Added templates and buildspec files

Author: Prakash Palanisamy

LICENSE.txt

@@ -0,0 +1,45 @@
+Amazon Software License
+
+This Amazon Software License (“License”) governs your use, reproduction, and distribution of the accompanying software as specified below.
+
+1. Definitions
+
+“Licensor” means any person or entity that distributes its Work.
+
+“Software” means the original work of authorship made available under this License.
+
+“Work” means the Software and any additions to or derivative works of the Software that are made available under this License.
+
+The terms “reproduce,” “reproduction,” “derivative works,” and “distribution” have the meaning as provided under U.S. copyright law; provided, however, that for the purposes of this License, derivative works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work.
+
+Works, including the Software, are “made available” under this License by including in or with the Work either (a) a copyright notice referencing the applicability of this License to the Work, or (b) a copy of this License.
+
+2. License Grants
+
+  2.1 Copyright Grant. Subject to the terms and conditions of this License, each Licensor grants to you a perpetual, worldwide, non-exclusive, royalty-free, copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense and distribute its Work and any resulting derivative works in any form.
+
+  2.2 Patent Grant. Subject to the terms and conditions of this License, each Licensor grants to you a perpetual, worldwide, non-exclusive, royalty-free patent license to make, have made, use, sell, offer for sale, import, and otherwise transfer its Work, in whole or in part. The foregoing license applies only to the patent claims licensable by Licensor that would be infringed by Licensor’s Work (or portion thereof) individually and excluding any combinations with any other materials or technology.
+
+3. Limitations
+
+  3.1 Redistribution. You may reproduce or distribute the Work only if (a) you do so under this License, (b) you include a complete copy of this License with your distribution, and (c) you retain without modification any copyright, patent, trademark, or attribution notices that are present in the Work.
+
+  3.2 Derivative Works. You may specify that additional or different terms apply to the use, reproduction, and distribution of your derivative works of the Work (“Your Terms”) only if (a) Your Terms provide that the use limitation in Section 3.3 applies to your derivative works, and (b) you identify the specific derivative works that are subject to Your Terms. Notwithstanding Your Terms, this License (including the redistribution requirements in Section 3.1) will continue to apply to the Work itself.
+
+  3.3 Use Limitation. The Work and any derivative works thereof only may be used or intended for use with the web services, computing platforms or applications provided by Amazon.com, Inc. or its affiliates, including Amazon Web Services, Inc.
+
+  3.4 Patent Claims. If you bring or threaten to bring a patent claim against any Licensor (including any claim, cross-claim or counterclaim in a lawsuit) to enforce any patents that you allege are infringed by any Work, then your rights under this License from such Licensor (including the grants in Sections 2.1 and 2.2) will terminate immediately.
+
+  3.5 Trademarks. This License does not grant any rights to use any Licensor’s or its affiliates’ names, logos, or trademarks, except as necessary to reproduce the notices described in this License.
+
+  3.6 Termination. If you violate any term of this License, then your rights under this License (including the grants in Sections 2.1 and 2.2) will terminate immediately.
+
+4. Disclaimer of Warranty.
+
+THE WORK IS PROVIDED “AS IS” WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OR CONDITIONS OF M ERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT. YOU BEAR THE RISK OF UNDERTAKING ANY ACTIVITIES UNDER THIS LICENSE. SOME STATES’ CONSUMER LAWS DO NOT ALLOW EXCLUSION OF AN IMPLIED WARRANTY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU.
+
+5. Limitation of Liability.
+
+EXCEPT AS PROHIBITED BY APPLICABLE LAW, IN NO EVENT AND UNDER NO LEGAL THEORY, WHETHER IN TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE SHALL ANY LICENSOR BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATED TO THIS LICENSE, THE USE OR INABILITY TO USE THE WORK (INCLUDING BUT NOT LIMITED TO LOSS OF GOODWILL, BUSINESS INTERRUPTION, LOST PROFITS OR DATA, COMPUTER FAILURE OR MALFUNCTION, OR ANY OTHER COMM ERCIAL DAMAGES OR LOSSES), EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+Effective Date – April 18, 2008 © 2008 Amazon.com, Inc. or its affiliates. All rights reserved.

