Skip to content

Backport sceptre best practices for zephier-contrib-web #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
onyxfish wants to merge 2 commits into
base: feat/workflow-improvements
Choose a base branch
from
Open

Backport sceptre best practices for zephier-contrib-web #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5a2f55a
Import Sceptre best practices from zephir-contrib-web.
onyxfish Mar 12, 2026
1d9aec1
Minor sceptre cleanup.
onyxfish Mar 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion deployment/config/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,18 @@
project_code: d2d-zephir-api
region: us-west-2
region: us-west-2

sceptre_user_data_inheritance: merge
stack_tags_inheritance: merge

sceptre_user_data:
program: d2d
service: zephir
subservice: api
repository: https://github.com/cdlib/zephir-api2.git
port: "8000"

stack_tags:
program: !stack_attr sceptre_user_data.program
service: !stack_attr sceptre_user_data.service
subservice: !stack_attr sceptre_user_data.subservice
repository: !stack_attr sceptre_user_data.repository
10 changes: 5 additions & 5 deletions deployment/config/dev/autoscaling.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ template:
type: file

dependencies:
- dev/ecs.yaml
- "{{ sceptre_user_data.environment }}/ecs.yaml"

parameters:
# ECSAutoScalingPlanName: "{{ base_name }}-{{ environment }}-ecs-auto-scaling-plan"
ECSClusterName: !stack_output dev/ecs.yaml::ECSClusterName
ECSServiceName: !stack_output dev/ecs.yaml::ECSServiceName
# ECSAutoScalingPlanName: "{{ sceptre_user_data.resource_name_prefix }}-ecs-auto-scaling-plan"
ECSClusterName: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSClusterName"
ECSServiceName: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSServiceName"

ECSCloudFormationStackARN: !stack_output dev/ecs.yaml::ECSCloudFormationStackARN
ECSCloudFormationStackARN: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSCloudFormationStackARN"

MinCapacity: "1"
MaxCapacity: "3"
16 changes: 9 additions & 7 deletions deployment/config/dev/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
# profile: cdl-d2d-dev
base_name: {{ project_code }}
environment: dev
profile: cdl-d2d-dev

sceptre_user_data:
environment: dev
resource_name_prefix: "{{ sceptre_user_data.program }}-{{ sceptre_user_data.service }}-{{ sceptre_user_data.subservice }}-dev"
url_authority: "{{ sceptre_user_data.program }}-{{ sceptre_user_data.service }}-{{ sceptre_user_data.subservice }}-dev.d2ddev.cdlib.net"

stack_tags:
Program: "d2d"
Service: "zephir"
Subservice: "api"
Environment: "dev"
# Use !stack_attr instead of jinja syntax because "environment" is defined in same template.
# The resolver !stack_attr executes after jinja.
Environment: !stack_attr sceptre_user_data.environment
6 changes: 3 additions & 3 deletions deployment/config/dev/ecr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
template:
path: ecr.yaml
path: ecr.yaml.j2
type: file

parameters:
RepositoryName: "{{ base_name }}-{{ environment }}"
# Comment out to create once, ignore afterwards:
ignore: True
36 changes: 15 additions & 21 deletions deployment/config/dev/ecs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,43 +1,37 @@
template:
path: ecs.yaml
path: ecs.yaml.j2
type: file

dependencies:
- dev/ecr.yaml
- dev/logging.yaml
- dev/network.yaml
- "{{ sceptre_user_data.environment }}/ecr.yaml"
- "{{ sceptre_user_data.environment }}/logging.yaml"
- "{{ sceptre_user_data.environment }}/network.yaml"

parameters:
ECSServiceSecurityGroupName: "{{ base_name }}-{{ environment }}-ecs-service-security-group"
ECSClusterName: "{{ base_name }}-{{ environment }}-ecs-cluster"
ContainerName: "{{ base_name }}-{{ environment }}-container"
TaskDefinitionFamilyName: "{{ base_name }}-{{ environment }}-ecs-task-definition"
ECSTaskRoleName: "{{ base_name }}-{{ environment }}-ecs-task-role"
ECSTaskExecutionRoleName: "{{ base_name }}-{{ environment }}-ecs-task-execution-role"
ECSServiceName: "{{ base_name }}-{{ environment }}-ecs-service"
ContainerName: "{{ sceptre_user_data.resource_name_prefix }}-container"
{% if var.image_tag | default(False) %}
ImageTag: "{{ var.image_tag }}"
{% else %}
ImageTag: latest
{% endif %}

