Skip to content

Commit

Permalink
Change example email domains and account ids (#416)
Browse files Browse the repository at this point in the history 
**Why?**

To ensure that email addresses or account ids are not exposed by accident,
this is the first step to ensure that the same example email addresses
and account ids are used. Such that a mechanism can be introduced to
prevent accidentally committing email addresses or account ids that are
not supposed to be share publicly.

**What?**

This step updates all the email addresses and account ids in the code and
documentation.

The instructions for our contributors received an update too.

In case you want to specify an example email address, please make use of
one of the following email addresses:

* `jane@example.com`
* `john@example.com`
* `janes_team@example.com`
* Or another `@example.com`
* For tests that could potentially create accounts (if mocks failed to work),
  please use `test@amazon.com` instead.

When you want to write documentation/tests and need an example account id, the
following account ids may be used:

* `111111111111`
* `222222222222`
* ... to ...
* `999999999999`
* or to show the length more easily:
* `012345678910`
* `012345671234`
* `123456789012`
  • Loading branch information
@sbkok
sbkok authored Jan 7, 2022
1 parent d79c060 commit cdfa538
Show file tree
Hide file tree
Showing 29 changed files with 222 additions and 400 deletions.
32 changes: 32 additions & 0 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ reported the issue. Please try to include as much information as you can. Detail


## Contributing via Pull Requests

Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:

1. You are working against the latest source on the *master* branch.
Expand All @@ -41,16 +42,47 @@ GitHub provides additional document on [forking a repository](https://help.githu


## Finding contributions to work on

Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/awslabs/aws-deployment-framework/labels/help%20wanted) issues is a great place to start.


## Use of examples

To ensure that email addresses or account ids are not exposed by accident,
it is recommended to use one of the following examples instead:

In case you want to specify an example email address, please make use of one of
the following email addresses:

* `jane@example.com`
* `john@example.com`
* `janes_team@example.com`
* Or another `@example.com`
* For tests that could potentially create accounts (if mocks failed to work),
please use `test@amazon.com` instead.

When you want to write documentation/tests and need an example account id, the
following account ids may be used:

* `111111111111`
* `222222222222`
* ... to ...
* `999999999999`
* or to show the length more easily:
* `012345678910`
* `012345671234`
* `123456789012`


## Code of Conduct

This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
opensource-codeofconduct@amazon.com with any additional questions or comments.


## Security issue notifications

If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.


Expand Down
57 changes: 29 additions & 28 deletions docs/admin-guide.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,18 +49,19 @@ roles:
regions:
deployment-account:
- eu-central-1
targets: # No need to also include 'eu-central-1' in targets as the deployment-account region is also considered a target region by default.
targets: # No need to also include 'eu-central-1' in targets as the deployment-account region is also considered a target region by default.
- eu-west-1

config:
main-notification-endpoint:
- type: email
target: john@doe.com
target: jane@example.com
moves:
- name: to-root
action: safe
protected: # Optional
protected: # Optional
- ou-123

scp: # Service Control Policy
keep-default-scp: enabled # Optional
scm: # Source Control Management
Expand Down Expand Up @@ -238,33 +239,33 @@ When you enter the *source_account_id* in the *deployment_map.yml**, you are say
```yaml
pipelines:
- name: vpc # <-- The CodeCommit repository on the source account would need to have this name
- name: vpc # <-- The CodeCommit repository on the source account would need to have this name
default_providers:
source:
provider: codecommit
properties:
account_id: 11111111111111 # <-- This teams AWS account is the only one able to push into this pipeline
account_id: 111111111111 # <-- This teams AWS account is the only one able to push into this pipeline
targets:
- /security # Shorthand target example
- /security # Shorthand target example
```