NOTICE.txt

@@ -0,0 +1,7 @@
+Copyright 2016-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
+
+http://aws.amazon.com/asl/
+
+or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and limitations under the License.

README.md

@@ -1,2 +1,62 @@
-# codepipeline-nested-cfn
-CloudFormation templates, CodeBuild build specification & Python scripts to perform unit tests of a nested CloudFormation template.
+# CodePipeline-Nested-CFN
+
+This repo contains the CloudFormtaion template which will create a CodePipeline containing multiple stages starting from CodeCommit as source stage, followed by build using CodeBuild, launch test stack, test using CodeBuild, proceed with UAT deployment and wait for manual approval. Once approved it proceed to production stage where it creates a CloudFormation ChangeSet for production stack and wait for approval, once approved it will execute the ChangeSet in production stack.
+
+![CodePipeline Design](images/Pipeline_Design.png)
+
+Let's start by creating the repositories and enabling Continuous Delivery pipeline for nested CFN.
+
+## Step 1:
+
+### Create base VPC Stack
+In the [cfn-nested-repo](cfn-nested-repo/) directory there are multiple YAML (*CloudFormation Templates*) & JSON (*CloudFormation Configuration*) files.
+
+**[vpc-stack.yml](cfn-nested-repo/vpc-stack.yml):** is the CloudFormation template to create the base VPC, Subnets, NAT Gateways, etc which will be used.
+**[vpc-params.json](cfn-nested-repo/vpc-params.json):** is the parameters file which contains the parameter values for the CFN template. Update the *ProdApprovalEmail & UATApprovalEmail* values to provide the appropriate email address.
+
+Go to `cfn-nested-repo` directory and execute the following AWS CLI command to create CloudFormation stack.
+
+```bash
+cd cfn-nested-repo
+aws cloudformation create-stack --stack-name NestedCFN-BaseStack --template-body file://vpc-stack.yml --parameters file://vpc-params.json
+```
+
+## Step 2:
+
+### Update CloudFormation parameters configuration files
+In the [cfn-nested-repo](cfn-nested-repo/) directory there are following 3 JSON (*CloudFormation Configuration*) files.
+
+**[config-test.json](cfn-nested-repo/config-test.json):** - CloudFormation parameter configuration file for test stack
+**[config-uat.json](cfn-nested-repo/config-uat.json):** - CloudFormation parameter configuration file for UAT stack
+**[config-prod.json](cfn-nested-repo/config-prod.json):** - CloudFormation parameter configuration file for Prod stack
+
+Update these 3 configuration files with appropriate values for *VPCID, PrivateSubnet1, PrivateSubnet2, PublicSubnet1, PublicSubnet2, S3BucketName & DBSubnetGroup* based on the values in the output section of the base VPC stack created in Step 1. Update *KeyPair* value with an existing key pair or create a new key pair and use it.
+
+## Step 3:
+
+### Creating CodeCommit repositories
+Create two CodeCommit repositories as mentioned below.
+
+```bash
+aws codecommit create-repository --repository-name cfn-nested-repo --repository-description "Repository for CloudFormation templates"
+
+aws codecommit create-repository --repository-name validate-resources --repository-description "Repository for unit testing CloudFormation resources"
+```
+
+Once the repositories are create, clone those repositories and upload the content of directories `cfn-nested-repo` & `validate-resources` in their corresponding repositories.
+
+## Step 4:
+
+### Creating CodePipeline using CloudFormation
+
+Update the **[codepipeline-cfn-codebuild.json](codepipeline-cfn-codebuild.json)** file with the appropriate values for *ArtifactStoreS3Location, UATTopic & ProdTopic* based on the values from output section of main stack created in Step 1 and update the values for *CFNTemplateRepoName & ValidateResourcesRepoName* with appropriate values based on the repositories created in Step 3.
+
+Once the configuration file has been updated, execute the following command to create the CloudFormation stack which will create the required CodePipeline.
+
+```bash
+aws cloudformation create-stack --stack-name NestedCFN-CodePipeline --template-body file://codepipeline-cfn-codebuild.yml --parameters file://codepipeline-cfn-codebuild.json --capabilities CAPABILITY_NAMED_IAM
+```
+
+Once the CloudFormation successfully creates the stack, it would have created a CodePipeline with similar stages as shown below.
+
+![CodePipeline Stages](images/Pipeline_Flow.png)

