diff --git a/aws/cloudformation-templates/base/_template.yaml b/aws/cloudformation-templates/base/_template.yaml index 90e5363df..b77152786 100644 --- a/aws/cloudformation-templates/base/_template.yaml +++ b/aws/cloudformation-templates/base/_template.yaml @@ -23,8 +23,8 @@ Parameters: Description: Retail Demo Store source deployment type AllowedValues: - "GitHub" - - "CodeCommit" - Default: "CodeCommit" + - "S3" + Default: "S3" CreateOpenSearchServiceLinkedRole: Type: String @@ -249,16 +249,6 @@ Resources: PinpointSMSLongCode: !Ref PinpointSMSLongCode GoogleAnalyticsMeasurementId: !Ref GoogleAnalyticsMeasurementId - # CodeCommit Repository - CodeCommitRepository: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub https://s3.amazonaws.com/${ResourceBucket}/${ResourceBucketRelativePath}cloudformation-templates/base/codecommit.yaml - Parameters: - ResourceBucket: !Ref ResourceBucket - ResourceBucketRelativePath: !Ref ResourceBucketRelativePath - SourceDeploymentType: !Ref SourceDeploymentType - # Pinpoint Resources Pinpoint: Type: AWS::CloudFormation::Stack diff --git a/aws/cloudformation-templates/base/codecommit.yaml b/aws/cloudformation-templates/base/codecommit.yaml deleted file mode 100644 index 9ebfa6aff..000000000 --- a/aws/cloudformation-templates/base/codecommit.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -AWSTemplateFormatVersion: 2010-09-09 - -Description: > - This template deploys the Retail Demo Store S3 CodeCommit Repo. - -Parameters: - ResourceBucket: - Type: String - Description: S3Bucket Bucket where the Resources are stored (cloudformation, images, lambda code) - - ResourceBucketRelativePath: - Type: String - Description: S3Bucket Path where the Resources are stored (cloudformation, images, lambda code) (i.e. path/path2), can be empty if resources are at the root of the bucket. MUST contain trailing / - - SourceDeploymentType: - Type: String - Description: Retail Demo Store source deployment type - AllowedValues: - - 'GitHub' - - 'CodeCommit' - Default: 'CodeCommit' - -Conditions: - LinkToCodeCommit: !Equals [ !Ref SourceDeploymentType, 'CodeCommit' ] - -Resources: - - SourceRepository: - Condition: LinkToCodeCommit - Type: AWS::CodeCommit::Repository - Properties: - RepositoryName: retaildemostore-src - RepositoryDescription: CodeCommit Repo for the Retail Demo Store source code - Code: - S3: - Bucket: !Ref ResourceBucket - Key: !Sub ${ResourceBucketRelativePath}source/retaildemostore-source.zip - -Outputs: - - SourceCloneUrlHttp: - Condition: LinkToCodeCommit - Description: Source CodeCommit Respository Http Clone Url - Value: !GetAtt SourceRepository.CloneUrlHttp - - SourceCloneUrlSsh: - Condition: LinkToCodeCommit - Description: Source CodeCommit Repository SSH Clone Url - Value: !GetAtt SourceRepository.CloneUrlSsh - - SourceRepositoryArn: - Condition: LinkToCodeCommit - Description: Source CodeCommit Repository Arn - Value: !GetAtt SourceRepository.Arn \ No newline at end of file diff --git a/aws/cloudformation-templates/codepipeline-config-codecommit.yaml b/aws/cloudformation-templates/codepipeline-config-codecommit.yaml deleted file mode 100644 index cfb695ae0..000000000 --- a/aws/cloudformation-templates/codepipeline-config-codecommit.yaml +++ /dev/null @@ -1,3 +0,0 @@ -RepositoryName: retaildemostore-src -BranchName: main -PollForSourceChanges: false \ No newline at end of file diff --git a/aws/cloudformation-templates/event-engine/base-workshop.yaml b/aws/cloudformation-templates/event-engine/base-workshop.yaml index f36443ed6..0276babbf 100644 --- a/aws/cloudformation-templates/event-engine/base-workshop.yaml +++ b/aws/cloudformation-templates/event-engine/base-workshop.yaml @@ -42,7 +42,7 @@ Resources: ResourceBucket: !Ref ResourceBucket ResourceBucketRelativePath: !Ref ResourceBucketRelativePath CreateOpenSearchServiceLinkedRole: "No" # DO NOT CHANGE - should be managed by EE module in the "IAM Service Linked Roles" field - SourceDeploymentType: "CodeCommit" # DO NOT CHANGE + SourceDeploymentType: "S3" # DO NOT CHANGE GitHubRepo: "retail-demo-store" # N/A SO DO NOT CHANGE GitHubBranch: "master" # N/A SO DO NOT CHANGE GitHubToken: "dummy" # N/A SO DO NOT CHANGE diff --git a/aws/cloudformation-templates/event-engine/mparticle-workshop.yaml b/aws/cloudformation-templates/event-engine/mparticle-workshop.yaml index 32cb3f85e..39b6469aa 100644 --- a/aws/cloudformation-templates/event-engine/mparticle-workshop.yaml +++ b/aws/cloudformation-templates/event-engine/mparticle-workshop.yaml @@ -42,7 +42,7 @@ Resources: ResourceBucket: !Ref ResourceBucket ResourceBucketRelativePath: !Ref ResourceBucketRelativePath CreateElasticsearchServiceLinkedRole: "No" # DO NOT CHANGE - should be managed by EE module in the "IAM Service Linked Roles" field - SourceDeploymentType: "CodeCommit" # DO NOT CHANGE + SourceDeploymentType: "S3" # DO NOT CHANGE GitHubRepo: "retail-demo-store" # N/A SO DO NOT CHANGE GitHubBranch: "master" # N/A SO DO NOT CHANGE GitHubToken: "dummy" # N/A SO DO NOT CHANGE diff --git a/aws/cloudformation-templates/event-engine/segment-workshop.yaml b/aws/cloudformation-templates/event-engine/segment-workshop.yaml index b39eacf07..9ffb06794 100644 --- a/aws/cloudformation-templates/event-engine/segment-workshop.yaml +++ b/aws/cloudformation-templates/event-engine/segment-workshop.yaml @@ -42,7 +42,7 @@ Resources: ResourceBucket: !Ref ResourceBucket ResourceBucketRelativePath: !Ref ResourceBucketRelativePath CreateElasticsearchServiceLinkedRole: "No" # DO NOT CHANGE - should be managed by EE module in the "IAM Service Linked Roles" field - SourceDeploymentType: "CodeCommit" # DO NOT CHANGE + SourceDeploymentType: "S3" # DO NOT CHANGE GitHubRepo: "retail-demo-store" # N/A SO DO NOT CHANGE GitHubBranch: "master" # N/A SO DO NOT CHANGE GitHubToken: "dummy" # N/A SO DO NOT CHANGE diff --git a/aws/cloudformation-templates/room-generator.yaml b/aws/cloudformation-templates/room-generator.yaml index 490dcfa69..8f4870869 100644 --- a/aws/cloudformation-templates/room-generator.yaml +++ b/aws/cloudformation-templates/room-generator.yaml @@ -6,7 +6,7 @@ Description: > Parameters: LambdaVpcSecurityGroup: - Type: String + Type: String LambdaVpcSubnets: Type: String ResourceBucket: @@ -56,8 +56,8 @@ Parameters: Description: Retail Demo Store source deployment type AllowedValues: - 'GitHub' - - 'CodeCommit' - Default: 'CodeCommit' + - 'S3' + Default: 'S3' GitHubRepo: Type: String GitHubBranch: @@ -80,8 +80,8 @@ Resources: Properties: LoggingConfiguration: DestinationBucketName: !Ref LoggingBucketName - LogFilePrefix: roomgen-logs - BucketEncryption: + LogFilePrefix: roomgen-logs + BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 @@ -100,7 +100,7 @@ Resources: ImageBucketPolicy: Type: AWS::IAM::Policy - Properties: + Properties: PolicyName: RoomGenS3UploadPolicy PolicyDocument: Version: "2012-10-17" @@ -110,19 +110,19 @@ Resources: - 's3:PutObject' - 's3:GetObject' Resource: !Sub "arn:${AWS::Partition}:s3:::${ImageBucket}/private/${!cognito-identity.amazonaws.com:sub}/*" - Roles: + Roles: - !Ref CognitoAuthorizedRole InferenceBucket: Type: AWS::S3::Bucket DeletionPolicy: Delete Properties: - BucketEncryption: + BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 BucketKeyEnabled: true - + # Empties bucket when stack is deleted EmptyImageBucket: Type: Custom::EmptyStackBucket @@ -162,7 +162,7 @@ Resources: NonKeyAttributes: ["room_state", "room_style", "thumbnail_image_key"] StreamSpecification: StreamViewType: NEW_IMAGE - + BaseLambdaLayer: Type: AWS::Lambda::LayerVersion Properties: @@ -220,7 +220,7 @@ Resources: Action: - dynamodb:Query Resource: !Sub '${RoomGenerationTable.Arn}/index/*' - + ApiHandlerLambdaFunction: Type: AWS::Lambda::Function Properties: @@ -340,8 +340,8 @@ Resources: - Effect: Allow Action: - bedrock:InvokeModel - Resource: - - !Sub 'arn:${AWS::Partition}:bedrock:*::foundation-model/amazon.titan-embed-image-v1' + Resource: + - !Sub 'arn:${AWS::Partition}:bedrock:*::foundation-model/amazon.titan-embed-image-v1' ImageAnalyzerLambdaFunction: Type: 'AWS::Lambda::Function' @@ -401,7 +401,7 @@ Resources: - Effect: Allow Action: - sagemaker:InvokeEndpointAsync - Resource: + Resource: - !Sub arn:${AWS::Partition}:sagemaker:${AWS::Region}:${AWS::AccountId}:endpoint/${SageMakerEndpointName} ImageGenerationLambdaFunction: @@ -460,7 +460,7 @@ Resources: - Effect: Allow Action: - s3:GetObject - Resource: + Resource: - !Sub 'arn:${AWS::Partition}:s3:::${InferenceBucket}/*' - Effect: Allow Action: @@ -469,9 +469,9 @@ Resources: - Effect: Allow Action: - bedrock:InvokeModel - Resource: - - !Sub 'arn:${AWS::Partition}:bedrock:*::foundation-model/amazon.titan-embed-image-v1' - + Resource: + - !Sub 'arn:${AWS::Partition}:bedrock:*::foundation-model/amazon.titan-embed-image-v1' + InferenceResultProcessorLambdaFunction: Type: 'AWS::Lambda::Function' Properties: @@ -489,7 +489,7 @@ Resources: FunctionName: RoomGeneratorInferenceResultProcessor Environment: Variables: - DYNAMODB_TABLE_NAME: !Ref RoomGenerationTable + DYNAMODB_TABLE_NAME: !Ref RoomGenerationTable INPUT_IMAGE_BUCKET: !Ref ImageBucket OPENSEARCH_DOMAIN_HOST: !Ref OpenSearchDomainEndpoint OPENSEARCH_INDEX_NAME: !Ref OpenSearchEmbeddingIndex @@ -526,7 +526,7 @@ Resources: Action: - states:SendTaskSuccess Resource: !Ref RoomGenerationStateMachine - + SnsSubscriberLambdaFunction: Type: 'AWS::Lambda::Function' Properties: @@ -589,7 +589,7 @@ Resources: - Effect: Allow Action: - lambda:InvokeFunction - Resource: + Resource: - !GetAtt ImageAnalyzerLambdaFunction.Arn - !GetAtt ImageGenerationLambdaFunction.Arn - !GetAtt InferenceResultProcessorLambdaFunction.Arn @@ -683,7 +683,7 @@ Resources: RoomGenerationImageGeneratorFunction: !GetAtt ImageGenerationLambdaFunction.Arn RoomGenerationInferenceResultProcessorFunction: !GetAtt InferenceResultProcessorLambdaFunction.Arn RoleArn: !GetAtt StateMachineRole.Arn - + ApiGatewayFunctionPermission: Type: AWS::Lambda::Permission Properties: @@ -694,20 +694,20 @@ Resources: ApiGatewayRoomAccessPolicy: Type: AWS::IAM::Policy - Properties: + Properties: PolicyName: ApiGatewayRoomAccessPolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow - Action: "execute-api:Invoke" + Action: "execute-api:Invoke" Resource: - !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayId}/*/POST/rooms" - !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayId}/*/GET/rooms" - !