-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A sample that demonstrate how to deploy Custom config rules that created with RDK via ADF pipelines #451
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good! Thanks for sharing this. Just one commented out code section.
samples/sample-rdk-rules/config-rules/SOME_OTHER_RULE/SOME_OTHER_RULE_test.py
Outdated
Show resolved
Hide resolved
@ntwobike nice! I had one question, did you consider the following approach to eliminate 1 pipeline: - name: custom-config-rules ## repo name
default_providers:
source:
provider: codecommit
properties:
account_id: <deployment-account-id>
build:
provider: codebuild
properties:
image: "STANDARD_5_0"
spec_filename: "buildspec-lambda.yml"
deploy:
provider: cloudformation
targets:
- name: LambdaDeployment
regions: ....
target: <deployment-account-id>
properties:
template_filename: "template-lambda.json"
- name: ConfigRules
regions: eu-west-1
target:
- <target-accounts-to-deploy-custom-config-rules>
properties:
template_filename: "template-config-rules.json" |
@Nr18 I haven't tried but as I see here there is only one build step here. I need 2 build steps to generate 2 different CFN templates on the fly for lambda and config-rules. It might be possible to consolidate the both buildspec to one file. Let me give a try and comeback to you
|
@ntwobike you will need a subfolder for example: targets:
- name: LambdaDeployment
regions: ....
target: <deployment-account-id>
properties:
root_dir: lambda
template_filename: "template-lambda.json"
- name: ConfigRules
regions: eu-west-1
target:
- <target-accounts-to-deploy-custom-config-rules>
properties:
root_dir: config-rules
template_filename: "template-config-rules.json" You can then use a tamplate.yml file that is picked up automatically (so you do not need to specify it) Then win the buildspec you could do: - cd ./lambda
- PYTHONPATH=../adf-build/python python ../adf-build/generate_params.py
- cd ../config-rules
- PYTHONPATH=../adf-build/python python ../adf-build/generate_params.py Unfortunately, you need to specify the |
@Nr18 I have simplified the pipeline definition into one as you suggested. Nice one thanks for the suggestion. Also have updated the readme and the arch diagram as well. I didnt want the folders tho. Could you please have a look again. |
👌 Nice, that's a lot simpler! The CloudFormation parameters of both templates are the same I assume? And that is the reason you can use the |
@Nr18 yep. |
@Nr18 could you kindly approve the pull request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the delayed review.
Thanks for adding this example! I have a few suggested improvements, if you disagree with any of these feel free to open a discussion.
I noticed a bit of code repetition in the python code, could those be extracted out to separate files so they can be included once?
I really like the addition of the diagrams and docs, much appreciated!!
...onfig-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/EC2_CHECKS_TERMINIATION_PROTECTION_ADF.py
Outdated
Show resolved
Hide resolved
Hi @sbkok thanks for the review I have adapted all of suggestions. Please have a look again. |
Thank you for fixing those. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you for contributing this!
Issue #, if available:
Description of changes:
This sample shows how to deploy Custom config rules create by RDK via ADF pipelines in multi account environment.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.