New Lambda layer for CloudFormation utility classes used by SNS stack

notification subscribers

Author: brtrvn

functions/core-stack-listener/pom.xml

@@ -97,6 +97,13 @@ limitations under the License.
             <!-- Don't bundle our layer so we get the shared one at runtime -->
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>com.amazon.aws.partners.saasfactory.saasboost</groupId>
+            <artifactId>CloudFormationUtils</artifactId>
+            <version>1.0.0</version>
+            <!-- Don't bundle our layer so we get the shared one at runtime -->
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>cloudformation</artifactId>

functions/core-stack-listener/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/CoreStackListener.java

@@ -24,14 +24,9 @@
 import software.amazon.awssdk.core.exception.SdkServiceException;
 import software.amazon.awssdk.services.cloudformation.CloudFormationClient;
 import software.amazon.awssdk.services.cloudformation.model.*;
-import software.amazon.awssdk.services.cloudformation.model.Stack;
 import software.amazon.awssdk.services.eventbridge.EventBridgeClient;
-import software.amazon.awssdk.services.eventbridge.model.PutEventsRequestEntry;
-import software.amazon.awssdk.services.eventbridge.model.PutEventsResponse;
-import software.amazon.awssdk.services.eventbridge.model.PutEventsResultEntry;
 
 import java.util.*;
-import java.util.regex.Matcher;
 
 public class CoreStackListener implements RequestHandler<SNSEvent, Object> {
 
@@ -41,6 +36,8 @@ public class CoreStackListener implements RequestHandler<SNSEvent, Object> {
     private static final String SAAS_BOOST_EVENT_BUS = System.getenv("SAAS_BOOST_EVENT_BUS");
     private static final String SYSTEM_API_CALL = "System API Call";
     private static final String EVENT_SOURCE = "saas-boost";
+    private static final Collection<String> EVENTS_OF_INTEREST = Collections.unmodifiableCollection(
+            Arrays.asList("CREATE_COMPLETE", "UPDATE_COMPLETE"));
     private final CloudFormationClient cfn;
     private final EventBridgeClient eventBridge;
 
@@ -67,39 +64,35 @@ public Object handleRequest(SNSEvent event, Context context) {
 
         CloudFormationEvent cloudFormationEvent = CloudFormationEventDeserializer.deserialize(message);
 
-        String type = cloudFormationEvent.getResourceType();
-        String stackId = cloudFormationEvent.getStackId();
-        String stackName = cloudFormationEvent.getStackName();
-        String stackStatus = cloudFormationEvent.getResourceStatus();
-
         // CloudFormation sends SNS notifications for every resource in a stack going through each status change.
-        // We're only interested in the stack complete event.
-        List<String> eventsOfInterest = Arrays.asList("CREATE_COMPLETE", "UPDATE_COMPLETE");
-        if ("AWS::CloudFormation::Stack".equals(type) && stackName.startsWith("sb-" + SAAS_BOOST_ENV + "-core-")
-                && eventsOfInterest.contains(stackStatus)) {
-            LOGGER.info(Utils.toJson(event));
+        // We want to process the resources of the saas-boost-core.yaml CloudFormation stack only after the stack
+        // has finished being created or updated so we don't trigger anything downstream prematurely.
+        if (filter(cloudFormationEvent)) {
+            String stackName = cloudFormationEvent.getStackName();
+            String stackStatus = cloudFormationEvent.getResourceStatus();
             LOGGER.info("Stack " + stackName + " is in status " + stackStatus);
-            final String stackIdName = stackId;
             try {
-                ListStackResourcesResponse resources = cfn.listStackResources(req -> req.stackName(stackIdName));
+                ListStackResourcesResponse resources = cfn.listStackResources(req -> req
+                        .stackName(cloudFormationEvent.getStackId())
+                );
+                // We're looking for ECR repository resources in a CREATE_COMPLETE state. There could be multiple
+                // ECR repos provisioned depending on how the application services are configured.
                 for (StackResourceSummary resource : resources.stackResourceSummaries()) {
-                    String resourceType = resource.resourceType();
-                    String ecrRepo = resource.physicalResourceId();
-                    String resourceStatus = resource.resourceStatusAsString();
-                    String serviceName = resource.logicalResourceId();
-                    LOGGER.info("Processing resource {} {} {} {}", resourceType, resourceStatus, serviceName,
-                            ecrRepo);
-                    if ("CREATE_COMPLETE".equals(resourceStatus)) {
-                        if ("AWS::ECR::Repository".equals(resourceType)) {
+//                    LOGGER.debug("Processing resource {} {} {} {}", resource.resourceType(),
+//                            resource.resourceStatusAsString(), resource.logicalResourceId(),
+//                            resource.physicalResourceId());
+                    if ("CREATE_COMPLETE".equals(resource.resourceStatusAsString())) {
+                        if ("AWS::ECR::Repository".equals(resource.resourceType())) {
+                            String ecrRepo = resource.physicalResourceId();
+                            String serviceName = resource.logicalResourceId();
                             LOGGER.info("Publishing appConfig update event for ECR repository {} {}", serviceName,
                                     ecrRepo);
-                            // Logical ID is the service name
-                            // Physical ID is the repo name
                             Map<String, Object> systemApiRequest = new HashMap<>();
                             systemApiRequest.put("resource", "settings/config/" + serviceName + "/ECR_REPO");
                             systemApiRequest.put("method", "PUT");
                             systemApiRequest.put("body", Utils.toJson(Map.of("value", ecrRepo)));
-                            publishEvent(systemApiRequest, SYSTEM_API_CALL);
+                            Utils.publishEvent(eventBridge, SAAS_BOOST_EVENT_BUS, EVENT_SOURCE, SYSTEM_API_CALL,
+                                    systemApiRequest);
                         }
                     }
                 }
@@ -108,38 +101,14 @@ public Object handleRequest(SNSEvent event, Context context) {
                 LOGGER.error(Utils.getFullStackTrace(cfnError));
                 throw cfnError;
             }
-        } else {
-            //LOGGER.info("Skipping CloudFormation notification {} {} {} {}", stackId, type, stackName, stackStatus);
         }
         return null;
     }
 
