Merge pull request caktus#97 from caktus/add-s3-to-eks

copelco · web-flow · commit 2a812b910ee5 · 2020-07-21T12:49:16.000-04:00
Add assets to EKS
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -7,6 +7,9 @@ Change Log
 
 * Optionally create RDS, Redis, memcached, elasticsearch services when creating
   an EKS cluster.
+* Include standard aws-web-stacks public and private asset buckets when using EKS.
+* Make AssetsCloudFrontCertArn empty by default so it's optional
+* Make SFTPUserRole and SFTPUserScopeDownPolicy key off use_sftp_condition
 * TBD
 
 
diff --git a/stack/__init__.py b/stack/__init__.py
@@ -10,6 +10,8 @@
 USE_NAT_GATEWAY = os.environ.get("USE_NAT_GATEWAY") == "on"
 
 if USE_EKS:
+    from . import sftp  # noqa: F401
+    from . import assets  # noqa: F401
     from . import vpc  # noqa: F401
     from . import template
     from . import repository  # noqa: F401
diff --git a/stack/assets.py b/stack/assets.py
@@ -298,6 +298,7 @@
                         "region, and (3) you wish to serve static media over HTTPS, you must manually create an "
                         "ACM certificate in the us-east-1 region and provide its ARN here.",
             Type="String",
+            Default="",
         ),
         group="Static Media",
         label="CloudFront SSL Certificate ARN",
@@ -435,6 +436,7 @@
     # This is for applying when adding users to the transfer server. It's not used directly in the stack creation,
     # other than adding it to IAM for later use.
     "SFTPUserScopeDownPolicy",
+    Condition=use_sftp_condition,
     PolicyDocument=dict(
         Version="2012-10-17",
         Statement=If(
@@ -474,6 +476,7 @@
     # to be used later when adding users to the transfer server.
     "SFTPUserRole",
     template=template,
+    Condition=use_sftp_condition,
     AssumeRolePolicyDocument=dict(
         Statement=[
             dict(
diff --git a/stack/containers.py b/stack/containers.py
@@ -5,13 +5,11 @@
 from troposphere import Ref, iam
 
 from stack import USE_DOKKU, USE_EB, USE_ECS, USE_EKS
+from stack.assets import assets_management_policy
+from stack.logs import logging_policy
 from stack.template import template
 from stack.utils import ParameterWithDefaults as Parameter
 
-if not USE_EKS:
-    from stack.assets import assets_management_policy
-    from stack.logs import logging_policy
-
 if not USE_DOKKU and not USE_EB:
     desired_container_instances = Ref(
         template.add_parameter(
@@ -52,10 +50,8 @@
             )
         )
 
-if USE_EKS:
-    container_policies = []
-else:
-    container_policies = [assets_management_policy, logging_policy]
+container_policies = [assets_management_policy, logging_policy]
+
 if USE_ECS:
     container_policies.extend(
         [
