From fc0480d1daa707d5cf41c1cffbea11db5d1e4079 Mon Sep 17 00:00:00 2001 From: Chris Kalafarski Date: Thu, 16 Jan 2025 12:30:33 -0500 Subject: [PATCH] Remove S3 deployment resources for Beta --- spire/templates/apps-200A.yml | 7 -- spire/templates/apps/beta.yml | 49 +-------- spire/templates/custom-resources.yml | 145 --------------------------- spire/templates/dashboards.yml | 4 +- spire/templates/root.yml | 3 - 5 files changed, 2 insertions(+), 206 deletions(-) diff --git a/spire/templates/apps-200A.yml b/spire/templates/apps-200A.yml index 30fdccb00..956c8d3d8 100644 --- a/spire/templates/apps-200A.yml +++ b/spire/templates/apps-200A.yml @@ -48,7 +48,6 @@ Parameters: S3SigningEndpointUrl: { Type: String } S3SigningAccessKeyId: { Type: String } DeploymentPackageBucketName: { Type: String } - S3StaticSiteDeployServiceToken: { Type: String } AuguryHostname: { Type: String } BetaHostname: { Type: String } CastleHostname: { Type: String } @@ -107,14 +106,11 @@ Resources: Properties: Parameters: NestedChangeSetScrubbingResourcesState: !Ref NestedChangeSetScrubbingResourcesState - S3StaticSiteDeployServiceToken: !Ref S3StaticSiteDeployServiceToken RootStackName: !Ref RootStackName RootStackId: !Ref RootStackId CodeS3Bucket: !Ref DeploymentPackageBucketName - StaticSiteArchiveS3ObjectKey: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Beta/pkg/s3-object-key EnvironmentType: !Ref EnvironmentType EnvironmentTypeAbbreviation: !Ref EnvironmentTypeAbbreviation - StaticSiteCloudFrontOai: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Beta/cloudfront-oai FeederHostname: !Ref FeederHostname ExchangeHostname: !Ref ExchangeHostname PlayHostname: !Ref PlayHostname @@ -425,9 +421,6 @@ Resources: TimeoutInMinutes: 20 Outputs: - BetaDeployBucketRegionalDomainName: - Value: !GetAtt BetaStack.Outputs.DeployBucketRegionalDomainName - CastleTargetGroupFullName: Value: !GetAtt CastleStack.Outputs.TargetGroupFullName CastlePostgresInstanceId: diff --git a/spire/templates/apps/beta.yml b/spire/templates/apps/beta.yml index a5297f272..7774a21e9 100644 --- a/spire/templates/apps/beta.yml +++ b/spire/templates/apps/beta.yml @@ -1,4 +1,5 @@ # stacks/apps/beta.yml +# 200A AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 @@ -8,14 +9,11 @@ Description: >- Parameters: NestedChangeSetScrubbingResourcesState: { Type: String } - S3StaticSiteDeployServiceToken: { Type: String } RootStackName: { Type: String } RootStackId: { Type: String } CodeS3Bucket: { Type: String } - StaticSiteArchiveS3ObjectKey: { Type: AWS::SSM::Parameter::Value } EnvironmentType: { Type: String } EnvironmentTypeAbbreviation: { Type: String } - StaticSiteCloudFrontOai: { Type: AWS::SSM::Parameter::Value } FeederHostname: { Type: String } ExchangeHostname: { Type: String } PlayHostname: { Type: String } @@ -28,47 +26,6 @@ Conditions: Resources: NestedChangeSetScrubber: { Type: AWS::SNS::Topic, Condition: EnableNestedChangeSetScrubbingResources } - S3StaticDeployService: - Type: Custom::S3StaticDeploy - Properties: - ServiceToken: !Ref S3StaticSiteDeployServiceToken - Region: !Ref AWS::Region - StaticSiteArchiveS3Bucket: !Ref CodeS3Bucket - StaticSiteArchiveS3Object: !Ref StaticSiteArchiveS3ObjectKey - StaticSiteS3DeployBucket: !Ref BetaBucket - - BetaBucket: - Type: AWS::S3::Bucket - DeletionPolicy: Retain - UpdateReplacePolicy: Retain - Properties: - PublicAccessBlockConfiguration: - BlockPublicAcls: true - BlockPublicPolicy: true - IgnorePublicAcls: true - RestrictPublicBuckets: true - Tags: - - { Key: prx:meta:tagging-version, Value: "2021-04-07" } - - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName } - - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId } - - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName } - - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId } - - { Key: prx:ops:environment, Value: !Ref EnvironmentType } - - { Key: prx:dev:application, Value: Beta } - BucketPolicy: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: !Ref BetaBucket - PolicyDocument: - Version: "2012-10-17" - Statement: - - Action: s3:GetObject - Effect: Allow - Principal: - AWS: !Ref StaticSiteCloudFrontOai - Resource: !Sub arn:${AWS::Partition}:s3:::${BetaBucket}/* - Sid: Grant read access to a CloudFront Origin Identity - RedirectFunction: Type: AWS::Serverless::Function Properties: @@ -137,7 +94,3 @@ Resources: - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId } - { Key: prx:ops:environment, Value: !Ref EnvironmentType } - { Key: prx:dev:application, Value: Beta } - -Outputs: - DeployBucketRegionalDomainName: - Value: !GetAtt BetaBucket.RegionalDomainName diff --git a/spire/templates/custom-resources.yml b/spire/templates/custom-resources.yml index e99a39516..4ae0e27e1 100644 --- a/spire/templates/custom-resources.yml +++ b/spire/templates/custom-resources.yml @@ -117,148 +117,6 @@ Resources: - { Key: prx:dev:application, Value: Infrastructure } Threshold: 0 TreatMissingData: notBreaching - S3StaticSiteDeployFunction: - Type: AWS::Serverless::Function - Properties: - Architectures: [arm64] - Description: Deploys the contents of a zip archive to an S3 bucket - Handler: index.lambda_handler - InlineCode: | - import cfnresponse - import boto3 - from botocore.client import Config - import io - import zipfile - import os - import traceback - import mimetypes - import re - - s3 = boto3.client("s3", config=Config(signature_version="s3v4")) - - mimetypes.init() - mimetypes.add_type("application/json", "json") - mimetypes.add_type("application/ttf", "ttf") - mimetypes.add_type("application/eot", "eot") - mimetypes.add_type("application/otf", "otf") - mimetypes.add_type("application/woff", "woff") - - - def lambda_handler(event, context): - try: - print(event) - - if event["RequestType"] == "Create" or event["RequestType"] == "Update": - props = event["ResourceProperties"] - - # The location of the built static site archive file in S3 - bucket = props["StaticSiteArchiveS3Bucket"] - key = props["StaticSiteArchiveS3Object"] - - # Get the archive object - s3_obj = s3.get_object(Bucket=bucket, Key=key) - - unzip_dir = f"/tmp/unzip-{event['RequestId']}" - - # Unzip the archive, to disk - with zipfile.ZipFile(io.BytesIO(s3_obj["Body"].read()), "r") as zip: - zip.extractall(unzip_dir) - - # The bucket to deploy the static to - deploy_bucket = props["StaticSiteS3DeployBucket"] - - # Upload everything from the unzipped archive - for root, dirs, files in os.walk(unzip_dir): - for filename in files: - - local_path = os.path.join(root, filename) - s3_key = os.path.relpath(local_path, unzip_dir) - - print(f"Uploading {s3_key} to {deploy_bucket}") - mime_type = ( - mimetypes.guess_type(filename)[0] or "application/octet-stream" - ) - extras = {"ContentType": mime_type} - if re.search(r"\.html$", filename): - extras["CacheControl"] = "max-age=300" - s3.upload_file(local_path, deploy_bucket, s3_key, ExtraArgs=extras) - - cfnresponse.send(event, context, cfnresponse.SUCCESS, {}) - - except Exception as e: - print("Function failed due to exception.") - print(e) - traceback.print_exc() - cfnresponse.send(event, context, cfnresponse.FAILED, {}) - MemorySize: 256 - Policies: - - Version: "2012-10-17" - Statement: - - Action: s3:PutObject - Effect: Allow - Resource: "*" - - Action: - - s3:GetObject - - s3:GetObjectVersion - Effect: Allow - Resource: - - !Join ["", ["arn:aws:s3:::", "Fn::ImportValue": !Sub "${StorageStackName}-InfrastructureApplicationCodeBucket", "/*"]] - Runtime: python3.8 - Tags: - prx:meta:tagging-version: "2021-04-07" - prx:cloudformation:stack-name: !Ref AWS::StackName - prx:cloudformation:stack-id: !Ref AWS::StackId - prx:cloudformation:root-stack-name: !Ref RootStackName - prx:cloudformation:root-stack-id: !Ref RootStackId - prx:ops:environment: !Ref EnvironmentType - prx:dev:application: Infrastructure - Timeout: 60 - S3StaticSiteDeployFunctionLogGroup: - Type: AWS::Logs::LogGroup - DeletionPolicy: Delete - UpdateReplacePolicy: Delete - Properties: - LogGroupName: !Sub /aws/lambda/${S3StaticSiteDeployFunction} - RetentionInDays: 14 - Tags: - - { Key: prx:meta:tagging-version, Value: "2021-04-07" } - - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName } - - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId } - - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName } - - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId } - - { Key: prx:ops:environment, Value: !Ref EnvironmentType } - - { Key: prx:dev:application, Value: Infrastructure } - S3StaticSiteDeployFunctionErrorAlarm: - Type: AWS::CloudWatch::Alarm - Properties: - AlarmName: !Sub ERROR [Infrastructure] S3 Deploy <${EnvironmentTypeAbbreviation}> FUNCTION ERRORS (${RootStackName}) - AlarmDescription: !Sub |- - ${EnvironmentType} stack custom resource function for static S3 - website deployment is failing. This could mean that a stack update is - stalled, waiting for an HTTP callback from the function. - - Be careful rolling back the stack; if the function fails again during - rollback it may become even more stuck. Making the callback request - manually may be possible, by looking at the function logs. - ComparisonOperator: GreaterThanThreshold - Dimensions: - - Name: FunctionName - Value: !Ref S3StaticSiteDeployFunction - EvaluationPeriods: 1 - MetricName: Errors - Namespace: AWS/Lambda - Period: 60 - Statistic: Sum - Tags: - - { Key: prx:meta:tagging-version, Value: "2021-04-07" } - - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName } - - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId } - - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName } - - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId } - - { Key: prx:ops:environment, Value: !Ref EnvironmentType } - - { Key: prx:dev:application, Value: Infrastructure } - Threshold: 0 - TreatMissingData: notBreaching AvailabilityZoneSelectorFunction: Type: AWS::Serverless::Function @@ -839,9 +697,6 @@ Outputs: AmazonSesSmtpCredentialsGeneratorServiceToken: Description: Service token for the SES SMTP credentials generator Value: !GetAtt AmazonSesSmtpCredentialsGeneratorFunction.Arn - S3StaticSiteDeployServiceToken: - Description: Service token for the S3 static site deployer - Value: !GetAtt S3StaticSiteDeployFunction.Arn AvailabilityZoneSelectorServiceToken: Description: Service token for the availability zone selector Value: !GetAtt AvailabilityZoneSelectorFunction.Arn diff --git a/spire/templates/dashboards.yml b/spire/templates/dashboards.yml index 359b8406b..3c4fdfbc6 100644 --- a/spire/templates/dashboards.yml +++ b/spire/templates/dashboards.yml @@ -38,8 +38,6 @@ Parameters: AuguryTargetGroupFullName: { Type: String } WfmtTargetGroupFullName: { Type: String } - BetaDeployBucketRegionalDomainName: { Type: String } - CastlePostgresInstanceId: { Type: String } CastleTargetGroupFullName: { Type: String } @@ -115,7 +113,7 @@ Resources: "width": 