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayId}/*/GET/rooms/*" - Roles: + Roles: - !Ref CognitoAuthorizedRole - + ApiIntegration: Type: 'AWS::ApiGatewayV2::Integration' @@ -716,7 +716,7 @@ Resources: Description: Room Generator API Lambda Integration IntegrationType: AWS_PROXY IntegrationUri: - Fn::Sub: "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiHandlerLambdaFunction.Arn}/invocations" + Fn::Sub: "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiHandlerLambdaFunction.Arn}/invocations" IntegrationMethod: POST PayloadFormatVersion: '2.0' @@ -726,7 +726,7 @@ Resources: ApiId: !Ref ApiGatewayId RouteKey: 'GET /rooms/{id}' AuthorizationType: AWS_IAM - Target: !Join + Target: !Join - / - - integrations - !Ref ApiIntegration @@ -737,7 +737,7 @@ Resources: ApiId: !Ref ApiGatewayId RouteKey: 'GET /rooms' AuthorizationType: AWS_IAM - Target: !Join + Target: !Join - / - - integrations - !Ref ApiIntegration @@ -748,7 +748,7 @@ Resources: ApiId: !Ref ApiGatewayId RouteKey: 'POST /rooms' AuthorizationType: AWS_IAM - Target: !Join + Target: !Join - / - - integrations - !Ref ApiIntegration @@ -757,7 +757,7 @@ Resources: Type: AWS::S3::Bucket DeletionPolicy: Delete Properties: - BucketEncryption: + BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 @@ -868,7 +868,16 @@ Resources: - s3:GetBucketVersioning Resource: - !Sub arn:${AWS::Partition}:s3:::${ArtifactBucket}/* - - !Sub arn:${AWS::Partition}:s3:::${ArtifactBucket} + - !Sub arn:${AWS::Partition}:s3:::${ArtifactBucket} + - Effect: Allow + Action: + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + - s3:GetBucketVersioning + Resource: + - !Sub arn:${AWS::Partition}:s3:::${ResourceBucket}/* + - !Sub arn:${AWS::Partition}:s3:::${ResourceBucket} - Effect: Allow Action: - codebuild:StartBuild @@ -884,14 +893,6 @@ Resources: - cloudformation:SetStackPolicy - iam:PassRole Resource: "*" - - Resource: !Sub 'arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:retaildemostore-src' - Effect: Allow - Action: - - codecommit:GetBranch - - codecommit:GetCommit - - codecommit:UploadArchive - - codecommit:GetUploadArchiveStatus - - codecommit:CancelUploadArchive CFNRole: Type: AWS::IAM::Role @@ -930,7 +931,7 @@ Resources: - iam:DeleteRole - iam:GetRole - iam:PassRole - - application-autoscaling:RegisterScalableTarget + - application-autoscaling:RegisterScalableTarget - application-autoscaling:DescribeScalableTargets - application-autoscaling:DeregisterScalableTarget - application-autoscaling:PutScalingPolicy @@ -947,7 +948,7 @@ Resources: Resource: !Sub 'arn:aws:iam::${AWS::AccountId}:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint' Condition: StringLike: - iam:AWSServiceName: sagemaker.application-autoscaling.amazonaws.com + iam:AWSServiceName: sagemaker.application-autoscaling.amazonaws.com Pipeline: Type: AWS::CodePipeline::Pipeline @@ -966,7 +967,7 @@ Resources: Version: '1' Provider: !Ref SourceDeploymentType Configuration: - !If + !If - GitHubDeployment - Fn::Transform: @@ -974,10 +975,9 @@ Resources: Parameters: Location: !Sub "s3://${ResourceBucket}/${ResourceBucketRelativePath}cloudformation-templates/codepipeline-config-github.yaml" - - Fn::Transform: - Name: 'AWS::Include' - Parameters: - Location: !Sub "s3://${ResourceBucket}/${ResourceBucketRelativePath}cloudformation-templates/codepipeline-config-codecommit.yaml" + S3Bucket: !Ref ResourceBucket + S3ObjectKey: !Sub '${ResourceBucketRelativePath}source/retaildemostore-source.zip' + PollForSourceChanges: false OutputArtifacts: - Name: source RunOrder: 1 @@ -1016,7 +1016,7 @@ Resources: Capabilities: CAPABILITY_IAM RoleArn: !GetAtt CFNRole.Arn StackName: !Sub '${AWS::StackName}-InferenceStack' - ParameterOverrides: + ParameterOverrides: !Sub | { "ModelBucket": "${ModelArtifactsBucket}", @@ -1120,7 +1120,7 @@ Resources: ################################################################################## # -# The following sets up the Product data pre-processing +# The following sets up the Product data pre-processing # ################################################################################## @@ -1128,12 +1128,12 @@ Resources: Type: AWS::S3::Bucket DeletionPolicy: Delete Properties: - BucketEncryption: + BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 BucketKeyEnabled: true - + # Empties bucket when stack is deleted EmptyProductImageBucket: Type: Custom::EmptyStackBucket @@ -1204,18 +1204,18 @@ Resources: - PolicyName: root PolicyDocument: Version: 2012-10-17 - Statement: + Statement: - Effect: Allow Action: - s3:GetObject Resource: - - !Sub 'arn:${AWS::Partition}:s3:::${ProductImageBucket}/*' + - !Sub 'arn:${AWS::Partition}:s3:::${ProductImageBucket}/*' - Effect: Allow Action: - bedrock:InvokeModel - Resource: + Resource: - !Sub 'arn:${AWS::Partition}:bedrock:*::foundation-model/anthropic.claude-3-haiku-20240307-v1:0' - + CreateProductCaptionLambdaFunction: Type: 'AWS::Lambda::Function' @@ -1233,7 +1233,7 @@ Resources: POWERTOOLS_SERVICE_NAME: roomgen-product-caption Layers: - !Ref BaseLambdaLayer - + GetEmbeddingLambdaExecutionRole: Type: AWS::IAM::Role Properties: @@ -1253,18 +1253,18 @@ Resources: - PolicyName: root PolicyDocument: Version: 2012-10-17 - Statement: + Statement: - Effect: Allow Action: - s3:GetObject Resource: - - !Sub 'arn:${AWS::Partition}:s3:::${ProductImageBucket}/*' + - !Sub 'arn:${AWS::Partition}:s3:::${ProductImageBucket}/*' - Effect: Allow Action: - bedrock:InvokeModel - Resource: + Resource: - !Sub 'arn:${AWS::Partition}:bedrock:*::foundation-model/amazon.titan-embed-image-v1' - + GetEmbeddingLambdaFunction: Type: 'AWS::Lambda::Function' Properties: @@ -1281,7 +1281,7 @@ Resources: POWERTOOLS_SERVICE_NAME: roomgen-product-embedding Layers: - !Ref BaseLambdaLayer - + IndexProductsQueue: Type: AWS::SQS::Queue Properties: @@ -1325,7 +1325,7 @@ Resources: - PolicyName: root PolicyDocument: Version: 2012-10-17 - Statement: + Statement: - Effect: Allow Action: - sqs:ReceiveMessage @@ -1373,18 +1373,18 @@ Resources: - PolicyName: root PolicyDocument: Version: 2012-10-17 - Statement: + Statement: - Effect: Allow Action: - s3:GetObject Resource: - - !Sub 'arn:${AWS::Partition}:s3:::${WebUIBucketName}/images/*' + - !Sub 'arn:${AWS::Partition}:s3:::${WebUIBucketName}/images/*' - Effect: Allow Action: - s3:PutObject Resource: - !Sub 'arn:${AWS::Partition}:s3:::${ProductImageBucket}/*' - + ResizeImageLambdaFunction: Type: AWS::Lambda::Function Properties: @@ -1444,7 +1444,7 @@ Resources: STATE_MACHINE_ARN: !GetAtt PrepareProductDataStateMachine.Arn POWERTOOLS_SERVICE_NAME: roomgen-product-image-sfn-trigger Layers: - - !Ref BaseLambdaLayer + - !Ref BaseLambdaLayer S3EventLambdaInvokePermission: Type: AWS::Lambda::Permission @@ -1548,7 +1548,7 @@ Resources: Principal: Service: batchoperations.s3.amazonaws.com Action: sts:AssumeRole - Path: / + Path: / Policies: - PolicyName: root PolicyDocument: @@ -1556,13 +1556,13 @@ Resources: Statement: - Effect: Allow Action: lambda:InvokeFunction - Resource: !GetAtt ResizeImageLambdaFunction.Arn + Resource: !GetAtt ResizeImageLambdaFunction.Arn - Effect: Allow - Action: + Action: - s3:GetObject - s3:ListBucket - s3:PutInventoryConfiguration - Resource: + Resource: - !Sub 'arn:${AWS::Partition}:s3:::${WebUIBucketName}' - !Sub 'arn:${AWS::Partition}:s3:::${WebUIBucketName}/images/*' @@ -1606,7 +1606,7 @@ Resources: Variables: POWERTOOLS_SERVICE_NAME: roomgen-create-s3-batch-jobs Layers: - - !Ref BaseLambdaLayer + - !Ref BaseLambdaLayer CreateS3BatchJobsLambdaTrigger: Type: Custom::LambdaTrigger @@ -1645,13 +1645,13 @@ Resources: - Effect: Allow Action: - lambda:InvokeFunction - Resource: + Resource: - !GetAtt CreateProductCaptionLambdaFunction.Arn - !GetAtt GetEmbeddingLambdaFunction.Arn - Effect: Allow Action: - sqs:SendMessage - Resource: + Resource: - !GetAtt IndexProductsQueue.Arn - Effect: Allow Action: @@ -1671,7 +1671,7 @@ Resources: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub /aws/sfn/${AWS::StackName}-PrepareProductData - + PrepareProductDataStateMachine: Type: AWS::StepFunctions::StateMachine Properties: @@ -1679,7 +1679,7 @@ Resources: StateMachineType: EXPRESS LoggingConfiguration: Destinations: - - CloudWatchLogsLogGroup: + - CloudWatchLogsLogGroup: LogGroupArn: !GetAtt PrepareProductDataSfnLogGroup.Arn IncludeExecutionData: true Level: ERROR diff --git a/aws/cloudformation-templates/services/_template.yaml b/aws/cloudformation-templates/services/_template.yaml index d2a0f2ec4..a7060b1d7 100644 --- a/aws/cloudformation-templates/services/_template.yaml +++ b/aws/cloudformation-templates/services/_template.yaml @@ -35,8 +35,8 @@ Parameters: Description: Retail Demo Store source deployment type AllowedValues: - 'GitHub' - - 'CodeCommit' - Default: 'CodeCommit' + - 'S3' + Default: 'S3' GitHubRepo: Type: String diff --git a/aws/cloudformation-templates/services/service/_template.yaml b/aws/cloudformation-templates/services/service/_template.yaml index d8267e277..c42ad61e9 100644 --- a/aws/cloudformation-templates/services/service/_template.yaml +++ b/aws/cloudformation-templates/services/service/_template.yaml @@ -37,8 +37,8 @@ Parameters: Description: Retail Demo Store source deployment type AllowedValues: - 'GitHub' - - 'CodeCommit' - Default: 'CodeCommit' + - 'S3' + Default: 'S3' GitHubRepo: Type: String @@ -259,7 +259,9 @@ Resources: TaskRoleArn: !GetAtt Service.Outputs.TaskRoleArn TaskExecutionRoleArn: !GetAtt Service.Outputs.TaskExecutionRoleArn LoggingBucketName: !Ref LoggingBucketName - + ResourceBucket: !Ref ResourceBucket + ResourceBucketRelativePath: !Ref ResourceBucketRelativePath + Service: Type: AWS::CloudFormation::Stack Properties: diff --git a/aws/cloudformation-templates/services/service/pipeline.yaml b/aws/cloudformation-templates/services/service/pipeline.yaml index 5e4c1dfbe..73368bb9e 100644 --- a/aws/cloudformation-templates/services/service/pipeline.yaml +++ b/aws/cloudformation-templates/services/service/pipeline.yaml @@ -16,8 +16,18 @@ Parameters: Description: Retail Demo Store source deployment type AllowedValues: - 'GitHub' - - 'CodeCommit' - Default: 'CodeCommit' + - 'S3' + Default: 'S3' + + ResourceBucket: + Type: String + Description: S3Bucket Bucket where the Resources are stored (cloudformation, images, lambda code) + + ResourceBucketRelativePath: + Type: String + Description: > + Optional path in the Deployment Resources Staging bucket where the deployment resources are stored (e.g. path/path2/). + Leave blank if resources are at the root of the Staging Resource Bucket. If specified, MUST end with '/'. GitHubRepo: Type: String @@ -124,7 +134,7 @@ Parameters: Conditions: LinkToGitHub: !Equals [ !Ref SourceDeploymentType, 'GitHub' ] - LinkToCodeCommit: !Equals [ !Ref SourceDeploymentType, 'CodeCommit' ] + LinkToS3Bucket: !Equals [ !Ref SourceDeploymentType, 'S3' ] Resources: Repository: @@ -233,6 +243,15 @@ Resources: - s3:GetObject - s3:GetObjectVersion - s3:GetBucketVersioning + - Resource: + - !Sub arn:aws:s3:::${ResourceBucket}/* + - !Sub arn:aws:s3:::${ResourceBucket} + Effect: Allow + Action: + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + - s3:GetBucketVersioning - Resource: "*" Effect: Allow Action: @@ -244,14 +263,6 @@ Resources: Effect: Allow Action: - iam:PassRole - - Resource: !Sub 'arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:retaildemostore-src' - Effect: Allow - Action: - - "codecommit:GetBranch" - - "codecommit:GetCommit" - - "codecommit:UploadArchive" - - "codecommit:GetUploadArchiveStatus" - - "codecommit:CancelUploadArchive" - Resource: '*' Effect: Allow Action: @@ -272,12 +283,12 @@ Resources: LoggingConfiguration: DestinationBucketName: !Ref LoggingBucketName LogFilePrefix: !Sub '/${FargateServiceName}-logs' - BucketEncryption: + BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 - BucketKeyEnabled: true - + BucketKeyEnabled: true + # Empties bucket when stack is deleted EmptyArtifactBucket: Type: Custom::EmptyArtifactBucket @@ -409,8 +420,8 @@ Resources: - Name: BuildOutput RunOrder: 1 - PipelineCodeCommit: - Condition: LinkToCodeCommit + PipelineS3: + Condition: LinkToS3Bucket Type: AWS::CodePipeline::Pipeline Properties: RoleArn: !GetAtt CodePipelineServiceRole.Arn @@ -424,19 +435,19 @@ Resources: Stages: - Name: Source Actions: - - Name: App - ActionTypeId: - Category: Source - Owner: AWS - Version: '1' - Provider: CodeCommit - Configuration: - RepositoryName: retaildemostore-src - BranchName: main - PollForSourceChanges: false - OutputArtifacts: - - Name: App - RunOrder: 1 + - Name: App + ActionTypeId: + Category: Source + Owner: AWS + Version: '1' + Provider: S3 + Configuration: + S3Bucket: !Ref ResourceBucket + S3ObjectKey: !Sub '${ResourceBucketRelativePath}source/retaildemostore-source.zip' + PollForSourceChanges: false + OutputArtifacts: + - Name: App + RunOrder: 1 - Name: Build Actions: - Name: Build @@ -467,9 +478,9 @@ Resources: InputArtifacts: - Name: BuildOutput RunOrder: 1 - + EventRole: - Condition: LinkToCodeCommit + Condition: LinkToS3Bucket Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: @@ -491,31 +502,28 @@ Resources: - Effect: Allow Action: codepipeline:StartPipelineExecution - Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineCodeCommit ] ] + Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineS3 ] ] EventRule: - Condition: LinkToCodeCommit + Condition: LinkToS3Bucket Type: AWS::Events::Rule Properties: EventPattern: source: - - aws.codecommit + - aws.s3 detail-type: - - 'CodeCommit Repository State Change' - resources: - - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', 'retaildemostore-src' ] ] + - 'Object Created' detail: - event: - - referenceCreated - - referenceUpdated - referenceType: - - branch - referenceName: - - main + bucket: + name: + - !Ref ResourceBucket + object: + key: + - !Sub ${ResourceBucketRelativePath}source/retaildemostore-source.zip Targets: - - Arn: - !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineCodeCommit ] ] + Arn: + !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineS3] ] RoleArn: !GetAtt EventRole.Arn Id: codepipeline-AppPipeline @@ -524,6 +532,6 @@ Outputs: Condition: LinkToGitHub Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineGitHub} - PipelineForCodeCommitUrl: - Condition: LinkToCodeCommit - Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineCodeCommit} + PipelineForS3Url: + Condition: LinkToS3Bucket + Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineS3} diff --git a/aws/cloudformation-templates/swagger-ui-pipeline.yaml b/aws/cloudformation-templates/swagger-ui-pipeline.yaml index c5213b478..20df8750d 100644 --- a/aws/cloudformation-templates/swagger-ui-pipeline.yaml +++ b/aws/cloudformation-templates/swagger-ui-pipeline.yaml @@ -24,8 +24,16 @@ Parameters: Description: Retail Demo Store source deployment type AllowedValues: - 'GitHub' - - 'CodeCommit' - Default: 'CodeCommit' + - 'S3' + Default: 'S3' + + ResourceBucket: + Type: String + Description: S3Bucket Bucket where the Resources are stored (cloudformation, images, lambda code) + + ResourceBucketRelativePath: + Type: String + Description: S3Bucket Path where the deployment Resources are stored (cloudformation, images, lambda code) (i.e. path/path2), can be empty if resources are at the root of the bucket. MUST contain trailing / GitHubRepo: Type: String @@ -87,7 +95,7 @@ Parameters: Conditions: LinkToGitHub: !Equals [ !Ref SourceDeploymentType, 'GitHub' ] - LinkToCodeCommit: !Equals [ !Ref SourceDeploymentType, 'CodeCommit' ] + LinkToS3: !Equals [ !Ref SourceDeploymentType, 'S3' ] Resources: CodeBuildServiceRole: @@ -169,14 +177,19 @@ Resources: Action: - codebuild:StartBuild - codebuild:BatchGetBuilds - - Resource: !Sub 'arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:retaildemostore-src' + - PolicyName: bucket + PolicyDocument: + Version: 2012-10-17 + Statement: + - Resource: + - !Sub arn:aws:s3:::${ResourceBucket}/* + - !Sub