cfn-nested-repo/buildspec.yml

@@ -0,0 +1,62 @@
+version: 0.1
+
+environment_variables:
+  plaintext:
+    CHILD_TEMPLATES: |
+      security-stack.yml
+      server-stack.yml
+      database-stack.yml
+    TEMPLATE_FILES: |
+      master-stack.yml
+      security-stack.yml
+      server-stack.yml
+      database-stack.yml
+    CONFIG_FILES: |
+      config-prod.json
+      config-test.json
+      config-uat.json
+
+phases:
+  install:
+    commands:
+      npm install jsonlint -g
+  pre_build:
+    commands:
+      - echo "Validating CFN templates"
+      - |
+        for cfn_template in $TEMPLATE_FILES; do
+          echo "Validating CloudFormation template file $cfn_template"
+          aws cloudformation validate-template --template-body file://$cfn_template
+        done
+      - |
+        for conf in $CONFIG_FILES; do
+          echo "Validating CFN parameters config file $conf"
+          jsonlint -q $conf
+        done
+  build:
+    commands:
+      - echo "Copying child stack templates to S3"
+      - |
+        for child_template in $CHILD_TEMPLATES; do
+          if [ "X$TEMPLATE_PREFIX" = "X" ]; then
+            aws s3 cp "$child_template" "s3://$TEMPLATE_BUCKET/$child_template"
+          else
+            aws s3 cp "$child_template" "s3://$TEMPLATE_BUCKET/$TEMPLATE_PREFIX/$child_template"
+          fi
+        done
+      - echo "Updating template configurtion files to use the appropriate values"
+      - |
+        for conf in $CONFIG_FILES; do
+          if [ "X$TEMPLATE_PREFIX" = "X" ]; then
+            echo "Replacing \"TEMPLATE_PATH_PLACEHOLDER\" for \"$TEMPLATE_BUCKET\" in $conf"
+            sed -i -e "s/TEMPLATE_PATH_PLACEHOLDER/$TEMPLATE_BUCKET/" $conf
+          else
+            echo "Replacing \"TEMPLATE_PATH_PLACEHOLDER\" for \"$TEMPLATE_BUCKET/$TEMPLATE_PREFIX\" in $conf"
+            sed -i -e "s/TEMPLATE_PATH_PLACEHOLDER/$TEMPLATE_BUCKET\/$TEMPLATE_PREFIX/" $conf
+          fi
+        done
+
+artifacts:
+  files:
+    - master-stack.yml
+    - config-*.json

cfn-nested-repo/config-prod.json

@@ -0,0 +1,21 @@
+{
+  "Parameters" : {
+    "TemplatePath": "TEMPLATE_PATH_PLACEHOLDER",
+    "VPCID": "vpc-a9b8c7d0",
+    "PrivateSubnet1": "subnet-abcd2226",
+    "PrivateSubnet2": "subnet-dcba2226",
+    "PublicSubnet1": "subnet-abcd1bbb",
+    "PublicSubnet2": "subnet-9069abcd",
+    "S3BucketName": "com-amazon-demo-codepipeline-blog",
+    "KeyPair": "codepipeline-demo",
+    "AMIId": "ami-e5083683",
+    "WebInstanceType": "t2.large",
+    "WebMinSize": "1",
+    "WebMaxSize": "2",
+    "DBSubnetGroup": "basevpcstack-rdssubnetgroup-abcdf03cxyz5m",
+    "DBUsername": "dbadmin",
+    "DBPassword": "dbpAssw0rd",
+    "DBInstanceType": "db.t2.small",
+    "Environment": "prod"
+  }
+}