18, "height": 9, "properties": { - "markdown": "\n# Details\n\n- Environment: **${EnvironmentType}**\n- Root stack: **[${RootStackName}](https://${AWS::Region}.console.aws.amazon.com/cloudformation/home?region=${AWS::Region}#/stacks/stackinfo?stackId=${RootStackId})**\n- Infrastructure repository Git commit: **[${InfrastructureGitCommit}](https://github.com/PRX/Infrastructure/commit/${InfrastructureGitCommit})**\n- Shared VPC ID: **[${SharedVpcId}](https://console.aws.amazon.com/vpcconsole/home?region=${AWS::Region}#VpcDetails:VpcId=${SharedVpcId})**\n- Shared VPC CIDR block: **${SharedVpcCidrBlock}**\n- Shared ALB: **[${SharedAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${SharedAlbArn};tab=listeners)**\n- Dovetail ALB: **[${DovetailAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${DovetailAlbArn};tab=listeners)**\n- Exchange FTP NLB: **[${ExchangeFtpServerNlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${ExchangeFtpServerNlbArn};tab=listeners)**\n- Exchange FTP public IP: **[${ExchangeFtpServerPublicIp}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#ElasticIpDetails:AllocationId=${ExchangeFtpServerPublicIpAllocationId})**\n---\n- Beta bucket: **${BetaDeployBucketRegionalDomainName}**\n---\n- Proxy API: **[${ProxyApiDefaultEndpoint}](${ProxyApiDefaultEndpoint})**" + "markdown": "\n# Details\n\n- Environment: **${EnvironmentType}**\n- Root stack: **[${RootStackName}](https://${AWS::Region}.console.aws.amazon.com/cloudformation/home?region=${AWS::Region}#/stacks/stackinfo?stackId=${RootStackId})**\n- Infrastructure repository Git commit: **[${InfrastructureGitCommit}](https://github.com/PRX/Infrastructure/commit/${InfrastructureGitCommit})**\n- Shared VPC ID: **[${SharedVpcId}](https://console.aws.amazon.com/vpcconsole/home?region=${AWS::Region}#VpcDetails:VpcId=${SharedVpcId})**\n- Shared VPC CIDR block: **${SharedVpcCidrBlock}**\n- Shared ALB: **[${SharedAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${SharedAlbArn};tab=listeners)**\n- Dovetail ALB: **[${DovetailAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${DovetailAlbArn};tab=listeners)**\n- Exchange FTP NLB: **[${ExchangeFtpServerNlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${ExchangeFtpServerNlbArn};tab=listeners)**\n- Exchange FTP public IP: **[${ExchangeFtpServerPublicIp}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#ElasticIpDetails:AllocationId=${ExchangeFtpServerPublicIpAllocationId})**\n---\n- Proxy API: **[${ProxyApiDefaultEndpoint}](${ProxyApiDefaultEndpoint})**" } }, { diff --git a/spire/templates/root.yml b/spire/templates/root.yml index 3e2c0cdc5..56899f9ad 100644 --- a/spire/templates/root.yml +++ b/spire/templates/root.yml @@ -782,7 +782,6 @@ Resources: S3SigningUserName: !GetAtt Apps100AStack.Outputs.S3SigningUserName S3SigningEndpointUrl: !GetAtt Apps100AStack.Outputs.S3SigningEndpointUrl S3SigningAccessKeyId: !GetAtt Apps100AStack.Outputs.S3SigningAccessKeyId - S3StaticSiteDeployServiceToken: !GetAtt CustomResourcesStack.Outputs.S3StaticSiteDeployServiceToken DeploymentPackageBucketName: !GetAtt Constants2.Outputs.DeploymentPackageBucketName AuguryHostname: !GetAtt Constants2.Outputs.AuguryHostname BetaHostname: !GetAtt Constants2.Outputs.BetaHostname @@ -1056,8 +1055,6 @@ Resources: WfmtTargetGroupFullName: !GetAtt Apps400AStack.Outputs.WfmtTargetGroupFullName - BetaDeployBucketRegionalDomainName: !GetAtt Apps200AStack.Outputs.BetaDeployBucketRegionalDomainName - CastlePostgresInstanceId: !GetAtt Apps200AStack.Outputs.CastlePostgresInstanceId CastleTargetGroupFullName: !GetAtt Apps200AStack.Outputs.CastleTargetGroupFullName