arn:aws:s3:::${ResourceBucket} Effect: Allow Action: - - "codecommit:GetBranch" - - "codecommit:GetCommit" - - "codecommit:UploadArchive" - - "codecommit:GetUploadArchiveStatus" - - "codecommit:CancelUploadArchive" + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + - s3:GetBucketVersioning ArtifactBucket: Type: AWS::S3::Bucket @@ -185,12 +198,12 @@ Resources: Status: Enabled LoggingConfiguration: DestinationBucketName: !Ref LoggingBucketName - LogFilePrefix: swaggerui-logs + LogFilePrefix: swaggerui-logs BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 - BucketKeyEnabled: true + BucketKeyEnabled: true # Empties bucket when stack is deleted EmptyArtifactBucket: @@ -288,8 +301,8 @@ Resources: ProjectName: !Ref CodeBuildProject RunOrder: 1 - PipelineCodeCommit: - Condition: LinkToCodeCommit + PipelineS3: + Condition: LinkToS3 Type: AWS::CodePipeline::Pipeline Properties: RoleArn: !GetAtt CodePipelineServiceRole.Arn @@ -308,10 +321,10 @@ Resources: Category: Source Owner: AWS Version: '1' - Provider: CodeCommit + Provider: S3 Configuration: - RepositoryName: retaildemostore-src - BranchName: main + S3Bucket: !Ref ResourceBucket + S3ObjectKey: !Sub '${ResourceBucketRelativePath}source/retaildemostore-source.zip' PollForSourceChanges: false OutputArtifacts: - Name: App @@ -333,7 +346,7 @@ Resources: RunOrder: 1 EventRole: - Condition: LinkToCodeCommit + Condition: LinkToS3 Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: @@ -355,31 +368,28 @@ Resources: - Effect: Allow Action: codepipeline:StartPipelineExecution - Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineCodeCommit ] ] + Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineS3 ] ] EventRule: - Condition: LinkToCodeCommit + Condition: LinkToS3 Type: AWS::Events::Rule Properties: EventPattern: source: - - aws.codecommit + - aws.s3 detail-type: - - 'CodeCommit Repository State Change' - resources: - - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', 'retaildemostore-src' ] ] + - 'Object Created' detail: - event: - - referenceCreated - - referenceUpdated - referenceType: - - branch - referenceName: - - main + bucket: + name: + - !Ref ResourceBucket + object: + key: + - !Sub ${ResourceBucketRelativePath}source/retaildemostore-source.zip Targets: - - Arn: - !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineCodeCommit ] ] + Arn: + !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineS3 ] ] RoleArn: !GetAtt EventRole.Arn Id: codepipeline-AppPipeline @@ -388,6 +398,6 @@ Outputs: Condition: LinkToGitHub Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineGitHub} - PipelineForCodeCommitUrl: - Condition: LinkToCodeCommit - Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineCodeCommit} + PipelineForS3: + Condition: LinkToS3 + Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineS3} diff --git a/aws/cloudformation-templates/template.yaml b/aws/cloudformation-templates/template.yaml index 4a0a6badf..47ec7e8b5 100644 --- a/aws/cloudformation-templates/template.yaml +++ b/aws/cloudformation-templates/template.yaml @@ -84,7 +84,7 @@ Metadata: default: "Custom Cloudfront domain name (optional)" Parameters: - CloudfrontCustomDomain - - ACMCertificateArn + - ACMCertificateArn - Label: default: "Fenix Commerce EDD Integration" Parameters: @@ -186,7 +186,7 @@ Metadata: DeployRoomMakeoverDemo: default: "Deploy Room Makeover Demo" EnableSageMakerAutoScaling: - default: Enable Auto scaling for SageMaker Asynchronous endpoint + default: Enable Auto scaling for SageMaker Asynchronous endpoint SageMakerScalingMinCapacity: default: Minimum capacity for SageMaker endpoint. SageMakerScalingMaxCapacity: @@ -230,16 +230,16 @@ Parameters: SourceDeploymentType: Type: String Description: > - The Retail Demo Store deployment includes a CodePipeline configuration that will build and deploy Retail Demo Store - microservices to ECS when a change is detected in the source repository. The source repository for CodePipeline - can be configured to use your personal GitHub repository or CodeCommit. Use GitHub if you're actively developing - against Retail Demo Store in your own fork. CodeCommit is useful when you just want to get up and going quickly for - a demo or evaluation or for workshop scenarios, such as Event Engine, where you want attendees to have their own - source repositories provisioned. + The Retail Demo Store deployment includes a CodePipeline configuration that will build and deploy Retail Demo Store + microservices to ECS when a change is detected in the source repository. The source repository for CodePipeline can + be configured to use your personal GitHub repository or an S3 bucket. Use GitHub if you're actively developing against + Retail Demo Store in your own fork. S3 is useful when you just want to get up and going quickly for a demo or + evaluation or for workshop scenarios, such as Event Engine, where you want attendees to have their own source + repositories provisioned. AllowedValues: - "GitHub" - - "CodeCommit" - Default: "CodeCommit" + - "S3" + Default: "S3" GitHubRepo: Type: String @@ -263,7 +263,7 @@ Parameters: Access Token is required. Otherwise, leave blank. Be sure that your token has the "repo", "repo:status", and "admin:repo_hook" permission