Release: 1.3.0

aws-ia · Feb 2, 2022 · 7b4afaf · 7b4afaf
1 parent 2a0a271
commit 7b4afaf
Show file tree

Hide file tree

Showing 74 changed files with 1,816 additions and 3,742 deletions.
diff --git a/.gitignore b/.gitignore
@@ -345,5 +345,5 @@ typings/
 # Sonarlint plugin
 .idea/sonarlint
 
-# zip archives
+# zip aft-archives
 *.zip
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.2.1
+1.3.0
diff --git a/main.tf b/main.tf
@@ -1,3 +1,7 @@
+module "packaging" {
+  source = "./modules/aft-archives"
+}
+
 module "aft_account_provisioning_framework" {
   providers = {
     aws = aws.aft_management
@@ -14,6 +18,8 @@ module "aft_account_provisioning_framework" {
   aft_vpc_private_subnets                          = module.aft_account_request_framework.aft_vpc_private_subnets
   aft_vpc_default_sg                               = module.aft_account_request_framework.aft_vpc_default_sg
   cloudwatch_log_group_retention                   = var.cloudwatch_log_group_retention
+  provisioning_framework_archive_path              = module.packaging.provisioning_framework_archive_path
+  provisioning_framework_archive_hash              = module.packaging.provisioning_framework_archive_hash
 }
 
 module "aft_account_request_framework" {
@@ -32,8 +38,12 @@ module "aft_account_request_framework" {
   aft_vpc_public_subnet_01_cidr               = var.aft_vpc_public_subnet_01_cidr
   aft_vpc_public_subnet_02_cidr               = var.aft_vpc_public_subnet_02_cidr
   aft_vpc_endpoints                           = var.aft_vpc_endpoints
+  request_framework_archive_path              = module.packaging.request_framework_archive_path
+  request_framework_archive_hash              = module.packaging.request_framework_archive_hash
 }
 
+
+
 module "aft_backend" {
   providers = {
     aws.primary_region   = aws.aft_management
@@ -102,6 +112,8 @@ module "aft_customizations" {
   terraform_distribution                            = var.terraform_distribution
   cloudwatch_log_group_retention                    = var.cloudwatch_log_group_retention
   maximum_concurrent_customizations                 = var.maximum_concurrent_customizations
+  customizations_archive_path                       = module.packaging.customizations_archive_path
+  customizations_archive_hash                       = module.packaging.customizations_archive_hash
 }
 
 module "aft_feature_options" {
@@ -124,6 +136,8 @@ module "aft_feature_options" {
   aft_vpc_default_sg                        = module.aft_account_request_framework.aft_vpc_default_sg
   log_archive_account_id                    = var.log_archive_account_id
   cloudwatch_log_group_retention            = var.cloudwatch_log_group_retention
+  feature_options_archive_path              = module.packaging.feature_options_archive_path
+  feature_options_archive_hash              = module.packaging.feature_options_archive_hash
 }
 
 module "aft_iam_roles" {

diff --git a/modules/aft-account-provisioning-framework/lambda.tf b/modules/aft-account-provisioning-framework/lambda.tf
@@ -1,19 +1,13 @@
 
 ### VALIDATE REQUEST FUNCTION
 
-data "archive_file" "validate_request" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/aft-account-provisioning-framework-validate-request/"
-  output_path = "${path.module}/validate_request.zip"
-}
-
 resource "aws_lambda_function" "validate_request" {
-  filename         = data.archive_file.validate_request.output_path
+  filename         = var.provisioning_framework_archive_path
   function_name    = "aft-account-provisioning-framework-validate-request"
   description      = "AFT account provisioning framework - validate_request"
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_validate_request.arn
   handler          = "aft_account_provisioning_framework_validate_request.lambda_handler"
-  source_code_hash = data.archive_file.validate_request.output_base64sha256
+  source_code_hash = var.provisioning_framework_archive_hash
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -31,19 +25,14 @@ resource "aws_cloudwatch_log_group" "validate_request" {
 