VPCID: !stack_output_external cdl-d2d-dev-vpc-stack::vpc
SubnetIDs:
- !stack_output_external cdl-d2d-dev-defaultsubnet-stack::defaultsubnet2a
- !stack_output_external cdl-d2d-dev-defaultsubnet-stack::defaultsubnet2b
- !stack_output_external cdl-d2d-dev-defaultsubnet-stack::defaultsubnet2c

LoadBalancerSecurityGroupID: !stack_output dev/network.yaml::LoadBalancerSecurityGroupID
TargetGroupARN: !stack_output dev/network.yaml::TargetGroupARN
LoadBalancerSecurityGroupID: !stack_output "{{ sceptre_user_data.environment }}/network.yaml::LoadBalancerSecurityGroupID"
TargetGroupARN: !stack_output "{{ sceptre_user_data.environment }}/network.yaml::TargetGroupARN"

RepositoryURI: !stack_output "{{ sceptre_user_data.environment }}/ecr.yaml::RepositoryURI"
RepositoryARN: !stack_output "{{ sceptre_user_data.environment }}/ecr.yaml::RepositoryARN"

LogGroupID: !stack_output "{{ sceptre_user_data.environment }}/logging.yaml::LogGroupID"
LogGroupArn: !stack_output "{{ sceptre_user_data.environment }}/logging.yaml::LogGroupArn"

RepositoryURI: !stack_output dev/ecr.yaml::RepositoryURI
RepositoryARN: !stack_output dev/ecr.yaml::RepositoryARN

LogGroupID: !stack_output dev/logging.yaml::LogGroupID
LogGroupArn: !stack_output dev/logging.yaml::LogGroupArn
ApplicationPort: "{{ sceptre_user_data.port }}"

ApplicationPort: "8000"

FlaskEnvironment: development
LogLevel: DEBUG

Expand Down
5 changes: 1 addition & 4 deletions deployment/config/dev/logging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
template:
path: logging.yaml
path: logging.yaml.j2
type: file

parameters:
LogGroupName: "{{ base_name }}-{{ environment }}-log-group"
20 changes: 8 additions & 12 deletions deployment/config/dev/network.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,19 @@ template:
path: network.yaml.j2
type: file

parameters:
LoadBalancerSecurityGroupName: "{{ base_name }}-{{ environment }}-load-balancer-security-group"
LoadBalancerName: "{{ base_name }}-{{ environment }}-load-balancer"
TargetGroupName: "{{ base_name }}-{{ environment }}-target-group"
sceptre_user_data:
load_balancer_security_group_sources:
- !ssm /d2d/dev/ucop-vpn-prefix-list-id
- !ssm /d2d/dev/cdl-eip-prefix-list-id

parameters:
VPCID: !stack_output_external cdl-d2d-dev-vpc-stack::vpc
SubnetIDs:
- !stack_output_external cdl-d2d-dev-defaultsubnet-stack::defaultsubnet2a
- !stack_output_external cdl-d2d-dev-defaultsubnet-stack::defaultsubnet2b
- !stack_output_external cdl-d2d-dev-defaultsubnet-stack::defaultsubnet2c
LoadBalancerSecurityGroupSources: !stack_attr sceptre_user_data.load_balancer_security_group_sources

Route53ZoneID: !ssm /d2d/dev/route53-hosted-zone-id
Domain: d2d-zephir-api-dev.d2ddev.cdlib.net
ApplicationPort: "8000"

sceptre_user_data:
load_balancer_security_group_sources:
- !ssm /d2d/dev/ucop-vpn-prefix-list-id
- !ssm /d2d/dev/cdl-eip-prefix-list-id
Route53ZoneID: !ssm /d2d/dev/route53-hosted-zone-id
Domain: "{{ sceptre_user_data.url_authority }}"
ApplicationPort: "{{ sceptre_user_data.port }}"
8 changes: 3 additions & 5 deletions deployment/config/dev/waf.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
template:
path: waf.yaml
path: waf.yaml.j2
type: file

dependencies:
- dev/network.yaml
- "{{ sceptre_user_data.environment }}/network.yaml"

parameters:
WebACLName: "{{ base_name }}-{{ environment }}-waf-webacl"
WebACLMetricName: "{{ base_name }}-{{ environment }}-waf-webacl-metric"
LoadBalancerArn: !stack_output dev/network.yaml::LoadBalancerARN
LoadBalancerArn: !stack_output "{{ sceptre_user_data.environment }}/network.yaml::LoadBalancerARN"
10 changes: 5 additions & 5 deletions deployment/config/prd/autoscaling.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ template:
type: file

dependencies:
- prd/ecs.yaml
- "{{ sceptre_user_data.environment }}/ecs.yaml"

parameters:
# ECSAutoScalingPlanName: "{{ base_name }}-{{ environment }}-ecs-auto-scaling-plan"
ECSClusterName: !stack_output prd/ecs.yaml::ECSClusterName
ECSServiceName: !stack_output prd/ecs.yaml::ECSServiceName
# ECSAutoScalingPlanName: "{{ sceptre_user_data.resource_name_prefix }}-ecs-auto-scaling-plan"
ECSClusterName: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSClusterName"
ECSServiceName: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSServiceName"