scopes. NoEcho: true Default: '' - + PreIndexOpenSearch: Type: String Description: > @@ -552,7 +552,7 @@ Parameters: - 'Yes' - 'No' Default: 'No' - + EnableSageMakerAutoScaling: Type: String Description: Enable Auto scaling for the SageMaker Asyncronous endpoint @@ -572,12 +572,12 @@ Parameters: Description: SageMaker Asynchronous endpoints can be scaled to zero. The endpoint will scale up from zero and room requests will resume execution when there is an endpoint to invoke. MinValue: 0 Default: 0 - + SageMakerEndpointName: Type: String Description: The SageMaker async endpoint name used for image generation Default: controlnet-depth-sdxl - + OpenSearchEmbeddingIndex: Type: String Description: Name of the embedding index @@ -586,16 +586,16 @@ Parameters: Mappings: # Regions that support Amazon Bedrock and the required models of Room Maker demo: Claude 3 Haiku, Titan Multimodal Embeddings G1 - BedrockRegionMap: - us-east-1: + BedrockRegionMap: + us-east-1: SupportsRequiredModels: "Yes" - us-west-2: + us-west-2: SupportsRequiredModels: "Yes" - ap-south-1: + ap-south-1: SupportsRequiredModels: "Yes" - ap-southeast-2: + ap-southeast-2: SupportsRequiredModels: "Yes" - eu-west-3: + eu-west-3: SupportsRequiredModels: "Yes" Conditions: @@ -697,12 +697,12 @@ Resources: ParameterOptimizelySdkKey: !GetAtt Base.Outputs.ParameterOptimizelySdkKey CleanupBucketLambdaArn: !GetAtt CleanupBucket.Outputs.LambdaFunctionArn ParameterIVSVideoChannelMap: !GetAtt Base.Outputs.ParameterIVSVideoChannelMap - WebRootUrl: !If + WebRootUrl: !If - ConditionCustomDomain - !Sub https://${CloudfrontCustomDomain} - !GetAtt Base.Outputs.WebUICDNURL UseDefaultIVSStreams: !Ref UseDefaultIVSStreams - ImageRootUrl: !If + ImageRootUrl: !If - ConditionCustomDomain - !Sub https://${CloudfrontCustomDomain}/images/ - !Sub ${Base.Outputs.WebUICDNURL}/images/ @@ -710,6 +710,7 @@ Resources: LoggingBucketName: !GetAtt Base.Outputs.LoggingBucketName LambdaVpcSecurityGroup: !GetAtt Base.Outputs.PrivateVPCSecurityGroup + # Services Resources ApiGateway: Type: AWS::CloudFormation::Stack @@ -814,6 +815,8 @@ Resources: OffersServiceExternalUrl: !GetAtt ApiGateway.Outputs.APIEndpoint CleanupBucketLambdaArn: !GetAtt CleanupBucket.Outputs.LambdaFunctionArn LoggingBucketName: !GetAtt Base.Outputs.LoggingBucketName + ResourceBucket: !Ref ResourceBucket + ResourceBucketRelativePath: !Ref ResourceBucketRelativePath # Lex personalization function ChatbotFunctions: @@ -867,7 +870,7 @@ Resources: AmazonPayPublicKeyId: !Ref AmazonPayPublicKeyId AmazonPayStoreId: !Ref AmazonPayStoreId AmazonPayPrivateKey: !Ref AmazonPayPrivateKey - WebURL: + WebURL: !If [ ConditionCustomDomain, !Sub 'https://${CloudfrontCustomDomain}' , @@ -978,10 +981,10 @@ Resources: OpenSearchDomainEndpoint: !GetAtt Base.Outputs.OpenSearchDomainEndpoint ApiGatewayId: !GetAtt ApiGateway.Outputs.ApiGatewayId WebUIBucketName: !GetAtt Base.Outputs.WebUIBucketName - WebURL: !If + WebURL: !If - ConditionCustomDomain - !Sub https://${CloudfrontCustomDomain} - - !GetAtt Base.Outputs.WebUICDNURL + - !GetAtt Base.Outputs.WebUICDNURL CognitoAuthorizedRole: !GetAtt Base.Outputs.CognitoAuthorizedRole SageMakerEndpointName: !Ref SageMakerEndpointName EnableSageMakerAutoScaling: !Ref EnableSageMakerAutoScaling @@ -991,7 +994,7 @@ Resources: GitHubRepo: !Ref GitHubRepo GitHubBranch: !Ref GitHubBranch GitHubToken: !Ref GitHubToken - GitHubUser: !Ref GitHubUser + GitHubUser: !Ref GitHubUser ApiGatewayDeploy: Type: AWS::CloudFormation::Stack diff --git a/aws/cloudformation-templates/web-ui-pipeline.yaml b/aws/cloudformation-templates/web-ui-pipeline.yaml index 9c13e9033..9baa459a3 100644 --- a/aws/cloudformation-templates/web-ui-pipeline.yaml +++ b/aws/cloudformation-templates/web-ui-pipeline.yaml @@ -37,8 +37,8 @@ Parameters: Description: Retail Demo Store source deployment type AllowedValues: - 'GitHub' - - 'CodeCommit' - Default: 'CodeCommit' + - 'S3' + Default: 'S3' GitHubRepo: Type: String @@ -169,7 +169,7 @@ Parameters: Conditions: LinkToGitHub: !Equals [ !Ref SourceDeploymentType, 'GitHub' ] - LinkToCodeCommit: !Equals [ !Ref SourceDeploymentType, 'CodeCommit' ] + LinkToS3: !Equals [ !Ref SourceDeploymentType, 'S3' ] Resources: @@ -243,14 +243,15 @@ Resources: Action: - codebuild:StartBuild - codebuild:BatchGetBuilds - - Resource: !Sub 'arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:retaildemostore-src' + - Resource: + - !Sub arn:${AWS::Partition}:s3:::${ResourceBucket}/* + - !Sub arn:${AWS::Partition}:s3:::${ResourceBucket} Effect: Allow Action: - - "codecommit:GetBranch" - - "codecommit:GetCommit" - - "codecommit:UploadArchive" - - "codecommit:GetUploadArchiveStatus" - - "codecommit:CancelUploadArchive" + - s3:PutObject + - s3:GetObject + - s3:GetObjectVersion + - s3:GetBucketVersioning ArtifactBucket: Type: AWS::S3::Bucket @@ -304,7 +305,7 @@ Resources: - Name: COGNITO_IDENTITY_POOL_ID Value: !Sub ${IdentityPoolId} - Name: API_GATEWAY_URL - Value: !Ref APIGatewayUrl + Value: !Ref APIGatewayUrl - Name: DEPLOYED_REGION Value: !Ref AWS::Region - Name: PINPOINT_APP_ID @@ -400,8 +401,8 @@ Resources: ProjectName: !Ref CodeBuildProject RunOrder: 1 - PipelineCodeCommit: - Condition: LinkToCodeCommit + PipelineS3: + Condition: LinkToS3 Type: AWS::CodePipeline::Pipeline