statement:
Effect: Allow
Principal:
AWS: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root"
AWS:
Fn::Sub: "arn:${AWS::Partition}:iam::${AWS::AccountId}:root"
Action:
- events:PutRule
- events:DeleteRule
Expand All @@ -35,14 +38,15 @@ Resources:
- events:PutTargets
- events:RemoveTargets
Resource:
- !Sub
- Fn::Sub:
- arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/${eventBusName}/*
- eventBusName: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsEventBus}}"
- eventBusName:
Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsEventBus}}"
Condition:
StringEqualsIfExists:
"events:creatorAccount": "${aws:PrincipalAccount}"
StringEquals:
"events:source":
- !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
- Fn::Sub: "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"
"Null":
"events:source": "false"
35 changes: 3 additions & 32 deletions unicorn_contracts/samconfig.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ default:
disable_rollback: true
confirm_changeset: false
fail_on_empty_changeset: false
capabilities: CAPABILITY_IAM
capabilities:
- CAPABILITY_IAM
- CAPABILITY_AUTO_EXPAND
parameter_overrides:
- "Stage=local"
validate:
Expand All @@ -31,34 +33,3 @@ default:
local_start_lambda:
parameters:
warm_containers: EAGER

schemas:
global:
parameters:
stack_name: uni-prop-local-contracts-schemas
s3_prefix: uni-prop-local-contracts-schemas
resolve_s3: true
deploy:
parameters:
template_file: integration/event-schemas.yaml
confirm_changeset: false
fail_on_empty_changeset: false
on_failure: ROLLBACK
parameter_overrides:
- "Stage=local"

subscriber-policies:
global:
parameters:
stack_name: uni-prop-local-contracts-subscriber-policies
s3_prefix: uni-prop-local-contracts-subscriber-policies
resolve_s3: true
deploy:
parameters:
template_file: ./integration/subscriber-policies.yaml
confirm_changeset: false
fail_on_empty_changeset: false
on_failure: ROLLBACK
capabilities: CAPABILITY_IAM
parameter_overrides:
- "Stage=local"
36 changes: 27 additions & 9 deletions unicorn_contracts/template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,11 @@ Metadata:
cfn-lint:
config:
ignore_checks:
- ES4000 # Rule disabled because the CatchAll Rule doesn't need a DLQ
- ES6000 # Rule disabled because SQS DLOs don't need a RedrivePolicy
- WS2001 # Rule disabled because check does not support !ToJsonString transform
- ES1001 # Rule disabled because our Lambda functions don't need DestinationConfig.OnFailure
- ES4000 # Rule disabled because the CatchAll Rule doesn't need a DLQ
- ES6000 # Rule disabled because SQS DLOs don't need a RedrivePolicy
- WS2001 # Rule disabled because check does not support !ToJsonString transform
- ES1001 # Rule disabled because our Lambda functions don't need DestinationConfig.OnFailure
- W3002

Parameters:
Stage:
Expand Down Expand Up @@ -83,7 +84,6 @@ Resources:
Name: !Sub /uni-prop/${Stage}/UnicornContractsEventBusArn
Value: !GetAtt UnicornContractsEventBus.Arn


#### LAMBDA FUNCTIONS
# Processes customer API requests from SQS queue UnicornContractsIngestQueue
ContractEventHandlerFunction:
Expand Down Expand Up @@ -195,7 +195,6 @@ Resources:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs


#### INGEST QUEUES
# Queue API Gateway requests to be processed by ContractEventHandlerFunction
UnicornContractsIngestQueue:
Expand All @@ -217,7 +216,7 @@ Resources:
Value: !FindInMap [Constants, ProjectName, Value]
- Key: namespace
Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"

#### DEAD LETTER QUEUES
# DeadLetterQueue for UnicornContractsIngestQueue. Contains messages that failed to be processed
UnicornContractsIngestDLQ:
Expand Down Expand Up @@ -260,7 +259,6 @@ Resources:
- Key: namespace
Value: !Sub "{{resolve:ssm:/uni-prop/${Stage}/UnicornContractsNamespace}}"


#### EVENT BUS
# Event bus for Unicorn Contract Service used to publish and consume events
UnicornContractsEventBus:
Expand Down Expand Up @@ -349,7 +347,6 @@ Resources:
]
}


#### EVENT BRIDGE PIPES
# Pipe changed on DynamoDB Table to UnicornContractsEventBus
DdbStreamToEventPipe:
Expand Down Expand Up @@ -413,6 +410,22 @@ Resources:
- events:PutEvents
Resource: !GetAtt UnicornContractsEventBus.Arn

#### CLOUDFORMATION NESTED STACKS
EventSchemasStack:
Type: AWS::Serverless::Application
Properties:
Location: "integration/event-schemas.yaml"
Parameters:
Stage: !Ref Stage
SubscriberPoliciesStack:
Type: AWS::Serverless::Application
DependsOn:
- UnicornContractsEventBusNameParam
Properties:
Location: "integration/subscriber-policies.yaml"
Parameters:
Stage: !Ref Stage

Outputs:
#### API GATEWAY OUTPUTS
BaseUrl:
Expand Down Expand Up @@ -440,6 +453,11 @@ Outputs:
Description: ContractEventHandler function ARN
Value: !GetAtt ContractEventHandlerFunction.Arn

#### EVENT BRIDGE OUTPUTS
UnicornContractsEventBusName:
Value: !GetAtt UnicornContractsEventBus.Name

#### CLOUDWATCH LOGS OUTPUTS
UnicornContractsCatchAllLogGroupArn:
Description: Log all events on the service's EventBridge Bus
Value: !GetAtt UnicornContractsCatchAllLogGroup.Arn
Loading