Skip to content

Commit

Permalink
allow keeping legacy cur
Browse files Browse the repository at this point in the history
  • Loading branch information
@iakov-aws
iakov-aws committed Oct 20, 2024
1 parent 6604099 commit 5943ab6
Showing 1 changed file with 37 additions and 34 deletions.
71 changes: 37 additions & 34 deletions cfn-templates/cid-cfn.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ Metadata:
- AthenaWorkgroup
- AthenaQueryResultsBucket
- DatabaseName
- CURTableName
- GlueDataCatalog
- Suffix
- QuickSightDataSourceRoleName
Expand All @@ -40,7 +39,12 @@ Metadata:
- DeployCUDOSDashboard
- DataBucketsKmsKeysArns
- ShareDashboard
- Label:
default: 'Legacy'
Parameters:
- KeepLegacyCURTable
- CURBucketPath
- CURTableName
ParameterLabels:
PrerequisitesQuickSight:
default: "I have enabled QuickSight Enterprise Edition AND I have a SPICE capacity in the current region."
Expand Down Expand Up @@ -92,6 +96,8 @@ Metadata:
default: "Primary Tag for Compute Optimizer dashboard"
SecondaryTagName:
default: "Secondary Tag for Compute Optimizer dashboard"
KeepLegacyCURTable:
default: "Keep Legacy CUR Table"
cfn-lint:
config:
ignore_checks:
Expand Down Expand Up @@ -230,26 +236,23 @@ Parameters:
Type: String
Default: '/'
Description: Path for roles where PermissionBoundaries can limit location
KeepLegacyCURTable:
Type: String
Description: Choose 'yes' if you want to keep the Legacy CUR table
Default: "no"
AllowedValues: ["yes", "no"]

Conditions:
NeedCUDOSDashboard: !Equals [ !Ref DeployCUDOSDashboard, "yes" ]
NeedCUDOSv5: !Equals [ !Ref DeployCUDOSv5, "yes" ]
NeedCostIntelligenceDashboard: !Equals [ !Ref DeployCostIntelligenceDashboard, "yes" ]
NeedKPIDashboard: !Equals [ !Ref DeployKPIDashboard, "yes" ]
NeedTAODashboard: !Equals [ !Ref DeployTAODashboard, "yes" ]
NeedLegacyCUR: !Equals [ !Ref CURVersion, "1.0" ]
NeedLegacyCUR: !Equals [!Ref KeepLegacyCURTable, "yes"]
NeedComputeOptimizerDashboard: !Equals [ !Ref DeployComputeOptimizerDashboard, "yes" ]
NeedCUR:
Fn::And:
- !Condition NeedLegacyCUR
- Fn::Or:
- !Equals [ !Ref DeployCUDOSDashboard, "yes" ]
- !Equals [ !Ref DeployCUDOSv5, "yes" ]
- !Equals [ !Ref DeployCostIntelligenceDashboard, "yes" ]
- !Equals [ !Ref DeployKPIDashboard, "yes" ]
NeedCUR2:
UseCUR2:
Fn::And:
- !Not [!Condition NeedLegacyCUR]
- !Equals [!Ref CURVersion, '2.0']
- Fn::Or:
- !Equals [ !Ref DeployCUDOSDashboard, "yes" ]
- !Equals [ !Ref DeployCUDOSv5, "yes" ]
Expand All @@ -261,7 +264,7 @@ Conditions:
NeedCURTable:
Fn::And:
- !Equals [ !Ref CURTableName, "" ]
- !Condition NeedCUR
- !Condition NeedLegacyCUR
NeedRefreshDatasets: !Not [ !Equals [ !Ref QuickSightDataSetRefreshSchedule, ""] ]
NeedDataBucketsKms: !Not [ !Equals [ !Ref DataBucketsKmsKeysArns, "" ] ]
NeedDataBucketsKmsAndNeedCURTable:
Expand All @@ -282,10 +285,10 @@ Conditions:
- !Condition NeedCURTable
UseQuickSightDataSourceRole: !Not [!Equals [ !Ref QuickSightDataSourceRoleName, "" ]]
NeedQuickSightDataSourceRole: !Equals [ !Ref QuickSightDataSourceRoleName, "CidQuickSightDataSourceRole" ]
NeedQuickSightDataSourceRoleAndCUR:
NeedQuickSightDataSourceRoleAndLegacyCUR:
Fn::And:
- !Condition NeedQuickSightDataSourceRole
- !Condition NeedCUR
- !Condition NeedLegacyCUR
NeedQuickSightDataSourceKMS:
Fn::And:
- !Condition NeedQuickSightDataSourceRole
Expand Down Expand Up @@ -950,7 +953,7 @@ Resources:

