From 5e530413285c55333e88c978e0cac7354cf16195 Mon Sep 17 00:00:00 2001 From: iamprakkie Date: Wed, 20 Sep 2023 01:24:02 -0600 Subject: [PATCH] updated pipeline.ts --- .../pipeline.ts | 245 +++++++++--------- 1 file changed, 122 insertions(+), 123 deletions(-) diff --git a/lib/multi-acc-new-eks-mixed-observability-pattern/pipeline.ts b/lib/multi-acc-new-eks-mixed-observability-pattern/pipeline.ts index 58882862..0de7c895 100644 --- a/lib/multi-acc-new-eks-mixed-observability-pattern/pipeline.ts +++ b/lib/multi-acc-new-eks-mixed-observability-pattern/pipeline.ts @@ -128,7 +128,7 @@ export class PipelineMultiEnvMonitoring { "ssm:GetParameter" ], resources: ["*"] - } + }; //Props for cross-account trust role in PROD1 account to trust MON account, inorder share PROD1's AMP workspace URL const trustedMONAccArn = `arn:aws:iam::${context.monitoringEnv.account}:role/crossAccAMPInfoFromPROD1Role`; @@ -141,7 +141,7 @@ export class PipelineMultiEnvMonitoring { "ssm:GetParameter" ], resources: ["*"] - } + }; // creating constructs const ampConstruct = new AmpMonitoringConstruct(); @@ -179,7 +179,6 @@ export class PipelineMultiEnvMonitoring { const gitRepositoryName = pipelineSrcInfo.gitRepoName; const gitBranch = pipelineSrcInfo.gitBranch; - const pipeline = blueprints.CodePipelineStack.builder() .application("npx ts-node bin/multi-acc-new-eks-mixed-observability.ts") .name("multi-acc-central-pipeline") @@ -207,120 +206,120 @@ export class PipelineMultiEnvMonitoring { }) .enableCrossAccountKeys(); - const monStage: blueprints.StackStage = { - id: MON_ENV_ID, - stackBuilder: blueprintAmg - .name(MON_ENV_ID) - .clone(context.monitoringEnv.region, context.monitoringEnv.account) - .addOns(new blueprints.NestedStackAddOn({ - builder: AmgIamSetupStack.builder(AmgIamSetupStackProps), - id: "amg-iam-nested-stack" - })) - .addOns( - grafanaOperatorArgoAddonConfig, - ) - }; - - const ampStage: blueprints.StackStage = { - id: PROD1_ENV_ID, - stackBuilder: blueprintAmp - .name(PROD1_ENV_ID) - .clone(context.prodEnv1.region, context.prodEnv1.account) - .version('auto') - .addOns(new blueprints.NestedStackAddOn({ - // builder: AmpIamSetupStack.builder("AMPAccessForTrustedAMGRole", amgWorkspaceIAMRoleARN!), - builder: CreateIAMRoleNestedStack.builder(AMGTrustRoleStackProps), - id: "amp-ds-trustrole-nested-stack" - })) - .addOns(new blueprints.NestedStackAddOn({ - builder: CreateIAMRoleNestedStack.builder(ShareAMPInfoTrustRoleStackProps), - id: "amp-info-trustrole-nested-stack" - })) - .addOns( - prodArgoAddonConfig, - ) - }; - - const cwStage: blueprints.StackStage = { - id: PROD2_ENV_ID, - stackBuilder: blueprintCloudWatch - .name(PROD2_ENV_ID) - .clone(context.prodEnv2.region, context.prodEnv2.account) - .addOns(new blueprints.NestedStackAddOn({ - builder: CloudWatchIamSetupStack.builder("cloudwatchDataSourceRole", amgWorkspaceIAMRoleARN!), - id: "cloudwatch-iam-nested-stack" - })) - .addOns( - prodArgoAddonConfig, - ) - }; - - pipeline.wave({ - id: "multi-acc-stage-01", - stages: [ampStage, cwStage] - }); - - // adding monitoring env setup as separate stage - pipeline.stage(monStage); - - - pipeline.build(scope, "multi-account-central-pipeline", { - env: context.pipelineEnv - }); - - // pipeline.wave({ - // id: "multi-acc-stages", - // stages: [ - // { - // id: PROD1_ENV_ID, - // stackBuilder: blueprintAmp - // .name(PROD1_ENV_ID) - // .clone(context.prodEnv1.region, context.prodEnv1.account) - // .version('auto') - // .addOns(new blueprints.NestedStackAddOn({ - // // builder: AmpIamSetupStack.builder("AMPAccessForTrustedAMGRole", amgWorkspaceIAMRoleARN!), - // builder: CreateIAMRoleNestedStack.builder(AMGTrustRoleStackProps), - // id: "amp-ds-trustrole-nested-stack" - // })) - // .addOns(new blueprints.NestedStackAddOn({ - // builder: CreateIAMRoleNestedStack.builder(ShareAMPInfoTrustRoleStackProps), - // id: "amp-info-trustrole-nested-stack" - // })) - // .addOns( - // prodArgoAddonConfig, - // ) - // }, - // { - // id: PROD2_ENV_ID, - // stackBuilder: blueprintCloudWatch - // .name(PROD2_ENV_ID) - // .clone(context.prodEnv2.region, context.prodEnv2.account) - // .addOns(new blueprints.NestedStackAddOn({ - // builder: CloudWatchIamSetupStack.builder("cloudwatchDataSourceRole", amgWorkspaceIAMRoleARN!), - // id: "cloudwatch-iam-nested-stack" - // })) - // .addOns( - // prodArgoAddonConfig, - // ) - // }, - // { - // id: MON_ENV_ID, - // stackBuilder: blueprintAmg - // .name(MON_ENV_ID) - // .clone(context.monitoringEnv.region, context.monitoringEnv.account) - // .addOns(new blueprints.NestedStackAddOn({ - // builder: AmgIamSetupStack.builder(AmgIamSetupStackProps), - // id: "amg-iam-nested-stack" - // })) - // .addOns( - // grafanaOperatorArgoAddonConfig, - // ) - // }, - // ], - // }) - // .build(scope, "multi-account-central-pipeline", { - // env: context.pipelineEnv - // }); + const monStage: blueprints.StackStage = { + id: MON_ENV_ID, + stackBuilder: blueprintAmg + .name(MON_ENV_ID) + .clone(context.monitoringEnv.region, context.monitoringEnv.account) + .addOns(new blueprints.NestedStackAddOn({ + builder: AmgIamSetupStack.builder(AmgIamSetupStackProps), + id: "amg-iam-nested-stack" + })) + .addOns( + grafanaOperatorArgoAddonConfig, + ) + }; + + const ampStage: blueprints.StackStage = { + id: PROD1_ENV_ID, + stackBuilder: blueprintAmp + .name(PROD1_ENV_ID) + .clone(context.prodEnv1.region, context.prodEnv1.account) + .version('auto') + .addOns(new blueprints.NestedStackAddOn({ + // builder: AmpIamSetupStack.builder("AMPAccessForTrustedAMGRole", amgWorkspaceIAMRoleARN!), + builder: CreateIAMRoleNestedStack.builder(AMGTrustRoleStackProps), + id: "amp-ds-trustrole-nested-stack" + })) + .addOns(new blueprints.NestedStackAddOn({ + builder: CreateIAMRoleNestedStack.builder(ShareAMPInfoTrustRoleStackProps), + id: "amp-info-trustrole-nested-stack" + })) + .addOns( + prodArgoAddonConfig, + ) + }; + + const cwStage: blueprints.StackStage = { + id: PROD2_ENV_ID, + stackBuilder: blueprintCloudWatch + .name(PROD2_ENV_ID) + .clone(context.prodEnv2.region, context.prodEnv2.account) + .addOns(new blueprints.NestedStackAddOn({ + builder: CloudWatchIamSetupStack.builder("cloudwatchDataSourceRole", amgWorkspaceIAMRoleARN!), + id: "cloudwatch-iam-nested-stack" + })) + .addOns( + prodArgoAddonConfig, + ) + }; + + pipeline.wave({ + id: "multi-acc-stage-01", + stages: [ampStage, cwStage] + }); + + // adding monitoring env setup as separate stage + pipeline.stage(monStage); + + + pipeline.build(scope, "multi-account-central-pipeline", { + env: context.pipelineEnv + }); + + // pipeline.wave({ + // id: "multi-acc-stages", + // stages: [ + // { + // id: PROD1_ENV_ID, + // stackBuilder: blueprintAmp + // .name(PROD1_ENV_ID) + // .clone(context.prodEnv1.region, context.prodEnv1.account) + // .version('auto') + // .addOns(new blueprints.NestedStackAddOn({ + // // builder: AmpIamSetupStack.builder("AMPAccessForTrustedAMGRole", amgWorkspaceIAMRoleARN!), + // builder: CreateIAMRoleNestedStack.builder(AMGTrustRoleStackProps), + // id: "amp-ds-trustrole-nested-stack" + // })) + // .addOns(new blueprints.NestedStackAddOn({ + // builder: CreateIAMRoleNestedStack.builder(ShareAMPInfoTrustRoleStackProps), + // id: "amp-info-trustrole-nested-stack" + // })) + // .addOns( + // prodArgoAddonConfig, + // ) + // }, + // { + // id: PROD2_ENV_ID, + // stackBuilder: blueprintCloudWatch + // .name(PROD2_ENV_ID) + // .clone(context.prodEnv2.region, context.prodEnv2.account) + // .addOns(new blueprints.NestedStackAddOn({ + // builder: CloudWatchIamSetupStack.builder("cloudwatchDataSourceRole", amgWorkspaceIAMRoleARN!), + // id: "cloudwatch-iam-nested-stack" + // })) + // .addOns( + // prodArgoAddonConfig, + // ) + // }, + // { + // id: MON_ENV_ID, + // stackBuilder: blueprintAmg + // .name(MON_ENV_ID) + // .clone(context.monitoringEnv.region, context.monitoringEnv.account) + // .addOns(new blueprints.NestedStackAddOn({ + // builder: AmgIamSetupStack.builder(AmgIamSetupStackProps), + // id: "amg-iam-nested-stack" + // })) + // .addOns( + // grafanaOperatorArgoAddonConfig, + // ) + // }, + // ], + // }) + // .build(scope, "multi-account-central-pipeline", { + // env: context.pipelineEnv + // }); } } @@ -339,7 +338,7 @@ function createArgoAddonConfig(repoUrl: string, path: string, branch?: string, r path: path, targetRevision: branch, }, - } + }; } else { ArgoCDAddOnProps = { @@ -350,7 +349,7 @@ function createArgoAddonConfig(repoUrl: string, path: string, branch?: string, r credentialsSecretName: 'github-ssh-key', // for access to private repo. This needs SecretStoreAddOn added to your cluster. Ensure github-ssh-key secret exists in pipeline account at COA_REGION credentialsType: 'SSH', }, - } + }; } return new blueprints.ArgoCDAddOn(ArgoCDAddOnProps); } @@ -361,8 +360,8 @@ function createGOArgoAddonConfig(repoUrl: string, path: string, branch?: string, branch = branch! || 'main'; repoType = repoType! || 'public'; - const ampAssumeRoleArn = `arn:aws:iam::${ampAccount}:role/AMPAccessForTrustedAMGRole` - const cwAssumeRoleArn = `arn:aws:iam::${cwAccount}:role/cloudwatchDataSourceRole` + const ampAssumeRoleArn = `arn:aws:iam::${ampAccount}:role/AMPAccessForTrustedAMGRole`; + const cwAssumeRoleArn = `arn:aws:iam::${cwAccount}:role/cloudwatchDataSourceRole`; // Get AMP Endpoint URL const ampEndpointURL = "UPDATE_ME_WITH_AMP_ENDPOINT_URL"; @@ -376,7 +375,7 @@ function createGOArgoAddonConfig(repoUrl: string, path: string, branch?: string, path: path, targetRevision: branch, }, - } + }; } else { ArgoCDAddOnProps = { @@ -387,7 +386,7 @@ function createGOArgoAddonConfig(repoUrl: string, path: string, branch?: string, credentialsSecretName: 'github-ssh-key', // for access to private repo. This needs SecretStoreAddOn added to your cluster. Ensure github-ssh-key secret exists in pipeline account at COA_REGION credentialsType: 'SSH', }, - } + }; } ArgoCDAddOnProps.bootstrapValues = {