Merge pull request #70 from awslabs/release/0.8.0

Release/0.8.0

CHANGELOG.md

@@ -17,6 +17,18 @@ This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a Ch
 ### Breaks
 
 
+## 0.8.0 - (2023-02-06)
+---
+
+### New
+
+### Changes
+- added VPC support for CodeBuild Project when creating `seedkit`
+
+### Fixes
+
+### Breaks
+
 
 ## 0.7.0 - (2023-01-13)
 ---

VERSION

@@ -1 +1 @@
-0.7.0
+0.8.0

aws_codeseeder/__main__.py

@@ -85,6 +85,26 @@ def destroy() -> None:
     help="AWS region to use for boto3 commands",
     show_default=True,
 )
+@click.option(
+    "--vpc-id",
+    help="The VPC ID that the Codebuild Project resides in (only 1)",
+    required=False,
+    default=None,
+)
+@click.option(
+    "--subnet-id",
+    help="A subnet that the Codebuild Project resides in (many can be passed in)",
+    multiple=True,
+    required=False,
+    default=[],
+)
+@click.option(
+    "--sg-id",
+    help="A Securtiy Group in the VPC that the Codebuild Project can leverage (up to 5)",
+    multiple=True,
+    required=False,
+    default=[],
+)
 @click.option(
     "--debug/--no-debug",
     default=False,
@@ -98,6 +118,9 @@ def deploy_seedkit(
     profile: Optional[str],
     region: Optional[str],
     debug: bool,
+    vpc_id: Optional[str],
+    subnet_id: Tuple[str, ...],
+    sg_id: Tuple[str, ...],
 ) -> None:
     if debug:
         set_log_level(level=logging.DEBUG, format=DEBUG_LOGGING_FORMAT)
@@ -109,6 +132,9 @@ def deploy_seedkit(
         managed_policy_arns=[p for p in policy_arn],
         deploy_codeartifact=deploy_codeartifact,
         session=session,
+        vpc_id=vpc_id,
+        subnet_ids=[s for s in subnet_id],
+        security_group_ids=[sg for sg in sg_id],
     )
 
 

aws_codeseeder/_cfn_seedkit.py

@@ -37,6 +37,9 @@ def synth(
     managed_policy_arns: Optional[List[str]] = None,
     deploy_codeartifact: bool = False,
     session: Optional[Union[Callable[[], Session], Session]] = None,
+    vpc_id: Optional[str] = None,
+    subnet_ids: Optional[List[str]] = None,
+    security_group_ids: Optional[List[str]] = None,
 ) -> str:
     deploy_id = deploy_id if deploy_id else "".join(random.choice(string.ascii_lowercase) for i in range(6))
     out_dir = create_output_dir(f"seedkit-{deploy_id}")
@@ -49,6 +52,10 @@ def synth(
     if managed_policy_arns:
         input_template["Resources"]["CodeBuildRole"]["Properties"]["ManagedPolicyArns"] += managed_policy_arns
 
+    if vpc_id and subnet_ids and security_group_ids:
+        vpcConfig = {"VpcId": vpc_id, "SecurityGroupIds": security_group_ids, "Subnets": subnet_ids}
+        input_template["Resources"]["CodeBuildProject"]["Properties"]["VpcConfig"] = vpcConfig
+
     if not deploy_codeartifact:
         del input_template["Resources"]["CodeArtifactDomain"]
         del input_template["Resources"]["CodeArtifactRepository"]

aws_codeseeder/commands/_seedkit_commands.py

@@ -51,6 +51,9 @@ def deploy_seedkit(
     managed_policy_arns: Optional[List[str]] = None,
     deploy_codeartifact: bool = False,
     session: Optional[Union[Callable[[], Session], Session]] = None,
+    vpc_id: Optional[str] = None,
+    subnet_ids: Optional[List[str]] = None,
+    security_group_ids: Optional[List[str]] = None,
 ) -> None:
     """Deploys the seedkit resources into the environment.
 
@@ -72,11 +75,23 @@ def deploy_seedkit(
         its libraries
     session: Optional[Union[Callable[[], Session], Session]], optional
         Optional Session or function returning a Session to use for all boto3 operations, by default None
+    vpc_id: Optional[str]
+        If deploying codebuild in a VPC, the VPC-ID to use
+        (must have vpc-id, subnets, and security_group_ids)
+    subnet_ids:  Optional[List[str]]
+        If deploying codebuild in a VPC, a list of Subnets to use
+        (must have vpc-id, subnets, and security_group_ids)
+    security_group_ids: Optional[List[str]]
+        If deploying codebuild in a VPC, a list of Security Group IDs to use
+        (must have vpc-id, subnets, and security_group_ids)
     """
     deploy_id: Optional[str] = None
     stack_exists, stack_name, stack_outputs = seedkit_deployed(seedkit_name=seedkit_name, session=session)
     LOGGER.info("Deploying Seedkit %s with Stack Name %s", seedkit_name, stack_name)
     LOGGER.debug("Managed Policy Arns: %s", managed_policy_arns)
+    LOGGER.debug("VPC-ID: %s", vpc_id)
+    LOGGER.debug("Subnets: %s", subnet_ids)
+    LOGGER.debug("Security Groups %s", security_group_ids)
     if stack_exists:
         deploy_id = stack_outputs.get("DeployId")
         LOGGER.info("Seedkit found with DeployId: %s", deploy_id)
@@ -86,6 +101,9 @@ def deploy_seedkit(
         managed_policy_arns=managed_policy_arns,
         deploy_codeartifact=deploy_codeartifact,
         session=session,
+        vpc_id=vpc_id,
+        subnet_ids=subnet_ids,
+        security_group_ids=security_group_ids,
     )
     cfn.deploy_template(
         stack_name=stack_name, filename=template_filename, seedkit_tag=f"codeseeder-{seedkit_name}", session=session

aws_codeseeder/resources/template.yaml

@@ -147,6 +147,17 @@ Resources:
               - cloudformation:DescribeStacks
             Resource:
               - arn:aws:cloudformation:${region}:${account_id}:stack/aws-codeseeder*
+          - Effect: Allow
+            Action:
+              - ec2:DescribeDhcpOptions
+              - ec2:DescribeNetworkInterfaces
+              - ec2:DeleteNetworkInterface
+              - ec2:DescribeSubnets
+              - ec2:DescribeSecurityGroups
+              - ec2:DescribeVpcs
+              - ec2:CreateNetworkInterfacePermission
+              - ec2:CreateNetworkInterface
+            Resource: '*'
         Version: '2012-10-17'
 
   CodeBuildRole:
@@ -178,6 +189,8 @@ Resources:
 
   CodeBuildProject:
     Type: AWS::CodeBuild::Project
+    DependsOn: 
+      - SeedkitResourcesPolicy
     Properties:
       Name: codeseeder-${seedkit_name}
       Tags: