From 76836d684e2cf32f8d63f0ff8de2c065313356a0 Mon Sep 17 00:00:00 2001 From: Prasanna Tuladhar Date: Fri, 21 Jun 2024 10:35:10 +0200 Subject: [PATCH 1/6] gitlab support through api calls - full implementation --- deploy.sh | 18 ++++++---- .../lambda/domain-cicd/src/lambda_function.py | 35 ++++++++++++++----- .../template-cicd-cfn-module.yaml | 23 ++++++++---- ...emplate-cicd-sdlf-repositories.gitlab.yaml | 4 +-- 4 files changed, 56 insertions(+), 24 deletions(-) diff --git a/deploy.sh b/deploy.sh index 9ed94a51..8fcd1504 100755 --- a/deploy.sh +++ b/deploy.sh @@ -50,7 +50,7 @@ function template_protection() --profile "$CURRENT_PROFILE_NAME" } -crossaccount_cicd_roles () { +crossaccount_cicd_roles () { pflag=false rflag=false dflag=false @@ -132,7 +132,7 @@ crossaccount_cicd_roles () { exit } -devops_account () { +devops_account () { pflag=false rflag=false dflag=false @@ -269,13 +269,17 @@ devops_account () { GITLAB_URL=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/Url --query "Parameter.Value" --output text) GITLAB_ACCESSTOKEN=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/AccessToken --query "Parameter.Value" --output text) + GITLAB_NAMESPACE_ID=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/NamespaceId --query "Parameter.Value" --output text) + GITLAB_GROUP_NAME=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --name /SDLF/GitLab/SdlfGitLabGroup --query "Parameter.Value" --output text) + + echo "Creating $REPOSITORY repository in GitLab ..." curl --request POST --header "PRIVATE-TOKEN: $GITLAB_ACCESSTOKEN" \ - --header "Content-Type: application/json" --data '{ - "name": "$REPOSITORY", "description": "$REPOSITORY", "path": "$REPOSITORY", - "namespace_id": "66", "initialize_with_readme": false}' \ - --url "$GITLAB_URLapi/v4/projects/" + --header "Content-Type: application/json" \ + --data "{\"name\": \"$REPOSITORY\", \"description\": \"$REPOSITORY\", \"path\": \"$REPOSITORY\", \"namespace_id\": \"$GITLAB_NAMESPACE_ID\", \"initialize_with_readme\": false}" \ + --url "${GITLAB_URL}api/v4/projects/" + - GITLAB_REPOSITORY_URL="https://aws:$GITLAB_ACCESSTOKEN@${GITLAB_URL#https://}sdlf/$REPOSITORY.git" + GITLAB_REPOSITORY_URL="https://aws:$GITLAB_ACCESSTOKEN@${GITLAB_URL#https://}${GITLAB_GROUP_NAME}/$REPOSITORY.git" if [ "$REPOSITORY" = "sdlf-main" ] then diff --git a/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py b/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py index 151b3240..8e431a59 100644 --- a/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py +++ b/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py @@ -4,7 +4,7 @@ import zipfile from io import BytesIO from tempfile import mkdtemp -from urllib.request import Request, urlopen +from urllib.request import HTTPError, Request, URLError, urlopen import boto3 from botocore.client import Config @@ -164,14 +164,33 @@ def delete_domain_team_role_stack(cloudformation, team): def create_team_repository_cicd_stack(domain, team_name, template_body_url, cloudformation_role): - gitlab_url = ssm.get_parameter(Name="/SDLF/GitLab/Url")["Parameter"]["Value"] - gitlab_accesstoken = ssm.get_parameter(Name="/SDLF/GitLab/AccessToken")["Parameter"]["Value"] + gitlab_url = ssm.get_parameter(Name="/SDLF/GitLab/Url", WithDecryption=True)["Parameter"]["Value"] + gitlab_accesstoken = ssm.get_parameter(Name="/SDLF/GitLab/AccessToken", WithDecryption=True)["Parameter"]["Value"] repository = f"sdlf-main-{domain}-{team_name}" - req = Request(f"{gitlab_url}api/v4/projects/") - req.add_header("Content-Type", "application/json") - req.add_header("PRIVATE-TOKEN", gitlab_accesstoken) - data = '{"name": "$REPOSITORY", "description": "$REPOSITORY", "path": "$REPOSITORY","namespace_id": "66", "initialize_with_readme": false}' - response = urlopen(req, data=data).read() + namespace_id = ssm.get_parameter(Name="/SDLF/GitLab/NamespaceId", WithDecryption=True)["Parameter"]["Value"] + url = f"{gitlab_url}api/v4/projects/" + headers = { + "Content-Type": "application/json", + "PRIVATE-TOKEN": gitlab_accesstoken + } + data = { + "name": repository, + "description": repository, + "path": repository, + "namespace_id": namespace_id, + "initialize_with_readme": "false" + } + json_data = json.dumps(data).encode('utf-8') + req = Request(url, data=json_data, headers=headers, method='POST') + + try: + with urlopen(req) as response: + response_body = response.read().decode('utf-8') + logger.info(response_body) + except HTTPError as e: + logger.error(f"HTTP error occurred: {e.code} {e.reason}") + except URLError as e: + logger.error(f"URL error occurred: {e.reason}") response = {} cloudformation_waiter_type = None diff --git a/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml b/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml index 4283514b..b466f6e5 100644 --- a/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml +++ b/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml @@ -139,8 +139,13 @@ Resources: EncryptionKey: !Ref pKMSKey VpcConfig: !If - RunInVpc - - SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups] - Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets] + - SecurityGroupIds: + !Split [ + ",", + !ImportValue sdlf-cicd-prerequisites-vpc-security-groups, + ] + Subnets: + !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets] VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" Environment: @@ -167,9 +172,8 @@ Resources: && unzip -q aws-sam-cli-linux-x86_64.zip -d sam-installation ./sam-installation/install \ && sam --version - - |- - pip3 install cfn-lint==0.87.7 - pip3 install cloudformation-cli + - pip3 install cfn-lint==0.87.7 + - pip3 install cloudformation-cli - aws s3api get-object --bucket "$ARTIFACTS_BUCKET" --key sam-translate.py sam-translate.py build: commands: @@ -246,8 +250,13 @@ Resources: EncryptionKey: !Ref pKMSKey VpcConfig: !If - RunInVpc - - SecurityGroupIds: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-security-groups] - Subnets: !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets] + - SecurityGroupIds: + !Split [ + ",", + !ImportValue sdlf-cicd-prerequisites-vpc-security-groups, + ] + Subnets: + !Split [",", !ImportValue sdlf-cicd-prerequisites-vpc-subnets] VpcId: "{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" Environment: diff --git a/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml b/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml index 92dc0ed9..be2cded0 100644 --- a/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml +++ b/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml @@ -8,7 +8,7 @@ Parameters: Default: /SDLF/KMS/CICDKeyId pSdlfGitLabGroup: Type: String - Default: sdlf + Default: datamesh pCicdRepository: Type: String Default: sdlf-cicd @@ -159,4 +159,4 @@ Outputs: # workaround {{resolve:ssm:}} not returning an array that can be used directly in VpcConfig blocks oKmsKey: Description: CICD KMS Key - Value: !Ref pKMSKey \ No newline at end of file + Value: !Ref pKMSKey From 86703221fe27a490a6db52bcfe7577fec00a41f8 Mon Sep 17 00:00:00 2001 From: "prasanna.tuladhar" Date: Mon, 24 Jun 2024 08:50:09 +0000 Subject: [PATCH 2/6] fix: covestro issues --- deploy.sh | 13 ++++++++----- .../template-cicd-sdlf-repositories.gitlab.yaml | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/deploy.sh b/deploy.sh index 8fcd1504..f9a8a53e 100755 --- a/deploy.sh +++ b/deploy.sh @@ -272,14 +272,17 @@ devops_account () { GITLAB_NAMESPACE_ID=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/NamespaceId --query "Parameter.Value" --output text) GITLAB_GROUP_NAME=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --name /SDLF/GitLab/SdlfGitLabGroup --query "Parameter.Value" --output text) + GITLAB_HOST_NAME=$(echo $url | cut -d'/' -f3) + echo "Creating $REPOSITORY repository in GitLab ..." - curl --request POST --header "PRIVATE-TOKEN: $GITLAB_ACCESSTOKEN" \ + curl --insecure --request POST --header "PRIVATE-TOKEN: $GITLAB_ACCESSTOKEN" \ --header "Content-Type: application/json" \ --data "{\"name\": \"$REPOSITORY\", \"description\": \"$REPOSITORY\", \"path\": \"$REPOSITORY\", \"namespace_id\": \"$GITLAB_NAMESPACE_ID\", \"initialize_with_readme\": false}" \ --url "${GITLAB_URL}api/v4/projects/" GITLAB_REPOSITORY_URL="https://aws:$GITLAB_ACCESSTOKEN@${GITLAB_URL#https://}${GITLAB_GROUP_NAME}/$REPOSITORY.git" + GITLAB_SSH_URI=git@${GITLAB_HOST_NAME}:${GITLAB_GROUP_NAME}/$REPOSITORY.git if [ "$REPOSITORY" = "sdlf-main" ] then @@ -289,11 +292,11 @@ devops_account () { pushd "$REPOSITORY" || exit if [ ! -d .git ] # if .git exists, deploy.sh has likely been run before - do not try to push the base repositories then - git init - git remote add origin "$GITLAB_REPOSITORY_URL" || exit 1 + git init --initial-branch=main + git remote add origin "$GITLAB_SSH_URI" || exit 1 git add . git commit -m "initial commit" - git push origin main || exit 1 + git push -u origin main || exit 1 git push origin main:dev git push origin main:test fi @@ -306,7 +309,7 @@ devops_account () { done aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" s3api put-object --bucket "$ARTIFACTS_BUCKET" --key sam-translate.py --body "$DIRNAME"/sdlf-cicd/sam-translate.py - curl -L -O --output-dir "$DIRNAME"/sdlf-cicd/ https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip + curl -L -O --insecure --output-dir "$DIRNAME"/sdlf-cicd/ https://github.com/aws/aws-sam-cli/releases/latest/download/aws-sam-cli-linux-x86_64.zip aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" s3api put-object --bucket "$ARTIFACTS_BUCKET" --key aws-sam-cli-linux-x86_64.zip --body "$DIRNAME"/sdlf-cicd/aws-sam-cli-linux-x86_64.zip rm "$DIRNAME"/sdlf-cicd/aws-sam-cli-linux-x86_64.zip diff --git a/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml b/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml index be2cded0..ed508d1d 100644 --- a/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml +++ b/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml @@ -8,7 +8,7 @@ Parameters: Default: /SDLF/KMS/CICDKeyId pSdlfGitLabGroup: Type: String - Default: datamesh + Default: covestro-analytics-platform/datamesh pCicdRepository: Type: String Default: sdlf-cicd From 75505dd133e6f86c41e0bff6c18cb3e0e71b1dbd Mon Sep 17 00:00:00 2001 From: "prasanna.tuladhar" Date: Mon, 24 Jun 2024 08:57:20 +0000 Subject: [PATCH 3/6] fix: iam policy through patch --- .../nested-stacks/template-cicd-cfn-module.yaml | 10 +++------- .../nested-stacks/template-cicd-glue-job.yaml | 8 ++------ .../template-cicd-lambda-layer.yaml | 8 ++------ sdlf-cicd/template-cicd-sdlf-pipelines.yaml | 16 ++++------------ sdlf-monitoring/template.yaml | 8 ++++---- sdlf-team/template.yaml | 3 --- 6 files changed, 15 insertions(+), 38 deletions(-) diff --git a/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml b/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml index b466f6e5..7573acd4 100644 --- a/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml +++ b/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml @@ -90,10 +90,6 @@ Resources: - ec2:DeleteNetworkInterface # W11 condition applied Resource: - "*" - Condition: - ArnEqualsIfExists: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -101,13 +97,13 @@ Resources: Action: - ec2:CreateNetworkInterfacePermission Resource: - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*" Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com ArnEquals: "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - PolicyName: sdlf-cicd-build-stages-cfn-modules PolicyDocument: @@ -127,7 +123,7 @@ Resources: - codecommit:GetUploadArchiveStatus - codecommit:CancelUploadArchive Resource: - - !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${pStagesRepositoriesPrefix}* + - !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:*:${pStagesRepositoriesPrefix}* rBuildCloudformationModuleStage: Type: AWS::CodeBuild::Project diff --git a/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml b/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml index ff4100c3..22e8675d 100644 --- a/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml +++ b/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml @@ -87,10 +87,6 @@ Resources: - ec2:DeleteNetworkInterface # W11 condition applied Resource: - "*" - Condition: - ArnEqualsIfExists: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -98,13 +94,13 @@ Resources: Action: - ec2:CreateNetworkInterfacePermission Resource: - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*" Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com ArnEquals: "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" rGlueJobPackage: diff --git a/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml b/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml index 6fc1b989..6121e62d 100644 --- a/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml +++ b/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml @@ -83,10 +83,6 @@ Resources: - ec2:DeleteNetworkInterface # W11 condition applied Resource: - "*" - Condition: - ArnEqualsIfExists: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -94,13 +90,13 @@ Resources: Action: - ec2:CreateNetworkInterfacePermission Resource: - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*" Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com ArnEquals: "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" rBuildLambdaLayersPackage: diff --git a/sdlf-cicd/template-cicd-sdlf-pipelines.yaml b/sdlf-cicd/template-cicd-sdlf-pipelines.yaml index a072ee48..555d36d0 100644 --- a/sdlf-cicd/template-cicd-sdlf-pipelines.yaml +++ b/sdlf-cicd/template-cicd-sdlf-pipelines.yaml @@ -664,10 +664,6 @@ Resources: - ec2:DeleteNetworkInterface # W11 condition applied Resource: - "*" - Condition: - ArnEqualsIfExists: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -675,13 +671,13 @@ Resources: Action: - ec2:CreateNetworkInterfacePermission Resource: - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*" Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com ArnEquals: "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" rCloudFormationPackageCodeBuildProject: @@ -792,10 +788,6 @@ Resources: - ec2:DeleteNetworkInterface # W11 condition applied Resource: - "*" - Condition: - ArnEqualsIfExists: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -803,13 +795,13 @@ Resources: Action: - ec2:CreateNetworkInterfacePermission Resource: - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*" Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com ArnEquals: "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" diff --git a/sdlf-monitoring/template.yaml b/sdlf-monitoring/template.yaml index 199515dd..6990e916 100644 --- a/sdlf-monitoring/template.yaml +++ b/sdlf-monitoring/template.yaml @@ -436,7 +436,7 @@ Resources: Condition: ArnEqualsIfExists: "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -444,7 +444,7 @@ Resources: Action: - ec2:DescribeVpcAttribute Resource: - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -452,13 +452,13 @@ Resources: Action: - ec2:CreateNetworkInterfacePermission Resource: - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:network-interface/*" Condition: StringEquals: "ec2:AuthorizedService": firehose.amazonaws.com ArnEquals: "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" + - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - Effect: Allow Action: diff --git a/sdlf-team/template.yaml b/sdlf-team/template.yaml index a3609e1c..fc76cb43 100644 --- a/sdlf-team/template.yaml +++ b/sdlf-team/template.yaml @@ -548,9 +548,6 @@ Resources: Resource: - "*" Condition: - ArnEqualsIfExists: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" "ForAllValues:StringEqualsIfExists": "aws:TagKeys": - aws-glue-service-resource From ad86942c018ded023b3a9b60a087aa25d18b274a Mon Sep 17 00:00:00 2001 From: "prasanna.tuladhar" Date: Mon, 24 Jun 2024 09:21:36 +0000 Subject: [PATCH 4/6] fix: patch --- sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml | 3 --- sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml | 3 --- sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml | 3 --- sdlf-cicd/template-cicd-sdlf-pipelines.yaml | 6 ------ sdlf-monitoring/template.yaml | 7 ------- 5 files changed, 22 deletions(-) diff --git a/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml b/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml index 7573acd4..99b902bd 100644 --- a/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml +++ b/sdlf-cicd/nested-stacks/template-cicd-cfn-module.yaml @@ -101,9 +101,6 @@ Resources: Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com - ArnEquals: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - PolicyName: sdlf-cicd-build-stages-cfn-modules PolicyDocument: diff --git a/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml b/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml index 22e8675d..72412d8b 100644 --- a/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml +++ b/sdlf-cicd/nested-stacks/template-cicd-glue-job.yaml @@ -98,9 +98,6 @@ Resources: Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com - ArnEquals: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" rGlueJobPackage: diff --git a/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml b/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml index 6121e62d..b566f945 100644 --- a/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml +++ b/sdlf-cicd/nested-stacks/template-cicd-lambda-layer.yaml @@ -94,9 +94,6 @@ Resources: Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com - ArnEquals: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" rBuildLambdaLayersPackage: diff --git a/sdlf-cicd/template-cicd-sdlf-pipelines.yaml b/sdlf-cicd/template-cicd-sdlf-pipelines.yaml index 555d36d0..877d253f 100644 --- a/sdlf-cicd/template-cicd-sdlf-pipelines.yaml +++ b/sdlf-cicd/template-cicd-sdlf-pipelines.yaml @@ -675,9 +675,6 @@ Resources: Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com - ArnEquals: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" rCloudFormationPackageCodeBuildProject: @@ -799,9 +796,6 @@ Resources: Condition: StringEquals: "ec2:AuthorizedService": codebuild.amazonaws.com - ArnEquals: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" diff --git a/sdlf-monitoring/template.yaml b/sdlf-monitoring/template.yaml index 6990e916..f6763141 100644 --- a/sdlf-monitoring/template.yaml +++ b/sdlf-monitoring/template.yaml @@ -433,10 +433,6 @@ Resources: - ec2:CreateNetworkInterface # W12 exception - ec2:DeleteNetworkInterface # W12 exception Resource: "*" - Condition: - ArnEqualsIfExists: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - !If - RunInVpc @@ -456,9 +452,6 @@ Resources: Condition: StringEquals: "ec2:AuthorizedService": firehose.amazonaws.com - ArnEquals: - "ec2:Vpc": - - !Sub "arn:${AWS::Partition}:ec2:${AWS::Region}:*:vpc/{{resolve:ssm:/SDLF/VPC/VpcId}}" - !Ref "AWS::NoValue" - Effect: Allow Action: From 63dd803f46c04bfc1d4d3806197b7ef9b29a8cf7 Mon Sep 17 00:00:00 2001 From: "prasanna.tuladhar" Date: Tue, 25 Jun 2024 14:45:09 +0000 Subject: [PATCH 5/6] fix: deploy script and remove vpcId conditions --- deploy.sh | 6 ++++-- sdlf-cicd/template-cicd-domain-roles.yaml | 6 ------ sdlf-cicd/template-cicd-domain-team-role.yaml | 6 ------ 3 files changed, 4 insertions(+), 14 deletions(-) diff --git a/deploy.sh b/deploy.sh index f9a8a53e..dcd1a2d7 100755 --- a/deploy.sh +++ b/deploy.sh @@ -272,7 +272,7 @@ devops_account () { GITLAB_NAMESPACE_ID=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --with-decryption --name /SDLF/GitLab/NamespaceId --query "Parameter.Value" --output text) GITLAB_GROUP_NAME=$(aws --region "$REGION" --profile "$DEVOPS_AWS_PROFILE" ssm get-parameter --name /SDLF/GitLab/SdlfGitLabGroup --query "Parameter.Value" --output text) - GITLAB_HOST_NAME=$(echo $url | cut -d'/' -f3) + GITLAB_HOST_NAME=gitlab.ssh.covestro.com echo "Creating $REPOSITORY repository in GitLab ..." curl --insecure --request POST --header "PRIVATE-TOKEN: $GITLAB_ACCESSTOKEN" \ @@ -284,6 +284,7 @@ devops_account () { GITLAB_REPOSITORY_URL="https://aws:$GITLAB_ACCESSTOKEN@${GITLAB_URL#https://}${GITLAB_GROUP_NAME}/$REPOSITORY.git" GITLAB_SSH_URI=git@${GITLAB_HOST_NAME}:${GITLAB_GROUP_NAME}/$REPOSITORY.git + echo "Origin for repo is $GITLAB_SSH_URI" if [ "$REPOSITORY" = "sdlf-main" ] then mkdir sdlf-main @@ -293,10 +294,11 @@ devops_account () { if [ ! -d .git ] # if .git exists, deploy.sh has likely been run before - do not try to push the base repositories then git init --initial-branch=main + git remote rename origin old-origin git remote add origin "$GITLAB_SSH_URI" || exit 1 git add . git commit -m "initial commit" - git push -u origin main || exit 1 + git push origin main || exit 1 git push origin main:dev git push origin main:test fi diff --git a/sdlf-cicd/template-cicd-domain-roles.yaml b/sdlf-cicd/template-cicd-domain-roles.yaml index c20ee0f3..ed572e5a 100644 --- a/sdlf-cicd/template-cicd-domain-roles.yaml +++ b/sdlf-cicd/template-cicd-domain-roles.yaml @@ -427,12 +427,6 @@ Resources: - lambda:CreateFunction - lambda:UpdateFunctionConfiguration Resource: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-* - Condition: !If - - RunInVpc - - StringEquals: - "lambda:VpcIds": - - "{{resolve:ssm:/SDLF/VPC/VpcId}}" - - !Ref "AWS::NoValue" - Effect: Allow Action: - lambda:AddPermission diff --git a/sdlf-cicd/template-cicd-domain-team-role.yaml b/sdlf-cicd/template-cicd-domain-team-role.yaml index 6d9b905e..fd4e3436 100644 --- a/sdlf-cicd/template-cicd-domain-team-role.yaml +++ b/sdlf-cicd/template-cicd-domain-team-role.yaml @@ -293,12 +293,6 @@ Resources: - lambda:CreateFunction - lambda:UpdateFunctionConfiguration Resource: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:sdlf-${pTeamName}-* - Condition: !If - - RunInVpc - - StringEquals: - "lambda:VpcIds": - - "{{resolve:ssm:/SDLF/VPC/VpcId}}" - - !Ref "AWS::NoValue" - Effect: Allow Action: - lambda:AddPermission From 58d2226069fc14c2f47a1ff93f2c1778b1cf5330 Mon Sep 17 00:00:00 2001 From: "prasanna.tuladhar" Date: Wed, 10 Jul 2024 15:02:27 +0000 Subject: [PATCH 6/6] fix: updating changes from covestro --- deploy.sh | 2 +- .../lambda/domain-cicd/src/lambda_function.py | 29 ++++++- ...emplate-cicd-sdlf-repositories.gitlab.yaml | 24 +++++- sdlf-cicd/template-cicd-team-pipeline.yaml | 80 ++++++++++++++++++- 4 files changed, 128 insertions(+), 7 deletions(-) diff --git a/deploy.sh b/deploy.sh index dcd1a2d7..cbcfa824 100755 --- a/deploy.sh +++ b/deploy.sh @@ -257,7 +257,7 @@ devops_account () { template_protection "$STACK_NAME" "$REGION" "$DEVOPS_AWS_PROFILE" rm -Rf "$DIRNAME"/output - declare -a REPOSITORIES=("sdlf-cicd" "sdlf-foundations" "sdlf-team" "sdlf-pipeline" "sdlf-dataset" "sdlf-datalakeLibrary" "sdlf-stageA" "sdlf-stageB" "sdlf-main") + declare -a REPOSITORIES=("sdlf-cicd" "sdlf-foundations" "sdlf-team" "sdlf-pipeline" "sdlf-dataset" "sdlf-datalakeLibrary" "sdlf-stageA" "sdlf-stageB" "sdlf-main" "sdlf-stage-lambda" "sdlf-stage-glue") if "$MONITORING" then REPOSITORIES+=("sdlf-monitoring") diff --git a/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py b/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py index 8e431a59..ee85e6f2 100644 --- a/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py +++ b/sdlf-cicd/lambda/domain-cicd/src/lambda_function.py @@ -2,6 +2,7 @@ import logging import os import zipfile +import ssl from io import BytesIO from tempfile import mkdtemp from urllib.request import HTTPError, Request, URLError, urlopen @@ -182,13 +183,13 @@ def create_team_repository_cicd_stack(domain, team_name, template_body_url, clou } json_data = json.dumps(data).encode('utf-8') req = Request(url, data=json_data, headers=headers, method='POST') - + unverified_context = ssl._create_unverified_context() try: - with urlopen(req) as response: + with urlopen(req, context=unverified_context) as response: response_body = response.read().decode('utf-8') logger.info(response_body) except HTTPError as e: - logger.error(f"HTTP error occurred: {e.code} {e.reason}") + logger.warn(f"HTTP error occurred: {e.code} {e.reason}. Most likely the repository {repository} already exists") except URLError as e: logger.error(f"URL error occurred: {e.reason}") @@ -318,11 +319,21 @@ def create_team_pipeline_cicd_stack( "ParameterValue": f"/SDLF/{git_platform}/StageA{git_platform}", "UsePreviousValue": False, }, + { + "ParameterKey": "pStageLambdaRepository", + "ParameterValue": f"/SDLF/{git_platform}/StageLambda{git_platform}", + "UsePreviousValue": False, + }, { "ParameterKey": "pStageBRepository", "ParameterValue": f"/SDLF/{git_platform}/StageB{git_platform}", "UsePreviousValue": False, }, + { + "ParameterKey": "pStageGlueRepository", + "ParameterValue": f"/SDLF/{git_platform}/StageGlue{git_platform}", + "UsePreviousValue": False, + }, { "ParameterKey": "pDatasetRepository", "ParameterValue": f"/SDLF/{git_platform}/Dataset{git_platform}", @@ -390,11 +401,21 @@ def create_team_pipeline_cicd_stack( "ParameterValue": f"/SDLF/{git_platform}/StageA{git_platform}", "UsePreviousValue": False, }, + { + "ParameterKey": "pStageLambdaRepository", + "ParameterValue": f"/SDLF/{git_platform}/StageLambda{git_platform}", + "UsePreviousValue": False, + }, { "ParameterKey": "pStageBRepository", "ParameterValue": f"/SDLF/{git_platform}/StageB{git_platform}", "UsePreviousValue": False, }, + { + "ParameterKey": "pStageGlueRepository", + "ParameterValue": f"/SDLF/{git_platform}/StageGlue{git_platform}", + "UsePreviousValue": False, + }, { "ParameterKey": "pDatasetRepository", "ParameterValue": f"/SDLF/{git_platform}/Dataset{git_platform}", @@ -697,4 +718,4 @@ def lambda_handler(event, context): raise codepipeline.put_job_success_result(jobId=event["CodePipeline.job"]["id"]) - return "Success" + return "Success" \ No newline at end of file diff --git a/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml b/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml index ed508d1d..7b9c7e2e 100644 --- a/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml +++ b/sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml @@ -27,9 +27,15 @@ Parameters: pStageARepository: Type: String Default: sdlf-stageA + pStageLambdaRepository: + Type: String + Default: sdlf-stage-lambda pStageBRepository: Type: String Default: sdlf-stageB + pStageGlueRepository: + Type: String + Default: sdlf-stage-glue pDatalakeLibraryRepository: Type: String Default: sdlf-datalakeLibrary @@ -114,6 +120,14 @@ Resources: Value: !Ref pStageARepository # !GetAtt rStageAGitLab.Name Description: Name of the StageA repository + rStageLambdaGitLabSsm: + Type: AWS::SSM::Parameter + Properties: + Name: /SDLF/GitLab/StageLambdaGitLab + Type: String + Value: !Ref pStageLambdaRepository # !GetAtt rStageLambdaGitLab.Name + Description: Name of the Stage-Lambda repository + rStageBGitLabSsm: Type: AWS::SSM::Parameter Properties: @@ -122,6 +136,14 @@ Resources: Value: !Ref pStageBRepository # !GetAtt rStageBGitLab.Name Description: Name of the StageB repository + rStageGlueGitLabSsm: + Type: AWS::SSM::Parameter + Properties: + Name: /SDLF/GitLab/StageGlueGitLab + Type: String + Value: !Ref pStageGlueRepository # !GetAtt rStageGlueGitLab.Name + Description: Name of the Stage-Glue repository + rDatalakeLibraryGitLabSsm: Type: AWS::SSM::Parameter Properties: @@ -159,4 +181,4 @@ Outputs: # workaround {{resolve:ssm:}} not returning an array that can be used directly in VpcConfig blocks oKmsKey: Description: CICD KMS Key - Value: !Ref pKMSKey + Value: !Ref pKMSKey \ No newline at end of file diff --git a/sdlf-cicd/template-cicd-team-pipeline.yaml b/sdlf-cicd/template-cicd-team-pipeline.yaml index 283fee9a..14fc8af1 100644 --- a/sdlf-cicd/template-cicd-team-pipeline.yaml +++ b/sdlf-cicd/template-cicd-team-pipeline.yaml @@ -71,9 +71,15 @@ Parameters: pStageARepository: Type: AWS::SSM::Parameter::Value Default: /SDLF/CodeCommit/StageACodeCommit + pStageLambdaRepository: + Type: AWS::SSM::Parameter::Value + Default: /SDLF/CodeCommit/StageLambdaCodeCommit pStageBRepository: Type: AWS::SSM::Parameter::Value Default: /SDLF/CodeCommit/StageBCodeCommit + pStageGlueRepository: + Type: AWS::SSM::Parameter::Value + Default: /SDLF/CodeCommit/StageGlueCodeCommit pDatasetRepository: Type: AWS::SSM::Parameter::Value Default: /SDLF/CodeCommit/DatasetCodeCommit @@ -158,7 +164,9 @@ Resources: - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pDatalakeLibraryRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pPipelineRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageARepository}" + - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageLambdaRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageBRepository}" + - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageGlueRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pDatasetRepository}" "codestar-connections:FullRepositoryId": - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/{{resolve:ssm:/SDLF/${pGitPlatform}/${pTeamName}/Main${pGitPlatform}}}" @@ -166,7 +174,9 @@ Resources: - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pDatalakeLibraryRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pPipelineRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageARepository}" + - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageLambdaRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageBRepository}" + - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageGlueRepository}" - !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pDatasetRepository}" - !Ref "AWS::NoValue" - Effect: Allow @@ -380,6 +390,20 @@ Resources: BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch] OutputArtifactFormat: CODE_ZIP RunOrder: 1 + - Name: SourceStageLambda + ActionTypeId: + Category: Source + Owner: AWS + Provider: CodeStarSourceConnection + Version: "1" + OutputArtifacts: + - Name: SourceStageLambdaArtifact + Configuration: + ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}" + FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageLambdaRepository}" + BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch] + OutputArtifactFormat: CODE_ZIP + RunOrder: 1 - Name: SourceStageB ActionTypeId: Category: Source @@ -394,6 +418,20 @@ Resources: BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch] OutputArtifactFormat: CODE_ZIP RunOrder: 1 + - Name: SourceStageGlue + ActionTypeId: + Category: Source + Owner: AWS + Provider: CodeStarSourceConnection + Version: "1" + OutputArtifacts: + - Name: SourceStageGlueArtifact + Configuration: + ConnectionArn: !Sub "{{resolve:ssm:/SDLF/${pGitPlatform}/CodeConnection}}" + FullRepositoryId: !Sub "{{resolve:ssm:/SDLF/GitLab/SdlfGitLabGroup}}/${pStageGlueRepository}" + BranchName: !FindInMap [pCodeCommitBranch, !Ref pEnvironment, branch] + OutputArtifactFormat: CODE_ZIP + RunOrder: 1 - Name: SourceDataset ActionTypeId: Category: Source @@ -579,6 +617,26 @@ Resources: {"name":"TEAM_NAME", "value":"${pSdlfModuleTeam}", "type":"PLAINTEXT"}, {"name":"MODULE_NAME", "value":"stageA", "type":"PLAINTEXT"}] RunOrder: 1 + - + Name: BuildStageLambda + InputArtifacts: + - Name: SourceCicdArtifact + - Name: SourceStageLambdaArtifact + ActionTypeId: + Category: Build + Owner: AWS + Version: "1" + Provider: CodeBuild + Configuration: + PrimarySource: SourceStageLambdaArtifact + ProjectName: !Ref pBuildCloudformationModuleStage + EnvironmentVariables: !Sub >- + [{"name":"ENVIRONMENT", "value":"${pEnvironment}", "type":"PLAINTEXT"}, + {"name":"DOMAIN_NAME", "value":"${pSdlfModuleDomain}", "type":"PLAINTEXT"}, + {"name":"DOMAIN_ACCOUNT_ID", "value":"${pChildAccountId}", "type":"PLAINTEXT"}, + {"name":"TEAM_NAME", "value":"${pSdlfModuleTeam}", "type":"PLAINTEXT"}, + {"name":"MODULE_NAME", "value":"stageLambda", "type":"PLAINTEXT"}] + RunOrder: 1 - Name: BuildStageB InputArtifacts: @@ -599,6 +657,26 @@ Resources: {"name":"TEAM_NAME", "value":"${pSdlfModuleTeam}", "type":"PLAINTEXT"}, {"name":"MODULE_NAME", "value":"stageB", "type":"PLAINTEXT"}] RunOrder: 1 + - + Name: BuildStageGlue + InputArtifacts: + - Name: SourceCicdArtifact + - Name: SourceStageGlueArtifact + ActionTypeId: + Category: Build + Owner: AWS + Version: "1" + Provider: CodeBuild + Configuration: + PrimarySource: SourceStageGlueArtifact + ProjectName: !Ref pBuildCloudformationModuleStage + EnvironmentVariables: !Sub >- + [{"name":"ENVIRONMENT", "value":"${pEnvironment}", "type":"PLAINTEXT"}, + {"name":"DOMAIN_NAME", "value":"${pSdlfModuleDomain}", "type":"PLAINTEXT"}, + {"name":"DOMAIN_ACCOUNT_ID", "value":"${pChildAccountId}", "type":"PLAINTEXT"}, + {"name":"TEAM_NAME", "value":"${pSdlfModuleTeam}", "type":"PLAINTEXT"}, + {"name":"MODULE_NAME", "value":"stageGlue", "type":"PLAINTEXT"}] + RunOrder: 1 - Name: BuildDataset InputArtifacts: @@ -773,4 +851,4 @@ Resources: Targets: - Arn: !Sub arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${rTeamCodePipeline} RoleArn: !GetAtt rTeamMainCodeCommitTriggerRole.Arn - Id: sdlf-cicd-team + Id: sdlf-cicd-team \ No newline at end of file