From 9c88f93071493ec57cc60e9a383398c5d17dfa77 Mon Sep 17 00:00:00 2001 From: Simon Kok Date: Thu, 18 Jan 2024 21:52:46 +0100 Subject: [PATCH] Fix missing deployment_account_id and initial deployment global IAM bootstrap **Why?** Issues: #659 and #594. When installing ADF the first time, the global IAM bootstrap stack that gets deployed is sourced from the `adf-bootstrap/global-iam.yml`. The reason for this behaviour is the absence of the `global-iam.yml` file in the deployment OU bootstrap folder (`adf-bootstrap/deployment/global-iam.yml`). It iterates to the parent directory until it finds a `global-iam.yml` to deploy. Hence, when the `adf-bootstrap/global-iam.yml` gets deployed in the deployment account, it was looking for the `deployment_account_id` SSM parameter. That did not get deployed in the deployment account. **What?** * Add the creation of the `deployment_account_id` in the deployment account, so if the global IAM bootstrap stack failed to deploy before, it will work in the next release. This would be the case if the previous deployment failed but the same `aws-deployment-framework-bootstrap` repository is used in the upgrade. * When installing the first time, it creates the bootstrap repository. At the time of creation, it will copy the `adf-bootstrap/deployment/example-global-iam.yml` to `adf-bootstrap/deployment/global-iam.yml`. The same logic as how ADF creates the initial `adf-bootstrap/global-iam.yml`. --- src/lambda_codebase/event.py | 1 + .../initial_commit/bootstrap_repository/adf-build/main.py | 4 ++++ src/lambda_codebase/initial_commit/initial_commit.py | 3 +++ 3 files changed, 8 insertions(+) diff --git a/src/lambda_codebase/event.py b/src/lambda_codebase/event.py index 429c5b1f8..e9be6047a 100644 --- a/src/lambda_codebase/event.py +++ b/src/lambda_codebase/event.py @@ -139,6 +139,7 @@ def create_output_object(self, account_path): 'master_account_id': organization_information.get( "organization_master_account_id" ), + 'deployment_account_id': self.deployment_account_id, 'notification_endpoint': self.main_notification_endpoint, 'notification_type': self.notification_type, 'cross_account_access_role': self.cross_account_access_role, diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/main.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/main.py index 69841139d..0851d00e3 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/main.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/main.py @@ -146,6 +146,10 @@ def prepare_deployment_account(sts, deployment_account_id, config): deployment_account_parameter_store.put_parameter( 'deployment_account_bucket', DEPLOYMENT_ACCOUNT_S3_BUCKET_NAME ) + deployment_account_parameter_store.put_parameter( + 'deployment_account_id', + deployment_account_id, + ) deployment_account_parameter_store.put_parameter( 'default_scm_branch', ( diff --git a/src/lambda_codebase/initial_commit/initial_commit.py b/src/lambda_codebase/initial_commit/initial_commit.py index 8a2b55c13..9cc2ad320 100644 --- a/src/lambda_codebase/initial_commit/initial_commit.py +++ b/src/lambda_codebase/initial_commit/initial_commit.py @@ -33,6 +33,9 @@ "bootstrap_repository/adf-bootstrap/example-global-iam.yml": ( "adf-bootstrap/global-iam.yml" ), + "bootstrap_repository/adf-bootstrap/deployment/example-global-iam.yml": ( + "adf-bootstrap/deployment/global-iam.yml" + ), "adf.yml.j2": "adf-accounts/adf.yml", "adfconfig.yml.j2": "adfconfig.yml", }