ECSCloudFormationStackARN: !stack_output prd/ecs.yaml::ECSCloudFormationStackARN
ECSCloudFormationStackARN: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSCloudFormationStackARN"

MinCapacity: "1"
MaxCapacity: "3"
14 changes: 7 additions & 7 deletions deployment/config/prd/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# profile: cdl-d2d-prd
base_name: {{ project_code }}
environment: prd
profile: cdl-d2d-prd

sceptre_user_data:
environment: prd
resource_name_prefix: "{{ sceptre_user_data.program }}-{{ sceptre_user_data.service }}-{{ sceptre_user_data.subservice }}-prd"
url_authority: "{{ sceptre_user_data.program }}-{{ sceptre_user_data.service }}-{{ sceptre_user_data.subservice }}.d2dprd.cdlib.net"

stack_tags:
Program: "d2d"
Service: "zephir"
Subservice: "api"
Environment: "prd"
Environment: !stack_attr sceptre_user_data.environment
6 changes: 3 additions & 3 deletions deployment/config/prd/ecr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
template:
path: ecr.yaml
path: ecr.yaml.j2
type: file

parameters:
RepositoryName: "{{ base_name }}-{{ environment }}"
# Comment out to create once, ignore afterwards:
ignore: True
40 changes: 17 additions & 23 deletions deployment/config/prd/ecs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,43 +1,37 @@
template:
path: ecs.yaml
path: ecs.yaml.j2
type: file

dependencies:
- prd/ecr.yaml
- prd/logging.yaml
- prd/network.yaml
- "{{ sceptre_user_data.environment }}/ecr.yaml"
- "{{ sceptre_user_data.environment }}/logging.yaml"
- "{{ sceptre_user_data.environment }}/network.yaml"

parameters:
ECSServiceSecurityGroupName: "{{ base_name }}-{{ environment }}-ecs-service-security-group"
ECSClusterName: "{{ base_name }}-{{ environment }}-ecs-cluster"
ContainerName: "{{ base_name }}-{{ environment }}-container"
TaskDefinitionFamilyName: "{{ base_name }}-{{ environment }}-ecs-task-definition"
ECSTaskRoleName: "{{ base_name }}-{{ environment }}-ecs-task-role"
ECSTaskExecutionRoleName: "{{ base_name }}-{{ environment }}-ecs-task-execution-role"
ECSServiceName: "{{ base_name }}-{{ environment }}-ecs-service"
{% if var.image_tag | default(False) %}
ContainerName: "{{ sceptre_user_data.resource_name_prefix }}-container"
{% if var.image_tag | default(False) -%}
ImageTag: "{{ var.image_tag }}"
{% else %}
{% else -%}
ImageTag: latest
{% endif %}

VPCID: !stack_output_external cdl-d2d-prd-vpc-stack::vpc
SubnetIDs:
- !stack_output_external cdl-d2d-prd-defaultsubnet-stack::defaultsubnet2a
- !stack_output_external cdl-d2d-prd-defaultsubnet-stack::defaultsubnet2b
- !stack_output_external cdl-d2d-prd-defaultsubnet-stack::defaultsubnet2c

LoadBalancerSecurityGroupID: !stack_output prd/network.yaml::LoadBalancerSecurityGroupID
TargetGroupARN: !stack_output prd/network.yaml::TargetGroupARN
LoadBalancerSecurityGroupID: !stack_output "{{ sceptre_user_data.environment }}/network.yaml::LoadBalancerSecurityGroupID"
TargetGroupARN: !stack_output "{{ sceptre_user_data.environment }}/network.yaml::TargetGroupARN"

RepositoryURI: !stack_output "{{ sceptre_user_data.environment }}/ecr.yaml::RepositoryURI"
RepositoryARN: !stack_output "{{ sceptre_user_data.environment }}/ecr.yaml::RepositoryARN"

LogGroupID: !stack_output "{{ sceptre_user_data.environment }}/logging.yaml::LogGroupID"
LogGroupArn: !stack_output "{{ sceptre_user_data.environment }}/logging.yaml::LogGroupArn"

RepositoryURI: !stack_output prd/ecr.yaml::RepositoryURI
RepositoryARN: !stack_output prd/ecr.yaml::RepositoryARN

LogGroupID: !stack_output prd/logging.yaml::LogGroupID
LogGroupArn: !stack_output prd/logging.yaml::LogGroupArn
ApplicationPort: "{{ sceptre_user_data.port }}"