CURPath:
Type: Custom::CustomResourceProcessPath
Condition: NeedCUR
Condition: NeedLegacyCUR
Properties:
ServiceToken: !GetAtt CustomResourceProcessPath.Arn
s3path: !Ref CURBucketPath
Expand Down Expand Up @@ -1232,14 +1235,14 @@ Resources:
Resource:
- !Sub 'arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:catalog'
- Fn::If:
- NeedCUR2
- UseCUR2
- !Join
- '/'
- - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:database
- !ImportValue cid-DataExports-Database
- !Ref 'AWS::NoValue'
- Fn::If:
- NeedCUR2
- UseCUR2
- !Join
- '/'
- - !Sub arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:table
Expand Down Expand Up @@ -1279,7 +1282,7 @@ Resources:
- !Sub 'arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:workgroup/${MyAthenaWorkGroup}'
- !Sub 'arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:workgroup/${AthenaWorkgroup}'
- Fn::If:
- NeedCUR2
- UseCUR2
- !Join
- '/'
- - !Sub arn:${AWS::Partition}:athena:${AWS::Region}:${AWS::AccountId}:database
Expand Down Expand Up @@ -1310,7 +1313,7 @@ Resources:
- !Sub arn:${AWS::Partition}:s3:::cid-${AWS::AccountId}-data-exports # prefix for data-exports hardcoded here
- !Sub arn:${AWS::Partition}:s3:::${ODCPath.Bucket}
- !If
- NeedQuickSightDataSourceRoleAndCUR
- NeedQuickSightDataSourceRoleAndLegacyCUR
- !Sub arn:${AWS::Partition}:s3:::${CURPath.Bucket}
- !Ref "AWS::NoValue"
# FOR CUR2 there will be attached policy no need to add it here
Expand All @@ -1323,7 +1326,7 @@ Resources:
- !Sub arn:${AWS::Partition}:s3:::cid-${AWS::AccountId}-data-exports/* # prefix for data-exports hardcoded here
- !Sub arn:${AWS::Partition}:s3:::${ODCPath.Bucket}/*
- !If
- NeedQuickSightDataSourceRoleAndCUR
- NeedQuickSightDataSourceRoleAndLegacyCUR
- !Sub arn:${AWS::Partition}:s3:::${CURPath.Bucket}/*
- !Ref "AWS::NoValue"
# FOR CUR2 there will be attached policy no need to add it here
Expand Down Expand Up @@ -1379,7 +1382,7 @@ Resources:
Action:
- sts:AssumeRole
PermissionsBoundary: !If [NeedPermissionsBoundary, !Ref PermissionsBoundary, !Ref AWS::NoValue]
ManagedPolicyArns: !If [NeedCUR2, [ !ImportValue cid-DataExports-ReadAccessPolicyARN ] , !Ref AWS::NoValue]
ManagedPolicyArns: !If [UseCUR2, [ !ImportValue cid-DataExports-ReadAccessPolicyARN ] , !Ref AWS::NoValue]
Policies:
- PolicyName: CidExecPolicy
PolicyDocument:
Expand Down Expand Up @@ -1755,8 +1758,8 @@ Resources:
quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
glue-data-catalog: !Ref GlueDataCatalog
cur-table-name: !If [ NeedCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ NeedCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
cur-table-name: !If [ UseCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ UseCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
quicksight-user: !Ref QuickSightUser
account-map-source: 'dummy' #initial
share-with-account: !Ref ShareDashboard
Expand All @@ -1776,8 +1779,8 @@ Resources:
quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
glue-data-catalog: !Ref GlueDataCatalog
cur-table-name: !If [ NeedCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ NeedCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
cur-table-name: !If [ UseCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ UseCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
quicksight-user: !Ref QuickSightUser
account-map-source: 'dummy' #initial
share-with-account: !Ref ShareDashboard
Expand All @@ -1799,8 +1802,8 @@ Resources:
quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
glue-data-catalog: !Ref GlueDataCatalog
cur-table-name: !If [ NeedCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ NeedCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
cur-table-name: !If [ UseCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ UseCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
quicksight-user: !Ref QuickSightUser
account-map-source: 'dummy' #initial
share-with-account: !Ref ShareDashboard
Expand All @@ -1822,8 +1825,8 @@ Resources:
quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
glue-data-catalog: !Ref GlueDataCatalog
cur-table-name: !If [ NeedCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ NeedCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
cur-table-name: !If [ UseCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ UseCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
quicksight-user: !Ref QuickSightUser
account-map-source: 'dummy' #initial
share-with-account: !Ref ShareDashboard
Expand All @@ -1848,8 +1851,8 @@ Resources:
quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
glue-data-catalog: !Ref GlueDataCatalog
cur-table-name: !If [ NeedCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ NeedCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
cur-table-name: !If [ UseCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ UseCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
quicksight-user: !Ref QuickSightUser
share-with-account: !Ref ShareDashboard
view-ta-organizational-view-reports-s3FolderPath: !Sub '${OptimizationDataCollectionBucketPath}/trusted-advisor/trusted-advisor-data'
Expand All @@ -1869,8 +1872,8 @@ Resources:
quicksight-datasource-role-arn: !If [ NeedQuickSightDataSourceRole, !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${QuickSightDataSourceRole}", "" ]
athena-database: !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ]
glue-data-catalog: !Ref GlueDataCatalog
cur-table-name: !If [ NeedCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ NeedCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
cur-table-name: !If [ UseCUR2, 'cur2', !If [ NeedCURTable, !Ref MyCURTable, !Ref CURTableName ] ]
cur-database: !If [ UseCUR2, !ImportValue cid-DataExports-Database, !If [NeedDatabase, !Ref CidDatabase, !Ref DatabaseName ] ]
quicksight-user: !Ref QuickSightUser
share-with-account: !Ref ShareDashboard
view-compute-optimizer-lambda-lines-s3FolderPath: !Sub '${OptimizationDataCollectionBucketPath}/compute_optimizer/compute_optimizer_lambda'
Expand Down

0 comments on commit 5943ab6

Please sign in to comment.