Here is an example of passing in a parameter to a pipeline to override the default branch that is used to trigger the pipeline from, this time using Github as a source *(No need for source_account_id)*.


```yaml
pipelines:
- name: vpc # The Github repo would have this name
- name: vpc # The Github repo would have this name
default_providers:
source:
provider: github
properties:
branch: dev/feature
repository: example-vpc # Optional, above name property will be used if this is not specified
repository: example-vpc # Optional, above name property will be used if this is not specified
owner: bundyfx
oauth_token_path: /adf/github_token # The path in AWS Secrets Manager that holds the GitHub Oauth token, ADF only has access to /adf/ prefix in Secrets Manager
json_field: token # The field (key) name of the json object stored in AWS Secrets Manager that holds the Oauth token
oauth_token_path: /adf/github_token # The path in AWS Secrets Manager that holds the GitHub Oauth token, ADF only has access to /adf/ prefix in Secrets Manager
json_field: token # The field (key) name of the json object stored in AWS Secrets Manager that holds the Oauth token
targets:
- /security # Shorthand example
- /security # Shorthand example
```
**Note** If you find yourself specifying the same set of parameters over and over through-out the deployment map consider using [Yaml Anchors and Alias](./user-guide.md).
Expand Down Expand Up @@ -311,10 +312,10 @@ pipelines:
source:
provider: github
properties:
repository: example-vpc-adf # Optional, above name property will be used if this is not specified
owner: bundyfx # Who owns this repository
repository: example-vpc-adf # Optional, above name property will be used if this is not specified
owner: awslabs # Who owns this repository
oauth_token_path: /adf/github_token # The path in AWS Secrets Manager that holds the GitHub Oauth token, ADF only has access to /adf/ prefix in Secrets Manager
json_field: token # The field (key) name of the json object stored in AWS Secrets Manager that holds the Oauth token. example: if we stored {"token": "123secret"} - 'token' would be the json_field value.
json_field: token # The field (key) name of the json object stored in AWS Secrets Manager that holds the Oauth token. example: if we stored {"token": "123secret"} - 'token' would be the json_field value.
targets:
- /security
```
Expand All @@ -331,24 +332,24 @@ pipelines:
provider: codecommit
properties:
account_id: 111111111111
completion_trigger: # <--- When this pipeline finishes it will automatically start sample-iam and sample-ecs-cluster at the same time
completion_trigger: # <--- When this pipeline finishes it will automatically start sample-iam and sample-ecs-cluster at the same time
pipelines:
- sample-iam
- sample-ecs-cluster
targets: &generic_targets # using YAML Anchor
targets: &generic_targets # Using a YAML Anchor, *generic_targets will paste the same value as defined in `targets` here.
- /banking/testing
- approval
- /banking/production

- name: sample-iam
default_providers:
source: *generic_source # using YAML Alias
targets: *generic_targets # using YAML Alias
source: *generic_source # Using YAML Alias
targets: *generic_targets # Using YAML Alias

- name: sample-ecs-cluster
default_providers:
source: *generic_source # using YAML Alias
targets: *generic_targets # using YAML Alias
source: *generic_source # Using YAML Alias
targets: *generic_targets # Using YAML Alias
```
## Service Control Policies
Expand Down Expand Up @@ -402,9 +403,9 @@ pipelines:
source:
provider: codecommit
properties:
account_id: 111112233332
account_id: 111111111111
params:
notification_endpoint: team-bugs # This channel will receive pipeline events (success/failures/approvals)
notification_endpoint: team-bugs # This channel will receive pipeline events (success/failures/approvals)
restart_execution_on_update: True
targets:
- path: /banking/testing
Expand Down Expand Up @@ -539,15 +540,15 @@ Please trace the failed component and dive into/report the debug information.
The main components to look at are:

1. In the AWS Management Account in `us-east-1`:
1. the [CloudFormation aws-deployment-framework stack](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks?filteringStatus=active&filteringText=aws-deployment-framework&viewNested=true&hideStacks=false).
1. the [CloudWatch Logs for the Lambda functions deployed by ADF](https://console.aws.amazon.com/lambda/home?region=us-east-1#/functions?f0=true&n0=false&op=and&v0=ADF).
1. check if the [CodeCommit pull request](https://console.aws.amazon.com/codesuite/codecommit/repositories/aws-deployment-framework-bootstrap/pull-requests?region=us-east-1&status=OPEN) to install the latest version changes of ADF has been merged into your main branch for the `aws-deployment-framework-bootstrap` (ADF Bootstrap) repository.
1. the [CodePipeline execution of the AWS Bootstrap pipeline](https://console.aws.amazon.com/codesuite/codepipeline/pipelines/aws-deployment-framework-bootstrap-pipeline/view?region=us-east-1).
1. the [ADF Bootstrapping Step Function State Machine](https://console.aws.amazon.com/states/home?region=us-east-1#/statemachines).
1. The [CloudFormation aws-deployment-framework stack](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks?filteringStatus=active&filteringText=aws-deployment-framework&viewNested=true&hideStacks=false).
1. The [CloudWatch Logs for the Lambda functions deployed by ADF](https://console.aws.amazon.com/lambda/home?region=us-east-1#/functions?f0=true&n0=false&op=and&v0=ADF).
1. Check if the [CodeCommit pull request](https://console.aws.amazon.com/codesuite/codecommit/repositories/aws-deployment-framework-bootstrap/pull-requests?region=us-east-1&status=OPEN) to install the latest version changes of ADF has been merged into your main branch for the `aws-deployment-framework-bootstrap` (ADF Bootstrap) repository.
1. The [CodePipeline execution of the AWS Bootstrap pipeline](https://console.aws.amazon.com/codesuite/codepipeline/pipelines/aws-deployment-framework-bootstrap-pipeline/view?region=us-east-1).
1. The [ADF Bootstrapping Step Function State Machine](https://console.aws.amazon.com/states/home?region=us-east-1#/statemachines).
* Look at the previous executions of the State Machine.
* When you find one that has a failed execution, check the components that are marked orange/red in the diagram.
1. In the AWS Deployment Account in the deployment region:
1. the [CodePipeline execution of the `aws-deployment-framework-pipelines` (ADF pipelines) repository](https://eu-west-1.console.aws.amazon.com/codesuite/codepipeline/pipelines/aws-deployment-framework-pipelines/view?region=eu-west-1) <- link points to `eu-west-1`, please change that to your own deployment region.
1. The [CodePipeline execution of the `aws-deployment-framework-pipelines` (ADF pipelines) repository](https://eu-west-1.console.aws.amazon.com/codesuite/codepipeline/pipelines/aws-deployment-framework-pipelines/view?region=eu-west-1) <- link points to `eu-west-1`, please change that to your own deployment region.

### How to share debug information

Expand Down
Loading

0 comments on commit cdfa538

Please sign in to comment.