feat: fix issue with many stacks and parallelize bootstrap

DataChefHQ · Jan 24, 2025 · 2d1e47f · 2d1e47f
1 parent 51be045
commit 2d1e47f
Show file tree

Hide file tree

Showing 12 changed files with 408 additions and 388 deletions.
diff --git a/.projen/deps.json b/.projen/deps.json
diff --git a/.projen/tasks.json b/.projen/tasks.json
diff --git a/.projenrc.ts b/.projenrc.ts
@@ -53,7 +53,6 @@ const project = new awscdk.AwsCdkConstructLibrary({
   ],
   /*  Runtime dependencies of this module that are NOT jsii-enabled. */
   bundledDeps: [
-    '[email protected]',
     '@aws-sdk/client-sts',
     '@aws-sdk/credential-providers',
     '@aws-sdk/client-cost-explorer',

diff --git a/API.md b/API.md
diff --git a/docs/src/content/docs/getting-started.mdx b/docs/src/content/docs/getting-started.mdx
@@ -80,9 +80,8 @@ for more information.
 [Tagging](/components/account-management/tagging) for details.
 5. **AWS Organization**: Provide details about your AWS Organization, including the Organization ID, OU IDs, and
 Account IDs. Copy the IDs of accounts created by Control Tower, such as the management, security log, and security
-audit accounts. Additional accounts can be created manually or moved under the Workloads OU. For more details, see
-[AWS Organization](/components/account-management/aws-organization). In the code snippet below, we define a single
-development account.
+audit accounts. Additional accounts can be created manually or moved under the Workloads OU.. In the code snippet
+below, we define a single development account.
 
 <DualCode>
   <Fragment slot="ts">

diff --git a/docs/src/content/docs/reference/api.md b/docs/src/content/docs/reference/api.md
diff --git a/npm-link-manual-cdk--express-pipeline.sh b/npm-link-manual-cdk--express-pipeline.sh
@@ -0,0 +1,2 @@
+npm uninstall cdk-express-pipeline
+npm link cdk-express-pipeline
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
diff --git a/src/scripts/bootstrap/index.ts b/src/scripts/bootstrap/index.ts
@@ -1,5 +1,6 @@
 import { DataLandingZoneProps, DlzAllRegions } from '../../data-landing-zone-types';
 import { assumeRole, runCommand } from '../lib/helpers';
+import { synth } from '../synth';
 
 const tags = '--tags Owner=infra --tags Project=dlz --tags Environment=dlz';
 
@@ -13,6 +14,7 @@ async function bootstrapChildAccount(props: DataLandingZoneProps, bootstrapRoleN
     `--trust ${props.organization.root.accounts.management.accountId}`,
     tags,
     `aws://${accountId}/${region}`,
+    '--app cdk.out',
   ].join(' '),
   {
     env: {
@@ -22,34 +24,56 @@ async function bootstrapChildAccount(props: DataLandingZoneProps, bootstrapRoleN
       AWS_SECRET_ACCESS_KEY: accountCreds.SecretAccessKey!,
       AWS_SESSION_TOKEN: accountCreds.SessionToken!,
     },
-  });
+  },
+  `(${region}) `);
+}
+
+let bootstrapSynthed = false;
+async function synthOnce(props: DataLandingZoneProps) {
+  if (!bootstrapSynthed) {
+    bootstrapSynthed = true;
+    await synth(props);
+  }
 }
 
 async function management(props: DataLandingZoneProps) {
+  await synthOnce(props);
   await runCommand('cdk', [
     'bootstrap',
     '--cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess',
     `--profile ${props.localProfile}`,
     tags,
     `aws://${props.organization.root.accounts.management.accountId}/${props.regions.global}`,
+    '--app cdk.out',
   ].join(' '));
 }
 async function log(props: DataLandingZoneProps, bootstrapRoleName: string = 'AWSControlTowerExecution') {
+  await synthOnce(props);
+
+  const regionBootStrapPromises = [];
   for (let region of DlzAllRegions(props.regions)) {
-    await bootstrapChildAccount(props, bootstrapRoleName, props.organization.ous.security.accounts.log.accountId, region);
+    regionBootStrapPromises.push(bootstrapChildAccount(props, bootstrapRoleName, props.organization.ous.security.accounts.log.accountId, region));
   }
+  await Promise.all(regionBootStrapPromises);
 }
 async function audit(props: DataLandingZoneProps, bootstrapRoleName: string = 'AWSControlTowerExecution') {
+  await synthOnce(props);
+
+  const regionBootStrapPromises = [];
   for (let region of DlzAllRegions(props.regions)) {
-    await bootstrapChildAccount(props, bootstrapRoleName, props.organization.ous.security.accounts.audit.accountId, region);
+    regionBootStrapPromises.push(bootstrapChildAccount(props, bootstrapRoleName, props.organization.ous.security.accounts.audit.accountId, region));
   }
+  await Promise.all(regionBootStrapPromises);
 }
-
 async function workloadAccounts(props: DataLandingZoneProps, bootstrapRoleName: string = 'AWSControlTowerExecution') {
+  await synthOnce(props);
+
   for (const account of props.organization.ous.workloads.accounts) {
+    const regionBootStrapPromises = [];
     for (let region of DlzAllRegions(props.regions)) {
-      await bootstrapChildAccount(props, bootstrapRoleName, account.accountId, region);
+      regionBootStrapPromises.push(bootstrapChildAccount(props, bootstrapRoleName, account.accountId, region));
     }
+    await Promise.all(regionBootStrapPromises);
   }
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		npm uninstall cdk-express-pipeline
		npm link cdk-express-pipeline