Adding support for nested stack generation in QSAssetsCFNSynthesizer …

…and also improved code and readme file
aws-solutions-library-samples · Dec 9, 2024 · 1539cee · 1539cee
1 parent 9c18bb4
commit 1539cee
Show file tree

Hide file tree

Showing 18 changed files with 1,925 additions and 418 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 ### vsCode ###
 .vscode
+**/**.code-workspace
 
 ### macOS ###
 # General
@@ -17,6 +18,7 @@
 
 **/node_modules
 **/dist
+**/__pycache__
 **/build
 **/.DS_Store
 **/.angular
@@ -25,3 +27,4 @@ cdk.out
 **/data/**.csv
 
 .env
+workspace/
diff --git a/README.md b/README.md
diff --git a/deploy.py b/deploy.py
diff --git a/deployment/CFNStacks/AWSCloudFormationStackSetExecutionRole.yml b/deployment/CFNStacks/AWSCloudFormationStackSetExecutionRole.yml
@@ -16,16 +16,17 @@ Resources:
   ExecutionRole:
     Type: AWS::IAM::Role
     Properties:
-      RoleName: !Ref ExecutionRoleName
+      RoleName: 
+        Ref: ExecutionRoleName
       AssumeRolePolicyDocument:
         Version: 2012-10-17
         Statement:
           - Effect: Allow
             Principal:
               AWS:
-                - !Ref AdministratorAccountId
+                - Ref: AdministratorAccountId
             Action:
               - sts:AssumeRole
       Path: /
       ManagedPolicyArns:
-        - !Sub arn:${AWS::Partition}:iam::aws:policy/AdministratorAccess
+        - Fn::Sub: arn:${AWS::Partition}:iam::aws:policy/AdministratorAccess
diff --git a/deployment/CFNStacks/deploymentAccount_template.yaml b/deployment/CFNStacks/deploymentAccount_template.yaml
@@ -27,25 +27,10 @@ Parameters:
     Description: Region where QuickSight assets are hosted
     Type: String
     Default: "us-east-1"
-  SrcQSAdminRegion:
-    Description: Admin region for your QS source account where your users are hosted
-    Type: String
-    Default: "us-east-1"
-  DestQSAdminRegion:
-    Description: Admin region for your QS destination account where your users are hosted
-    Type: String
-    Default: "us-east-1"
-  QSUser:
-    Description: QS Username in Account where the assets will be created
-    Type: String    
   AccountAdminARN:
     Description: IAM ARN that will be responsible for administering the Account (it will be able to manage the created KMS key for encryption). Eg your role/user arn
     Type: String
     Default: role/Administrator
-  Stage1Name:
-    Description: Name of the first stage in the pipeline, e.g. DEV
-    Type: String
-    Default: DEV
   Stage2Name:
     Description: Name of the first stage in the pipeline, e.g. PRE
     Type: String
@@ -146,6 +131,8 @@ Resources:
             Status: Enabled
       VersioningConfiguration: 
         Status: Enabled
+      WebsiteConfiguration:
+        IndexDocument: index.hmtl
       NotificationConfiguration: 
         EventBridgeConfiguration:
           EventBridgeEnabled: true
@@ -229,6 +216,7 @@ Resources:
       Name: 
         Ref: PipelineName
       PipelineType: V2
+      ExecutionMode: QUEUED
       RoleArn: 
         Fn::GetAtt: CodePipelineRole.Arn
       ArtifactStore:
@@ -295,7 +283,7 @@ Resources:
                   Ref: QuickSightRegion
                 StackSetName: 
                   Fn::Sub: ${PipelineName}-QSSourceAssets
-                TemplatePath: SourceAssetsArtifact::QStemplate_CFN_SOURCE.yaml
+                TemplatePath: SourceAssetsArtifact::QS_assets_CFN_SOURCE.yaml
                 Parameters: 
                   Fn::Sub: SourceAssetsArtifact::source_cfn_template_parameters_${Stage2Name}.txt
               InputArtifacts:
@@ -550,6 +538,58 @@ Resources:
               - Fn::Sub: "arn:aws:s3:::${PipelineS3BucketName}"
               - Fn::Sub: "arn:aws:s3:::${PipelineS3BucketName}/*"
               Sid: VisualEditor0
+            - Action:
+              - dynamodb:BatchGetItem
+              - dynamodb:BatchWriteItem
+              - dynamodb:ConditionCheckItem
+              - dynamodb:PutItem
+              - dynamodb:DescribeTable
+              - dynamodb:DeleteItem
+              - dynamodb:GetItem
+              - dynamodb:Scan
+              - dynamodb:Query
+              - dynamodb:UpdateItem
+              Effect: Allow
+              Resource:
+                - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/QSAssetParameters-${PipelineName}                
+                - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/QSTrackedAssets-${PipelineName}
+  paramDDBTable:
+    Type: AWS::DynamoDB::Table
+    Properties:
+      AttributeDefinitions:
+        - AttributeName: StageName
+          AttributeType: S
+        - AttributeName: AssetType
+          AttributeType: S       
+      KeySchema:
+        - AttributeName: StageName
+          KeyType: HASH      
+        - AttributeName: AssetType
+          KeyType: RANGE
+      ProvisionedThroughput: 
+        ReadCapacityUnits: 5
+        WriteCapacityUnits: 5
+      TableName: 
+        Fn::Sub: QSAssetParameters-${PipelineName}
+
+  trackedAssetsTable:
+    Type: AWS::DynamoDB::Table
+    Properties:
+      AttributeDefinitions:
+        - AttributeName: AssetId
+          AttributeType: S
+        - AttributeName: AssetType
+          AttributeType: S
+      KeySchema:
+        - AttributeName: AssetId
+          KeyType: HASH
+        - AttributeName: AssetType
+          KeyType: RANGE
+      ProvisionedThroughput: 
+        ReadCapacityUnits: 5
+        WriteCapacityUnits: 5      
+      TableName: 
+        Fn::Sub: QSTrackedAssets-${PipelineName}      
 Outputs:
   Codepipeline:
     Description: Link to the codepipeline created to implement QuickSight CI/CD