Untitled
unknown
plain_text
a year ago
4.7 kB
7
Indexable
import os
import yaml
from aws_cdk import aws_iam as iam, App, LegacyStackSynthesizer, Stack, Tags
from stacks.stack import PrinamHkFaDataReservoir
from principal_environment import PrincipalEnvironment
APPLICATION_NAME = "Prinam-HK-FA-Data-Reservoir"
class Main:
def __init__(self) -> None:
self.physical_environments = ["dev", "staging", "prod"]
self.create_app()
def create_app(self) -> None:
app = App()
env = self.__create_environment()
default_tags, services = self.__get_config()
stacks = []
for service in services:
deploy_environments = service.get(
"environments", self.physical_environments
)
if env.aws_environment_name not in deploy_environments:
continue
virtual_environments = self.__get_virtual_environments()
for virtual_environment in virtual_environments:
virtual_environment_name = virtual_environment["name"]
app_name = self.__get_app_name(
service["name"], virtual_environment_name
)
current_stack = PrinamHkFaDataReservoir(
app,
f"{app_name}",
app_name=app_name,
env=env,
synthesizer=LegacyStackSynthesizer(),
)
stacks.append(current_stack)
current_tags = default_tags | service.get("custom_tags", {})
# Deployment will fail if no app inventory ID is provided, as the stack execution role won't have
# access to all the necessary permissions
if not current_tags.get("pfg-app-inventory-id"):
raise ValueError("App Inventory ID required for deployment")
self.__add_tags(current_stack, current_tags)
self.apply_permissions_boundary(env, stacks)
app.synth()
@staticmethod
def apply_permissions_boundary(
env: PrincipalEnvironment, stacks: list[Stack]
) -> None:
for stack in stacks:
permissions_boundary = iam.ManagedPolicy.from_managed_policy_arn(
stack,
"application_permissions_boundary",
f"arn:aws:iam::{env.account}:policy/pgam/infra/app-role-boundary",
)
iam.PermissionsBoundary.of(stack).apply(permissions_boundary)
@staticmethod
def __create_environment() -> PrincipalEnvironment:
account = os.environ["AWS_ACCOUNT_ID"]
region = os.environ["AWS_REGION"]
primary_region = os.environ["AWS_PRIMARY_REGION"]
secondary_region = os.environ["AWS_SECONDARY_REGION"]
aws_environment_name = os.environ["AWS_ENVIRONMENT"]
return PrincipalEnvironment(
account=account,
region=region,
primary_region=primary_region,
secondary_region=secondary_region,
aws_environment_name=aws_environment_name,
)
@staticmethod
def __get_config() -> tuple[dict, list]:
services = []
for file in os.listdir("./config/services"):
with open(
f"./config/services/{file}", "r", encoding="utf-8"
) as config_file:
services.append(yaml.safe_load(config_file))
with open("./config/common.yaml", "r", encoding="utf-8") as config_file:
config = yaml.safe_load(config_file)
default_tags = config.get("default_tags")
return default_tags, services
@staticmethod
def __get_virtual_environments() -> list[dict[str, str]]:
aws_environment = os.environ.get("AWS_ENVIRONMENT", "dev")
with open("./environments.yaml", "r", encoding="utf-8") as config_file:
environments_config = yaml.safe_load(config_file)
return environments_config.get(aws_environment)
def __get_app_name(self, service_name: str, virtual_environment_name: str) -> str:
app_name = f"{APPLICATION_NAME}-{service_name}"
if virtual_environment_name not in self.physical_environments:
app_name = f"{app_name}-{virtual_environment_name}"
return app_name
@staticmethod
def __add_tags(stack: Stack, custom_tags: dict) -> None:
for key, value in custom_tags.items():
Tags.of(stack).add(
key=key, value=value, priority=None, apply_to_launched_instances=True
)
if __name__ == "__main__":
Main()
Editor is loading...
Leave a Comment