Skip to content

Commit

Permalink
Fix missing deployment_account_id and initial deployment global IAM b…
Browse files Browse the repository at this point in the history
…ootstrap

**Why?**

Issues: awslabs#659 and awslabs#594.

When installing ADF the first time, the global IAM bootstrap stack that gets
deployed is sourced from the `adf-bootstrap/global-iam.yml`.

The reason for this behaviour is the absence of the `global-iam.yml` file
in the deployment OU bootstrap folder
(`adf-bootstrap/deployment/global-iam.yml`).

It iterates to the parent directory until it finds a `global-iam.yml` to
deploy. Hence, when the `adf-bootstrap/global-iam.yml` gets deployed in the
deployment account, it was looking for the `deployment_account_id` SSM
parameter. That did not get deployed in the deployment account.

**What?**

* Add the creation of the `deployment_account_id` in the deployment account,
  so if the global IAM bootstrap stack failed to deploy before, it will work
  in the next release. This would be the case if the previous deployment failed
  but the same `aws-deployment-framework-bootstrap` repository is used in the
  upgrade.
* When installing the first time, it creates the bootstrap repository.
  At the time of creation, it will copy the
  `adf-bootstrap/deployment/example-global-iam.yml` to
  `adf-bootstrap/deployment/global-iam.yml`.
  The same logic as how ADF creates the initial `adf-bootstrap/global-iam.yml`.
  • Loading branch information
sbkok committed May 16, 2024
1 parent e2374f7 commit 6478778
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/lambda_codebase/event.py
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ def create_output_object(self, account_path):
'master_account_id': organization_information.get(
"organization_master_account_id"
),
'deployment_account_id': self.deployment_account_id,
'notification_endpoint': self.main_notification_endpoint,
'notification_type': self.notification_type,
'cross_account_access_role': self.cross_account_access_role,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,10 @@ def prepare_deployment_account(sts, deployment_account_id, config):
deployment_account_parameter_store.put_parameter(
'deployment_account_bucket', DEPLOYMENT_ACCOUNT_S3_BUCKET_NAME
)
deployment_account_parameter_store.put_parameter(
'deployment_account_id',
deployment_account_id,
)
deployment_account_parameter_store.put_parameter(
'default_scm_branch',
config.config.get('scm', {}).get(
Expand Down
3 changes: 3 additions & 0 deletions src/lambda_codebase/initial_commit/initial_commit.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@
"bootstrap_repository/adf-bootstrap/example-global-iam.yml": (
"adf-bootstrap/global-iam.yml"
),
"bootstrap_repository/adf-bootstrap/deployment/example-global-iam.yml": (
"adf-bootstrap/deployment/global-iam.yml"
),
"adf.yml.j2": "adf-accounts/adf.yml",
"adfconfig.yml.j2": "adfconfig.yml",
}
Expand Down

0 comments on commit 6478778

Please sign in to comment.