Quick commit. Went back and forth on the generic IAM style. Wound up …

…keeping the generic tag types from AWS Tagging Strategies.
AndGasper · Mar 9, 2019 · 9875587 · 9875587
1 parent 0b28078
commit 9875587
Show file tree

Hide file tree

Showing 15 changed files with 1,167 additions and 42 deletions.
diff --git a/aws/cdk.context.json b/aws/cdk.context.json
@@ -0,0 +1,7 @@
+{
+  "ssm:account=985713782822:parameterName=CertificateArn-www.wakemygameup.com:region=us-east-1": "arn:aws:acm:us-east-1:985713782822:certificate/092c0295-caf5-4944-80b2-3263b6b63392",
+  "hosted-zone:account=985713782822:domainName=wakemygameup.com:region=us-east-1": {
+    "Id": "/hostedzone/Z2LN05VHV1XSN1",
+    "Name": "wakemygameup.com."
+  }
+}
diff --git a/aws/cdk.json b/aws/cdk.json
@@ -6,5 +6,6 @@
             "websitePrefix": "www",
             "apiPrefix": "api"
         }
-    }
+    },
+    "outdir": "./template-output"
 }
diff --git a/aws/package-lock.json b/aws/package-lock.json
diff --git a/aws/package.json b/aws/package.json
@@ -19,8 +19,10 @@
     "@types/node": "^11.9.5"
   },
   "dependencies": {
+    "@aws-cdk/assets": "^0.25.2",
     "@aws-cdk/aws-apigateway": "^0.25.0",
     "@aws-cdk/aws-cloudfront": "^0.25.0",
+    "@aws-cdk/aws-codepipeline": "^0.25.2",
     "@aws-cdk/aws-lambda": "^0.25.0",
     "@aws-cdk/aws-s3": "^0.25.0",
     "@aws-cdk/cdk": "^0.25.0",

diff --git a/aws/src/index.ts b/aws/src/index.ts
@@ -3,24 +3,67 @@ import { Stack, App, StackProps } from '@aws-cdk/cdk';
 import { StaticSite } from './stacks/constructs/static-site';
 import { NamedApi } from './stacks/constructs/api';
 
-class VariableSite extends Stack {
+
+type DeploymentEnvironment = {
+    name: string;
+    region: string[];
+}
+
+type DeploymentEnvironments = DeploymentEnvironment[];
+
+function getEnvironments(): DeploymentEnvironments {
+    const devCdkEnvironment: DeploymentEnvironment = {
+        name: 'dev',
+        region: ['us-west-2', 'us-east-1']
+    };
+    const stagingCdkEnvironment: DeploymentEnvironment ={
+        name: 'staging',
+        region: ['us-west-2', 'us-east-1']
+    };
+    const prodCdkEnvironment: DeploymentEnvironment ={
+        name: 'prod',
+        region: ['us-west-2', 'us-east-1']
+    };
+    const deploymentEnvironments: DeploymentEnvironments = [devCdkEnvironment, stagingCdkEnvironment, prodCdkEnvironment];
+    return deploymentEnvironments
+}
+
+// function createStack(deploymentEnvironments): Stack[] {
+//     const stacks = deploymentEnvironments.map(deploymentEnvironment => 
+//         new StackName(this, )
+//     )
+    // new NamedApi(this, 'NamedApi', {
+    //     domainName: this.node.getContext('domain'),
+    //     apiPrefix: this.node.getContext('subdomain').apiPrefix
+    // });
+// }
+
+class Api extends Stack {
     constructor(parent: App, name: string, props: StackProps) {
         super(parent, name, props);
+        new NamedApi(this, 'NamedApi', {
+            domainName: this.node.getContext('domain'),
+            apiPrefix: this.node.getContext('subdomain').apiPrefix
+        });
+    }
+}
+
+
 
+class Site extends Stack {
+    constructor(parent: App, name: string, props: StackProps) {
+        super(parent, name, props); 
         // Associate S3 with the domain name
         new StaticSite(this, 'StaticSite', {
             domainName: this.node.getContext('domain'),
             siteSubDomain: this.node.getContext('subdomain').websitePrefix,
         });
-        new NamedApi(this, 'NamedApi', {
-            domainName: this.node.getContext('domain'),
-            apiPrefix: this.node.getContext('subdomain').apiPrefix
-        });
     }
 }
 
 const app = new App();
 
-new VariableSite(app, 'VariableSiteMk1', { env: { region: 'us-east-1' } });
+new Site(app, 'VariableSiteMk1', { env: { region: 'us-east-1' } });
+new Api(app, 'VariableApiMk1', { env: { region: 'us-east-1' } });
 
 app.run();
diff --git a/aws/src/stacks/constructs/api/index.ts b/aws/src/stacks/constructs/api/index.ts
@@ -14,14 +14,14 @@ export class NamedApi extends cdk.Construct {
     constructor(parent: cdk.Construct, name: string, props: NamedApiProps) {
         super(parent, name);
 
