Untitled
unknown
plain_text
21 days ago
4.4 kB
2
Indexable
Never
import os import yaml from aws_cdk import aws_iam as iam, App, LegacyStackSynthesizer, Stack, Tags from principal_environment import PrincipalEnvironment from stacks.hello import Hello APPLICATION_NAME = "hello" class Main: def __init__(self) -> None: self.physical_environments = ["dev", "staging", "prod"] self.create_app() def create_app(self) -> None: app = App() env = self.__create_environment() default_tags, services = self.__get_config() stacks = [] for service in services: deploy_environments = service.get("environments", self.physical_environments) if env.aws_environment_name not in deploy_environments: continue virtual_environments = self.__get_virtual_environments() for virtual_environment in virtual_environments: virtual_environment_name = virtual_environment["name"] app_name = self.__get_app_name(service["name"], virtual_environment_name) current_stack = Hello(app, f"{app_name}", app_name=app_name, env=env, synthesizer=LegacyStackSynthesizer()) stacks.append(current_stack) current_tags = default_tags | service.get("custom_tags", {}) # Deployment will fail if no app inventory ID is provided, as the stack execution role won't have # access to all the necessary permissions if not current_tags.get("pfg-app-inventory-id"): raise ValueError("App Inventory ID required for deployment") self.__add_tags(current_stack, current_tags) self.apply_permissions_boundary(env, stacks) app.synth() @staticmethod def apply_permissions_boundary(env: PrincipalEnvironment, stacks: list[Stack]) -> None: for stack in stacks: permissions_boundary = iam.ManagedPolicy.from_managed_policy_arn( stack, "application_permissions_boundary", f"arn:aws:iam::{env.account}:policy/pgam/infra/app-role-boundary" ) iam.PermissionsBoundary.of(stack).apply(permissions_boundary) @staticmethod def __create_environment() -> PrincipalEnvironment: account = os.environ["AWS_ACCOUNT_ID"] region = os.environ["AWS_REGION"] primary_region = os.environ["AWS_PRIMARY_REGION"] secondary_region = os.environ["AWS_SECONDARY_REGION"] aws_environment_name = os.environ["AWS_ENVIRONMENT"] return PrincipalEnvironment( account=account, region=region, primary_region=primary_region, secondary_region=secondary_region, aws_environment_name=aws_environment_name ) @staticmethod def __get_config() -> tuple[dict, list]: services = [] for file in os.listdir("./config/services"): with open(f"./config/services/{file}", "r", encoding='utf-8') as config_file: services.append(yaml.safe_load(config_file)) with open("./config/common.yaml", "r", encoding='utf-8') as config_file: config = yaml.safe_load(config_file) default_tags = config.get("default_tags") return default_tags, services @staticmethod def __get_virtual_environments() -> list[dict[str, str]]: aws_environment = os.environ.get("AWS_ENVIRONMENT", "sbx") with open("./environments.yaml", "r", encoding='utf-8') as config_file: environments_config = yaml.safe_load(config_file) return environments_config.get(aws_environment) def __get_app_name(self, service_name: str, virtual_environment_name: str) -> str: app_name = f"{APPLICATION_NAME}-{service_name}" if virtual_environment_name not in self.physical_environments: app_name = f"{app_name}-{virtual_environment_name}" return app_name @staticmethod def __add_tags(stack: Stack, custom_tags: dict) -> None: for key, value in custom_tags.items(): Tags.of(stack).add(key=key, value=value, priority=None, apply_to_launched_instances=True) if __name__ == "__main__": Main()
Leave a Comment