Fix missing deployment_account_id and initial deployment global IAM b…

…ootstrap **Why?** Issues: awslabs#659 and awslabs#594. When installing ADF the first time, the global IAM bootstrap stack that gets deployed is sourced from the `adf-bootstrap/global-iam.yml`. The reason for this behaviour is the absence of the `global-iam.yml` file in the deployment OU bootstrap folder (`adf-bootstrap/deployment/global-iam.yml`). It iterates to the parent directory until it finds a `global-iam.yml` to deploy. Hence, when the `adf-bootstrap/global-iam.yml` gets deployed in the deployment account, it was looking for the `deployment_account_id` SSM parameter. That did not get deployed in the deployment account. **What?** * Add the creation of the `deployment_account_id` in the deployment account, so if the global IAM bootstrap stack failed to deploy before, it will work in the next release. This would be the case if the previous deployment failed but the same `aws-deployment-framework-bootstrap` repository is used in the upgrade. * When installing the first time, it creates the bootstrap repository. At the time of creation, it will copy the `adf-bootstrap/deployment/example-global-iam.yml` to `adf-bootstrap/deployment/global-iam.yml`. The same logic as how ADF creates the initial `adf-bootstrap/global-iam.yml`.
sbkok · Jan 18, 2024 · 2a1b825 · 2a1b825
1 parent f2bb347
commit 2a1b825
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 0 deletions.
diff --git a/src/lambda_codebase/event.py b/src/lambda_codebase/event.py
@@ -135,6 +135,7 @@ def create_output_object(self, account_path):
                 'master_account_id': organization_information.get(
                     "organization_master_account_id"
                 ),
+                'deployment_account_id': self.deployment_account_id,
                 'notification_endpoint': self.main_notification_endpoint,
                 'notification_type': self.notification_type,
                 'cross_account_access_role': self.cross_account_access_role,

diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/main.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/main.py
@@ -146,6 +146,10 @@ def prepare_deployment_account(sts, deployment_account_id, config):
     deployment_account_parameter_store.put_parameter(
         'deployment_account_bucket', DEPLOYMENT_ACCOUNT_S3_BUCKET_NAME
     )
+    deployment_account_parameter_store.put_parameter(
+        'deployment_account_id',
+        deployment_account_id,
+    )
     deployment_account_parameter_store.put_parameter(
         'default_scm_branch',
         config.config.get('scm', {}).get(

diff --git a/src/lambda_codebase/initial_commit/initial_commit.py b/src/lambda_codebase/initial_commit/initial_commit.py
@@ -33,6 +33,9 @@
     "bootstrap_repository/adf-bootstrap/example-global-iam.yml": (
         "adf-bootstrap/global-iam.yml"
     ),
+    "bootstrap_repository/adf-bootstrap/deployment/example-global-iam.yml": (
+        "adf-bootstrap/deployment/global-iam.yml"
+    ),
     "adf.yml.j2": "adf-accounts/adf.yml",
     "adfconfig.yml.j2": "adfconfig.yml",
 }