AWS Codepipeline for VAMS

README.md

@@ -86,7 +86,51 @@ Please take note:
 
 ### Deploy VAMS for the First Time
 
-#### Build & Deploy Steps (Linux/Mac)
+VAMS can be deployed from your local machine directly or by deploying a CI/CD pipeline connected to your VAMS repository and performing continous deployments using the CI/CD pipeline.
+
+#### Deploying using CodePipeline
+
+##### Create a CodeStar Connection
+
+Connections are configurations that you use to connect AWS resources to external code repositories. VAMS solution uses [AWS CodePipeline](https://aws.amazon.com/codepipeline/) to deploy the resources and this connection will provide CodePipeline access to source code as well as trigger the pipeline everytime there is a code change in your repository.
+
+1. Create a fork of this repository in your Github account.
+
+2. Follow the steps provided [here](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create-github.html) to create a connection between the forked repository in your account and your AWS account using CodePipeline console.
+
+3. Once you have successfully created the connection, note down the ARN for the connection. This ARN will be used in later steps.
+
+##### Build and deploy VAMS using CI/CD pipeline
+
+In order to deploy VAMS using CI/CD pipeline, you need to perform a one time deployment of the CodePipeline stack. Consequent updates to VAMS can be pushed to your forked code repository and this will trigger a new build and deployment in CodePipeline automatically.
+
+Follow the below given steps to deploy the CI/CD pipeline -
+
+1. `cd codepipeline` - The stack for deploying CodePipeline is in codepipeline folder.
+
+2. If you haven't already bootstrapped your aws account with CDK. `cdk bootstrap aws://ACCOUNT_ID/REGION` - replace with your account and region.
+
+3. Set the required environment variables. Replace with the region you would like to deploy to and the name you want to associate with the cloudformation stack that the CDK will deploy. Replace the Connection ARN with the ARN from previous step.You may also have to set DOCKER_DEFAULT_PLATFORM environment variable depending on the type of OS you are running this on. Default uses linux/amd64 -
+
+```
+export AWS_REGION=us-east-1
+export STACK_NAME=dev
+export REPO_OWNER=REPO_OWNER
+export CONNECTION_ARN=ARN
+export [email protected]
+export BRANCH=BRANCH_NAME
+```
+
+4. (Optional) Set the optional feature to deploy the Point Cloud(PC) visualizer pipeline with environment variables `export pipelineActivatePCVisualizer=true` - the point cloud(PC) visualizer pipeline stack is for viewing Point Cloud files in the VAMS visualizer preview. You can optionally set this via CDK deploy context parameter. Note: This does deploy additional AWS components such as a VPC and EPV endpoints that may have additional static infrastructure costs.
+
+5. Deploy the stack -
+   `cdk deploy`
+
+6. This will deploy an AWS CodePipeline in your account and the pipeline will deploy AWS CloudFormation stacks to create resources for VAMS in your AWS account. After successful deployment, an account is created in an AWS Cognito User Pool using this email address. Expect an email from [email protected] with a temporary password.
+
+![CI/CD](./diagrams/codepipeline.png)
+
+#### Build and Deploy from local machine
 
 VAMS Codebase is changing frequently and we recommend you checkout the stable released version from github.
 

codepipeline/.gitignore

@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

codepipeline/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

codepipeline/README.md

@@ -0,0 +1,14 @@
+# Welcome to your CDK TypeScript project
+
+This is a blank project for CDK development with TypeScript.
+
+The `cdk.json` file tells the CDK Toolkit how to execute your app.
+
+## Useful commands
+
+-   `npm run build` compile typescript to js
+-   `npm run watch` watch for changes and compile
+-   `npm run test` perform the jest unit tests
+-   `cdk deploy` deploy this stack to your default AWS account/region
+-   `cdk diff` compare deployed stack with current state
+-   `cdk synth` emits the synthesized CloudFormation template

codepipeline/bin/codepipeline.ts

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+
+/*
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import "source-map-support/register";
+import * as cdk from "aws-cdk-lib";
+import { AwsSolutionsChecks } from "cdk-nag";
+import { Aspects } from "aws-cdk-lib";
+import { CodePipelineStack } from "../lib/codepipeline";
+
+const app = new cdk.App();
+const region = process.env.AWS_REGION || "us-east-1";
+
+/** development variables **/
+const enableCdkNag = true;
+
+if (enableCdkNag) {
+    Aspects.of(app).add(new AwsSolutionsChecks({ verbose: true }));
+}
+
+new CodePipelineStack(app, `vams-code-pipeline-${process.env.DEPLOYMENT_ENV || "dev"}`, {
+    stackName: `vams-code-pipeline-${process.env.DEPLOYMENT_ENV || "dev"}`,
+    env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: region },
+});
+
+app.synth();

codepipeline/cdk.json

@@ -0,0 +1,55 @@
+{
+    "app": "npx ts-node --prefer-ts-exts bin/codepipeline.ts",
+    "watch": {
+        "include": ["**"],
+        "exclude": [
+            "README.md",
+            "cdk*.json",
+            "**/*.d.ts",
+            "**/*.js",
+            "tsconfig.json",
+            "package*.json",
+            "yarn.lock",
+            "node_modules",
+            "test"
+        ]
+    },
+    "context": {
+        "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+        "@aws-cdk/core:checkSecretUsage": true,
+        "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
+        "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+        "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+        "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+        "@aws-cdk/aws-iam:minimizePolicies": true,
+        "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+        "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+        "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+        "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+        "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+        "@aws-cdk/core:enablePartitionLiterals": true,
+        "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+        "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+        "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+        "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+        "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+        "@aws-cdk/aws-route53-patters:useCertificate": true,
+        "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+        "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+        "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+        "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+        "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+        "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+        "@aws-cdk/aws-redshift:columnId": true,
+        "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+        "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+        "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+        "@aws-cdk/aws-kms:aliasNameRef": true,
+        "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+        "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+        "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+        "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+        "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+        "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true
+    }
+}

codepipeline/jest.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+    testEnvironment: "node",
+    roots: ["<rootDir>/test"],
+    testMatch: ["**/*.test.ts"],
+    transform: {
+        "^.+\\.tsx?$": "ts-jest",
+    },
+};