ApplicationPort: "8000"

FlaskEnvironment: production
LogLevel: INFO

Expand Down
5 changes: 1 addition & 4 deletions deployment/config/prd/logging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
template:
path: logging.yaml
path: logging.yaml.j2
type: file

parameters:
LogGroupName: "{{ base_name }}-{{ environment }}-log-group"
20 changes: 8 additions & 12 deletions deployment/config/prd/network.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,20 @@ template:
path: network.yaml.j2
type: file

parameters:
LoadBalancerSecurityGroupName: "{{ base_name }}-{{ environment }}-load-balancer-security-group"
LoadBalancerName: "{{ base_name }}-{{ environment }}-load-balancer"
TargetGroupName: "{{ base_name }}-{{ environment }}-target-group"
sceptre_user_data:
load_balancer_security_group_sources:
- 0.0.0.0/0

parameters:
VPCID: !stack_output_external cdl-d2d-prd-vpc-stack::vpc
SubnetIDs:
- !stack_output_external cdl-d2d-prd-defaultsubnet-stack::defaultsubnet2a
- !stack_output_external cdl-d2d-prd-defaultsubnet-stack::defaultsubnet2b
- !stack_output_external cdl-d2d-prd-defaultsubnet-stack::defaultsubnet2c
LoadBalancerSecurityGroupSources: !stack_attr sceptre_user_data.load_balancer_security_group_sources

Route53ZoneID: !ssm /d2d/prd/route53-hosted-zone-id
Domain: d2d-zephir-api.d2dprd.cdlib.net
Domain: "{{ sceptre_user_data.url_authority }}"
SubjectAlternativeDomains: # If the domain ends in .org, IAS should've validated it before.
- zephir.cdlib.org
ApplicationPort: "8000"

sceptre_user_data:
load_balancer_security_group_sources:
- 0.0.0.0/0
- zephir.cdlib.org
ApplicationPort: "{{ sceptre_user_data.port }}"
8 changes: 3 additions & 5 deletions deployment/config/prd/waf.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
template:
path: waf.yaml
path: waf.yaml.j2
type: file

dependencies:
- prd/network.yaml
- "{{ sceptre_user_data.environment }}/network.yaml"

parameters:
WebACLName: "{{ base_name }}-{{ environment }}-waf-webacl"
WebACLMetricName: "{{ base_name }}-{{ environment }}-waf-webacl-metric"
LoadBalancerArn: !stack_output prd/network.yaml::LoadBalancerARN
LoadBalancerArn: !stack_output "{{ sceptre_user_data.environment }}/network.yaml::LoadBalancerARN"
10 changes: 5 additions & 5 deletions deployment/config/stg/autoscaling.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ template:
type: file

dependencies:
- stg/ecs.yaml
- "{{ sceptre_user_data.environment }}/ecs.yaml"

parameters:
# ECSAutoScalingPlanName: "{{ base_name }}-{{ environment }}-ecs-auto-scaling-plan"
ECSClusterName: !stack_output stg/ecs.yaml::ECSClusterName
ECSServiceName: !stack_output stg/ecs.yaml::ECSServiceName
# ECSAutoScalingPlanName: "{{ sceptre_user_data.resource_name_prefix }}-ecs-auto-scaling-plan"
ECSClusterName: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSClusterName"
ECSServiceName: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSServiceName"

ECSCloudFormationStackARN: !stack_output stg/ecs.yaml::ECSCloudFormationStackARN
ECSCloudFormationStackARN: !stack_output "{{ sceptre_user_data.environment }}/ecs.yaml::ECSCloudFormationStackARN"

MinCapacity: "1"
MaxCapacity: "3"
14 changes: 7 additions & 7 deletions deployment/config/stg/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
profile: cdl-d2d-dev

sceptre_role: arn:aws:iam::445017934155:role/sceptre/d2d-dev-sceptre-role
cloudformation_service_role: arn:aws:iam::445017934155:role/sceptre/d2d-zephir-api-stg-cloudformation-service-role

# Custom parameters
base_name: {{ project_code }}
environment: stg
sceptre_user_data:
environment: stg
resource_name_prefix: "{{ sceptre_user_data.program }}-{{ sceptre_user_data.service }}-{{ sceptre_user_data.subservice }}-stg"
url_authority: "{{ sceptre_user_data.program }}-{{ sceptre_user_data.service }}-{{ sceptre_user_data.subservice }}-stg.d2ddev.cdlib.net"

stack_tags:
Program: "d2d"
Service: "zephir"
Subservice: "api"
Environment: "stg"
Environment: !stack_attr sceptre_user_data.environment
Loading
Loading