 ### GET ACCOUNT INFO FUNCTION
 
-data "archive_file" "get_account_info" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/aft-account-provisioning-framework-get-account-info/"
-  output_path = "${path.module}/get_account_info.zip"
-}
 
 resource "aws_lambda_function" "get_account_info" {
-  filename         = data.archive_file.get_account_info.output_path
+  filename         = var.provisioning_framework_archive_path
   function_name    = "aft-account-provisioning-framework-get-account-info"
   description      = "AFT account provisioning framework - get_account_info"
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_get_account_info.arn
   handler          = "aft_account_provisioning_framework_get_account_info.lambda_handler"
-  source_code_hash = data.archive_file.get_account_info.output_base64sha256
+  source_code_hash = var.provisioning_framework_archive_hash
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -61,19 +50,13 @@ resource "aws_cloudwatch_log_group" "get_account_info" {
 
 ###  CREATE ROLE FUNCTION
 
-data "archive_file" "create_role" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/aft-account-provisioning-framework-create-role/"
-  output_path = "${path.module}/create_role.zip"
-}
-
 resource "aws_lambda_function" "create_role" {
-  filename         = data.archive_file.create_role.output_path
+  filename         = var.provisioning_framework_archive_path
   function_name    = "aft-account-provisioning-framework-create-aft-execution-role"
   description      = "AFT account provisioning framework - create_role"
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_create_role.arn
   handler          = "aft_account_provisioning_framework_create_role.lambda_handler"
-  source_code_hash = data.archive_file.create_role.output_base64sha256
+  source_code_hash = var.provisioning_framework_archive_hash
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -92,19 +75,13 @@ resource "aws_cloudwatch_log_group" "create_role" {
 
 ###  TAG ACCOUNT FUNCTION
 
-data "archive_file" "tag_account" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/aft-account-provisioning-framework-tag-account/"
-  output_path = "${path.module}/tag_account.zip"
-}
-
 resource "aws_lambda_function" "tag_account" {
-  filename         = data.archive_file.tag_account.output_path
+  filename         = var.provisioning_framework_archive_path
   function_name    = "aft-account-provisioning-framework-tag-account"
   description      = "AFT account provisioning framework - tag_account"
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_tag_account.arn
   handler          = "aft_account_provisioning_framework_tag_account.lambda_handler"
-  source_code_hash = data.archive_file.tag_account.output_base64sha256
+  source_code_hash = var.provisioning_framework_archive_hash
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -122,19 +99,13 @@ resource "aws_cloudwatch_log_group" "tag_account" {
 
 ###  PERSIST METADATA FUNCTION
 
-data "archive_file" "persist_metadata" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/aft-account-provisioning-framework-persist-metadata/"
-  output_path = "${path.module}/persist_metadata.zip"
-}
-
 resource "aws_lambda_function" "persist_metadata" {
-  filename         = data.archive_file.persist_metadata.output_path
+  filename         = var.provisioning_framework_archive_path
   function_name    = "aft-account-provisioning-framework-persist-metadata"
   description      = "AFT account provisioning framework - persist_metadata"
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_persist_metadata.arn
   handler          = "aft_account_provisioning_framework_persist_metadata.lambda_handler"
-  source_code_hash = data.archive_file.persist_metadata.output_base64sha256
+  source_code_hash = var.provisioning_framework_archive_hash
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]
@@ -152,19 +123,15 @@ resource "aws_cloudwatch_log_group" "persist_metadata" {
 
 ###  Account Metadata SSM Function
 
-data "archive_file" "account_metadata_ssm" {
-  type        = "zip"
-  source_dir  = "${path.module}/lambda/aft-account-provisioning-framework-account-metadata-ssm/"
-  output_path = "${path.module}/account_metadata_ssm.zip"
-}
+
 
 resource "aws_lambda_function" "account_metadata_ssm" {
-  filename         = data.archive_file.account_metadata_ssm.output_path
+  filename         = var.provisioning_framework_archive_path
   function_name    = "aft-account-provisioning-framework-account-metadata-ssm"
   description      = "AFT account provisioning framework - account_metadata_ssm"
   role             = aws_iam_role.aft_lambda_aft_account_provisioning_framework_persist_metadata.arn
   handler          = "aft_account_provisioning_framework_account_metadata_ssm.lambda_handler"
-  source_code_hash = data.archive_file.account_metadata_ssm.output_base64sha256
+  source_code_hash = var.provisioning_framework_archive_hash
   runtime          = "python3.8"
   timeout          = 300
   layers           = [var.aft_common_layer_arn]

diff --git a/...sioning-framework-get-account-info/aft_account_provisioning_framework_get_account_info.py b/...sioning-framework-get-account-info/aft_account_provisioning_framework_get_account_info.py