Indy. Refactoring

aws-samples · Apr 17, 2024 · 5d48882 · 5d48882
1 parent 16acd04
commit 5d48882
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 48 deletions.
diff --git a/lib/indy/README.md b/lib/indy/README.md
@@ -1,5 +1,9 @@
 # Sample AWS Blockchain Node Runner app for Hyperledger Indy
 
+| Contributed by |
+|:--------------------:|
+| [@fsatsuki](https://github.com/fsatsuki) |
+
 [View this page in Japanese (日本語)](./README_ja.md)
 
 ## Architecture Overview
@@ -49,7 +53,7 @@ npx cdk bootstrap
 3. Deploying resources with CDK
 
 ```bash
-npx cdk deploy
+npx cdk deploy --json --outputs-file indy-test-deploy.json
 
 Outputs:
 IndyNetworkStack.AnsibleFileTransferBucketName = 111122223333-ansible-file-transfer-bucket
@@ -75,24 +79,15 @@ When running on a Mac, set the following environment variables.
 
 - Create a Python virtual environment and install ansible
  ```
- $cd ansible
- $ Python3 -m venv.venv
- $source.venv/bin/activate
+ $ cd ansible
+ $ python3 -m venv venv
+ $ source ./venv/bin/activate
  ```
 
  ```
  $ pip install -r requirements.txt
  ```
 
-##### Ansible and Session Manager
-
-- In order to achieve SSH access to the EC2 instance using Session Manager, refer to [Install the Session Manager plugin for the AWS CLI](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html)  and install the Session Manager Plugin. By using the Session Manager, deployment by Ansible to an EC2 instance of a private subnet that cannot be accessed from the internet is possible without setting a security group.
-
-- Installs a ansible plug-in for SSH access to EC2 using the AWS Systems Manager Session Manager.
- ```
- $ ansible-galaxy collection install community.aws
- ```
-
 ##### Describe instance information to be built in inventory.yml
 
 - Create an indentory file containing information on the EC2 instance that will build the environment. Enter the instance ID described in the CDK output results in the settings column for each node. The value of `indyNetworkStack.ansibleFileTransferBucketName` described in CDK output results is inputted to `ansible_aws_ssm_bucket_name`. When Ansible transfers files to the target host, the Amazon Simple Storage Service (Amazon S3) bucket specified here is used.
@@ -136,7 +131,7 @@ Define the parameters referred to by Ansible in the configuration file. Set Indy
 
 ```
 $ vi inventory/group_vars/all.yml
-INDY_NETEORK_NAME: sample-network
+INDY_NETWORK_NAME: sample-network
 ```
 
 ##### Execute environment construction with Ansible

diff --git a/lib/indy/ansible/inventory/group_vars/all.yml b/lib/indy/ansible/inventory/group_vars/all.yml
@@ -1 +1 @@
-INDY_NETEORK_NAME: sample-network
+INDY_NETWORK_NAME: sample-network
diff --git a/lib/indy/ansible/inventory/inventory.yml b/lib/indy/ansible/inventory/inventory.yml
diff --git a/lib/indy/ansible/inventory/inventory.yml.template b/lib/indy/ansible/inventory/inventory.yml.template
@@ -0,0 +1,33 @@
+all:
+  hosts:
+    steward1:
+      ansible_aws_ssm_instance_id: _steward1steward1InstanceId_
+    steward2:
+      ansible_aws_ssm_instance_id: _steward2steward1InstanceId_
+    steward3:
+      ansible_aws_ssm_instance_id: _steward3steward1InstanceId_
+    steward4:
+      ansible_aws_ssm_instance_id: _steward1steward4InstanceId_
+    trustee1:
+      ansible_aws_ssm_instance_id: _trustee1trustee1InstanceId_
+    trustee2:
+      ansible_aws_ssm_instance_id: _trustee2trustee2InstanceId_
+    trustee3:
+      ansible_aws_ssm_instance_id: _trustee1trustee1InstanceId_
+  children:
+    steward:
+      hosts:
+        steward[1:4]:
+    trustee:
+      hosts:
+        trustee[1:3]:
+    indy:
+      children:
+        steward:
+        trustee:
+
+  vars:
+    ansible_connection: aws_ssm
+    ansible_aws_ssm_region: _aws_region_
+    ansible_aws_ssm_s3_addressing_style: virtual
+    ansible_aws_ssm_bucket_name: _ansible-file-transfer-bucket_
diff --git a/lib/indy/app.ts b/lib/indy/app.ts
@@ -1,7 +1,17 @@
 #!/usr/bin/env node
 import "source-map-support/register";
 import * as cdk from "aws-cdk-lib";
+import * as nag from "cdk-nag";
 import { IndyNodeStack } from "./lib/indy-node-stack";
 
 const app = new cdk.App();
 new IndyNodeStack(app, "IndyNodeStack", {});
+
+// Security Check
+cdk.Aspects.of(app).add(
+    new nag.AwsSolutionsChecks({
+        verbose: false,
+        reports: true,
+        logIgnores: false,
+    })
+);
diff --git a/lib/indy/lib/indy-node-stack.ts b/lib/indy/lib/indy-node-stack.ts
@@ -61,5 +61,10 @@ export class IndyNodeStack extends cdk.Stack {
             value: ansibleBucket.bucketName,
             exportName: "AnsibleFileTransferBucketName",
         });
+
+        new cdk.CfnOutput(this, "DeploymentRegion", {
+            value: cdk.Stack.of(this).region,
+            exportName: "DeploymentRegion",
+        });
     }
 }