-        // START LAM`BDA LOGIC
+        // START LAMBDA LOGIC
         // Create S3 bucket for the lambda code
         const bucket = new s3.Bucket(this, 'WidgetStore');
         // Why do I have the feeling I'm about to bump into that
         // got eeem of the max limit that you can inline for a lambda function
         const handlerConfig = {
             runtime: lambda.Runtime.NodeJS810,
-            code: lambda.Code.directory('resources/widget.js'),
+            code: lambda.Code.directory('src/resources'),
             handler: 'widgets.main',
             environment: {
                 BUCKET: bucket.bucketName

diff --git a/aws/src/stacks/constructs/cdk/index.ts b/aws/src/stacks/constructs/cdk/index.ts
@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+import { Construct, Output, TagManager, Tag } from '@aws-cdk/cdk';
+import { Bucket, BlockPublicAccess, BucketEncryption } from '@aws-cdk/aws-s3';
+
+
+export class TaggedStack extends Stack {
+    constructor(parent: Construct, name: string, props: TaggedStackProps) {
+        super(parent, name);
+
+    }
+}
+
+export default function({ key, stack }) {
+    return
+}
+
+
+class CdkEnvironmentBucket extends Construct {
+    constructor(parent: Construct, name: string, props: CdkEnvironmentBucketProps) {
+        super(parent, name);
+        const cdkBucketAccessControl = new BlockPublicAccess({
+            blockPublicAcls: true,
+            blockPublicPolicy: true,
+            ignorePublicAcls: true,
+            restrictPublicBuckets: true,
+        });
+        const cdkBucket = new Bucket(this, 'cdkBootstrappedEnvironment', {
+            encryption: BucketEncryption.Kms,
+            blockPublicAccess: cdkBucketAccessControl
+        });
+
+        new Output(this, 'CdkEnvironmentBucket', {
+            value: cdkBucket.bucketArn
+        });
+        // export the resource to tag it
+        const cdkBucketExport = cdkBucket.export();
+
+    }
+}
+
+// const withTagging = injectTagging({ key: })
diff --git a/aws/src/stacks/constructs/iam/cloudformation-policies.ts b/aws/src/stacks/constructs/iam/cloudformation-policies.ts
@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+import { Construct } from '@aws-cdk/cdk';
+import { PolicyStatement } from '@aws-cdk/aws-iam';
+import { IBucket } from '@aws-cdk/aws-s3';
+
+export interface CloudformationRoleProps {
+    templateBucket: IBucket
+}
+export class CloudformationRole extends Construct {
+    constructor(parent: Construct, name: string, props: CloudformationRoleProps) {
+        super(parent, name);
+        const s3Policy = this.createS3BucketPolicy();
+
+    }
+    /**
+     * @name - createS3PolicyStatement
+     * @description - Do not want an open "new PolicyStatement", so hide it in a private method
+     */
+    protected createS3BucketPolicy(): PolicyStatement {
+        const s3Policy = new PolicyStatement();
+        const s3Actions = ["s3:PutObject", "s3:ListBucket", "s3:GetObject", "s3:CreateBucket"];
+        s3Actions.map(s3Action => {
+            s3Policy.addAction(s3Action);
+        });
+
+        console.log(`s3Policy: ${s3Policy}`);
+        return s3Policy;
+    }
+}
diff --git a/aws/src/stacks/constructs/iam/static-site-creation.ts b/aws/src/stacks/constructs/iam/static-site-creation.ts
diff --git a/aws/src/stacks/constructs/logging/format.ts b/aws/src/stacks/constructs/logging/format.ts
@@ -0,0 +1,10 @@
+// static analysis
+    // ?
+// checksums and proofs
+    // checksum -> 
+    // proofs -> 
+// durability checks
+    // durability auditor
+        // microservice for checking integrity  
+// operational safeguards
+    // 
diff --git a/aws/src/stacks/constructs/logging/index.ts b/aws/src/stacks/constructs/logging/index.ts
diff --git a/aws/src/stacks/constructs/logging/tagging.ts b/aws/src/stacks/constructs/logging/tagging.ts
@@ -0,0 +1,96 @@
+#!/usr/bin/env node
+
+// this should be an enum
+// but I'm not quite sure how 
+// to get enums to work correctly
+type ApplicationRole = {
+   apiLayer: "api-layer",
+   dataLayer: {
+       metaData: {
+           buildArtifacts: "build-artifact",
+           logging: "logging",
+       },
+       data: "primary"
+   }
+};
+// stub
+type ArnIdentifier = {
+    id: string
+};
+enum EnvironmentSetting {
+    production = "PROD",
+    staging = "STAGING",
+    development = "DEV",
+};
+
+type Version = {
+    major: number,
+    minor: number,
+    patch: number
+};
+
+type ResourceIdentifier = {
+    id: string
+};
+
+export interface TechnicalTag {
+    name: string,
+    applicationId: string,
+    applicationRole: ApplicationRole,
+    cluster: ResourceIdentifier,
+    environment: EnvironmentSetting,
+    version: Version
+};
+
+// time is relative...
+
+export interface AutomationTag {
+    resourceLifecycle: {
+        start: string[],
+        stop: string[],
+        delete: string[],
+        rotate: string[],
+    },
+    managedServices: string[],
+    security: string[],
+};
+
+
+export interface BusinessTag {
+    owner: ArnIdentifier,
+    businessUnit: string[],
+    customers: string[],
+    project: string[]
+};
+
+type ConfidentialityLevel = {
+    GDPRCompliant: boolean
+};
+
+type Field = {
+    name: string
+};
+// regulations have:
+    // names
+    // scope of affected data
+// PCI? GDPR?
+type Regulation = {
+    name: string,
+    fields: Field[];
+};
+export interface SecurityTagProps {
+    confidentiality: ConfidentialityLevel
+    compliance: Regulation[],
+};
+
+export class SecurityTag {
+    constructor(props: SecurityTagProps) {
+        const { confidentiality, compliance } = props;
+        const securityTag = new SecurityTag({
+            confidentiality,
+            compliance
+        });
+        console.log(`securityTag: ${securityTag}`);
+    }
+}
+