A sample that demonstrate how to deploy Custom config rules that created with RDK via ADF pipelines

[ntwobike]

Issue #, if available:

Description of changes:
This sample shows how to deploy Custom config rules create by RDK via ADF pipelines in multi account environment.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[StewartW]

Looks really good! Thanks for sharing this. Just one commented out code section.

[Nr18]

@ntwobike nice! I had one question, did you consider the following approach to eliminate 1 pipeline:

- name: custom-config-rules ## repo name
    default_providers:
      source:
        provider: codecommit
        properties:
          account_id: <deployment-account-id>
      build:
        provider: codebuild
        properties:
          image: "STANDARD_5_0"
          spec_filename: "buildspec-lambda.yml"
      deploy:
        provider: cloudformation
    targets:  
      - name: LambdaDeployment
        regions: ....
        target: <deployment-account-id>
        properties:
           template_filename: "template-lambda.json"
      - name: ConfigRules
        regions: eu-west-1
        target:
          - <target-accounts-to-deploy-custom-config-rules> 
        properties:
          template_filename: "template-config-rules.json"

[ntwobike]

@Nr18 I haven't tried but as I see here there is only one build step here. I need 2 build steps to generate 2 different CFN templates on the fly for lambda and config-rules. It might be possible to consolidate the both buildspec to one file. Let me give a try and comeback to you

@ntwobike nice! I had one question, did you consider the following approach to eliminate 1 pipeline:

- name: custom-config-rules ## repo name
    default_providers:
      source:
        provider: codecommit
        properties:
          account_id: <deployment-account-id>
      build:
        provider: codebuild
        properties:
          image: "STANDARD_5_0"
          spec_filename: "buildspec-lambda.yml"
      deploy:
        provider: cloudformation
    targets:  
      - name: LambdaDeployment
        regions: ....
        target: <deployment-account-id>
        properties:
           template_filename: "template-lambda.json"
      - name: ConfigRules
        regions: eu-west-1
        target:
          - <target-accounts-to-deploy-custom-config-rules> 
        properties:
          template_filename: "template-config-rules.json"

[Nr18]

@ntwobike you will need a subfolder for example: lambda and config-rules then duplicate put the params folder and put them in those folders:

    targets:  
      - name: LambdaDeployment
        regions: ....
        target: <deployment-account-id>
        properties:
          root_dir: lambda
          template_filename: "template-lambda.json"
      - name: ConfigRules
        regions: eu-west-1
        target:
          - <target-accounts-to-deploy-custom-config-rules> 
        properties:
          root_dir: config-rules
          template_filename: "template-config-rules.json"

You can then use a tamplate.yml file that is picked up automatically (so you do not need to specify it)

Then win the buildspec you could do:

      - cd ./lambda
      - PYTHONPATH=../adf-build/python python ../adf-build/generate_params.py
      - cd ../config-rules
      - PYTHONPATH=../adf-build/python python ../adf-build/generate_params.py

Unfortunately, you need to specify the PYTHONPATH when using subfolders, see: #449 I will probably propose that the generate script resolves and includes the absolute path of the ./adf-build/python folder.

[ntwobike]

@Nr18 I have simplified the pipeline definition into one as you suggested. Nice one thanks for the suggestion. Also have updated the readme and the arch diagram as well. I didnt want the folders tho. Could you please have a look again.

[Nr18]

👌 Nice, that's a lot simpler! The CloudFormation parameters of both templates are the same I assume? And that is the reason you can use the ./adf-build/generate_params.py in a normal way?

[ntwobike]

@Nr18 yep.

[ntwobike]

@Nr18 could you kindly approve the pull request.

[sbkok]

Apologies for the delayed review.
Thanks for adding this example! I have a few suggested improvements, if you disagree with any of these feel free to open a discussion.

I noticed a bit of code repetition in the python code, could those be extracted out to separate files so they can be included once?

I really like the addition of the diagrams and docs, much appreciated!!

[ntwobike]

Hi @sbkok thanks for the review I have adapted all of suggestions. Please have a look again.

[sbkok]

Thank you for fixing those.
Unfortunately the UX of GitHub isn't the best, so I don't blame you. It looks like there are still a number of comments that are not fixed, could you check the hidden conversation and see if there are more comments/suggestions to fix?

[sbkok]

LGTM, thank you for contributing this!