cfn-nested-repo/config-test.json

@@ -0,0 +1,21 @@
+{
+  "Parameters" : {
+    "TemplatePath": "TEMPLATE_PATH_PLACEHOLDER",
+    "VPCID": "vpc-a9b8c7d0",
+    "PrivateSubnet1": "subnet-abcd2226",
+    "PrivateSubnet2": "subnet-dcba2226",
+    "PublicSubnet1": "subnet-abcd1bbb",
+    "PublicSubnet2": "subnet-9069abcd",
+    "S3BucketName": "com-amazon-demo-codepipeline-blog",
+    "KeyPair": "codepipeline-demo",
+    "AMIId": "ami-e5083683",
+    "WebInstanceType": "t2.large",
+    "WebMinSize": "1",
+    "WebMaxSize": "1",
+    "DBSubnetGroup": "basevpcstack-rdssubnetgroup-abcdf03cxyz5m",
+    "DBUsername": "dbadmin",
+    "DBPassword": "dbpAssw0rd",
+    "DBInstanceType": "db.t2.small",
+    "Environment": "test"
+  }
+}

cfn-nested-repo/config-uat.json

@@ -0,0 +1,21 @@
+{
+  "Parameters" : {
+    "TemplatePath": "TEMPLATE_PATH_PLACEHOLDER",
+    "VPCID": "vpc-a9b8c7d0",
+    "PrivateSubnet1": "subnet-abcd2226",
+    "PrivateSubnet2": "subnet-dcba2226",
+    "PublicSubnet1": "subnet-abcd1bbb",
+    "PublicSubnet2": "subnet-9069abcd",
+    "S3BucketName": "com-amazon-demo-codepipeline-blog",
+    "KeyPair": "codepipeline-demo",
+    "AMIId": "ami-e5083683",
+    "WebInstanceType": "t2.large",
+    "WebMinSize": "1",
+    "WebMaxSize": "1",
+    "DBSubnetGroup": "basevpcstack-rdssubnetgroup-abcdf03cxyz5m",
+    "DBUsername": "dbadmin",
+    "DBPassword": "dbpAssw0rd",
+    "DBInstanceType": "db.t2.small",
+    "Environment": "uat"
+  }
+}

cfn-nested-repo/database-stack.yml

@@ -0,0 +1,72 @@
+Description: Create database server
+
+Parameters:
+  DBSubnetGroup:
+    Type: String
+    Description: Enter a valid DB Subnet Group
+  DBUsername:
+    Type: String
+    Description: Enter a valid Database master username
+    MinLength: 1
+    MaxLength: 16
+    AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
+  DBPassword:
+    Type: String
+    Description: Enter a valid Database master password
+    NoEcho: true
+    MinLength: 1
+    MaxLength: 41
+    AllowedPattern: "[a-zA-Z0-9]*"
+  DBServerSecurityGroup:
+    Type: "AWS::EC2::SecurityGroup::Id"
+    Description: Enter a valid security group ID for database
+  DBInstanceType:
+    Type: String
+    Description: Enter one of the possible instance type for database
+    AllowedValues:
+      - db.t2.micro
+      - db.t2.small
+      - db.t2.medium
+      - db.t2.large
+  Environment:
+    Type: String
+    Description: Select the appropriate environment
+    AllowedValues:
+      - dev
+      - test
+      - uat
+      - prod
+
+Resources:
+  DBServer:
+    Type: "AWS::RDS::DBInstance"
+    Properties:
+      AllocatedStorage: 50
+      AllowMajorVersionUpgrade: true
+      AutoMinorVersionUpgrade: true
+      BackupRetentionPeriod: 0
+      DBInstanceClass:
+        Ref: DBInstanceType
+      DBSubnetGroupName:
+        Ref: DBSubnetGroup
+      Engine: mysql
+      EngineVersion: 5.7.11
+      MasterUsername:
+        Ref: DBUsername
+      MasterUserPassword:
+        Ref: DBPassword
+      MultiAZ: false
+      PubliclyAccessible: false
+      StorageType: gp2
+      VPCSecurityGroups:
+        - Ref: DBServerSecurityGroup
+      Tags:
+        - Key: Name
+          Value:
+            Fn::Sub: DBServer-${Environment}
+
+Outputs:
+  DBEndpoint:
+      Description: "URL endpoint of database"
+      Value:
+        Fn::GetAtt: [ DBServer, Endpoint.Address ]