Properties: RoleArn: !GetAtt CodePipelineServiceRole.Arn @@ -420,10 +421,10 @@ Resources: Category: Source Owner: AWS Version: '1' - Provider: CodeCommit + Provider: S3 Configuration: - RepositoryName: retaildemostore-src - BranchName: main + S3Bucket: !Ref ResourceBucket + S3ObjectKey: !Sub '${ResourceBucketRelativePath}source/retaildemostore-source.zip' PollForSourceChanges: false OutputArtifacts: - Name: App @@ -443,8 +444,9 @@ Resources: Configuration: ProjectName: !Ref CodeBuildProject RunOrder: 1 + EventRole: - Condition: LinkToCodeCommit + Condition: LinkToS3 Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: @@ -466,30 +468,26 @@ Resources: - Effect: Allow Action: codepipeline:StartPipelineExecution - Resource: !Sub 'arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineCodeCommit}' + Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineS3 ] ] EventRule: - Condition: LinkToCodeCommit + Condition: LinkToS3 Type: AWS::Events::Rule Properties: EventPattern: source: - - aws.codecommit + - aws.s3 detail-type: - - 'CodeCommit Repository State Change' - resources: - - !Sub 'arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:retaildemostore-src' + - 'Object Created' detail: - event: - - referenceCreated - - referenceUpdated - referenceType: - - branch - referenceName: - - main + bucket: + name: + - !Ref ResourceBucket + object: + key: + - !Sub ${ResourceBucketRelativePath}source/retaildemostore-source.zip Targets: - - - Arn: !Sub 'arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineCodeCommit}' + - Arn: !Sub 'arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineS3}' RoleArn: !GetAtt EventRole.Arn Id: codepipeline-AppPipeline @@ -498,6 +496,6 @@ Outputs: Condition: LinkToGitHub Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineGitHub} - PipelineForCodeCommitUrl: - Condition: LinkToCodeCommit - Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineCodeCommit} + PipelineForS3Url: + Condition: LinkToS3 + Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineS3} diff --git a/docs/Deployment/getting-started.md b/docs/Deployment/getting-started.md index 1db43e2c6..3a99cde32 100644 --- a/docs/Deployment/getting-started.md +++ b/docs/Deployment/getting-started.md @@ -77,11 +77,24 @@ Save your access token in a secure location, you will use it the CloudFormation ## Step 2: Create a S3 Staging Bucket -We recommend to create a dedicated bucket for deployment. +We recommend to create a dedicated bucket for deployment with **versioning enabled.** !!! Note Bucket Region: Your staging bucket must be in the **region** in which you plan to deploy the Retail Demo Store. +### Enabling Event Notifications + +Setting Up Event Notifications to Amazon EventBridge on an S3 Bucket + +Follow these steps to configure your S3 bucket to send event notifications to Amazon EventBridge: + +1. Navigate to your S3 bucket in the AWS Management Console. +2. Click on the Properties tab. +3. Scroll down to the Amazon EventBridge section. +4. Click the Edit button. +5. Toggle the option Send notifications to Amazon EventBridge for all events in this bucket to On. +6. Click Save changes. + ### Bucket Permissions The default stage script requires the ability to set the resources it uploads to your bucket as public read. Note that you do not need to set the bucket up to allow public listing of the resources in the bucket (this is not recommended). diff --git a/scripts/deploy-cloudformation-stacks.sh b/scripts/deploy-cloudformation-stacks.sh index abf2bfdbb..4ed6c6e40 100755 --- a/scripts/deploy-cloudformation-stacks.sh +++ b/scripts/deploy-cloudformation-stacks.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Deploy to AWS with all default values. +# Deploy to AWS with all default values. # You can use the following flags to pre create resources # # Example usage @@ -14,7 +14,7 @@ set -e ######################################################################################################################################## # The script parses the command line argument and extract these variables: # 1. "args" contains an array of arguments (e.g. args[0], args[1], etc.) In this script, we use only 2 arguments (S3_BUCKET, REGION) -# 2. "pre_create_personalize" contains a boolean value whether "--pre-create-personalize" is presented +# 2. "pre_create_personalize" contains a boolean value whether "--pre-create-personalize" is presented # 3. "pre_index_elasticsearch" contains a boolean value whether "--pre-index-elasticsearch" is presented ######################################################################################################################################## args=() @@ -85,10 +85,10 @@ aws cloudformation deploy \ --region "${REGION}" \ --parameter-overrides \ ResourceBucket="${S3_BUCKET}" \ - SourceDeploymentType="CodeCommit" \ + SourceDeploymentType="S3" \ AlexaSkillId="" \ AlexaDefaultSandboxEmail="" \ - ResourceBucketRelativePath="" \ + ResourceBucketRelativePath="store/" \ mParticleSecretKey="" \ AmazonPayPublicKeyId="" \ mParticleApiKey="" \ @@ -111,7 +111,7 @@ aws cloudformation deploy \ PreIndexElasticsearch="${param_elasticsearch}" \ ResourceBucketImages="" \ ResourceBucketImagesPrefix="" - + # Wait until stack creation completes