-    protected boolean snsMessageFilter(String message) {
-        return true;
+    protected static boolean filter(CloudFormationEvent cloudFormationEvent) {
+        return ("AWS::CloudFormation::Stack".equals(cloudFormationEvent.getResourceType())
+                && cloudFormationEvent.getStackName().startsWith("sb-" + SAAS_BOOST_ENV + "-core-")
+                && EVENTS_OF_INTEREST.contains(cloudFormationEvent.getResourceStatus()));
     }
 
-    protected void publishEvent(Map<String, Object> eventBridgeDetail, String detailType) {
-        try {
-            PutEventsRequestEntry systemEvent = PutEventsRequestEntry.builder()
-                    .eventBusName(SAAS_BOOST_EVENT_BUS)
-                    .detailType(detailType)
-                    .source(EVENT_SOURCE)
-                    .detail(Utils.toJson(eventBridgeDetail))
-                    .build();
-            PutEventsResponse eventBridgeResponse = eventBridge.putEvents(r -> r
-                    .entries(systemEvent)
-            );
-            for (PutEventsResultEntry entry : eventBridgeResponse.entries()) {
-                if (entry.eventId() != null && !entry.eventId().isEmpty()) {
-                    LOGGER.info("Put event success {} {}", entry.toString(), systemEvent.toString());
-                } else {
-                    LOGGER.error("Put event failed {}", entry.toString());
-                }
-            }
-        } catch (SdkServiceException eventBridgeError) {
-            LOGGER.error("events::PutEvents", eventBridgeError);
-            LOGGER.error(Utils.getFullStackTrace(eventBridgeError));
-            throw eventBridgeError;
-        }
-    }
 }

layers/cloudformation-utils/pom.xml

@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License").
+You may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>com.amazon.aws.partners.saasfactory.saasboost</groupId>
+        <artifactId>saasboost-layers</artifactId>
+        <version>1.0.0</version>
+    </parent>
+    <artifactId>CloudFormationUtils</artifactId>
+    <version>1.0.0</version>
+    <packaging>jar</packaging>
+    <licenses>
+        <license>
+            <name>Apache-2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+        </license>
+    </licenses>
+
+    <properties>
+        <checkstyle.maxAllowedViolations>7</checkstyle.maxAllowedViolations>
+    </properties>
+
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-nop</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.amazon.aws.partners.saasfactory.saasboost</groupId>
+            <artifactId>Utils</artifactId>
+            <version>1.0.0</version>
+            <!-- Don't bundle our layer so we get the shared one at runtime -->
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-lambda-java-core</artifactId>
+        </dependency>
+    </dependencies>
+</project>

layers/cloudformation-utils/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/AwsResource.java

@@ -0,0 +1,99 @@
+package com.amazon.aws.partners.saasfactory.saasboost;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.IllegalFormatException;
+
+public enum AwsResource {
+
+    RDS_CLUSTER("https://%s.console.aws.amazon.com/rds/home#database:id=%s;is-cluster=true",
+            "",
+            "AWS::RDS::DBCluster", false),
+    RDS_INSTANCE("https://%s.console.aws.amazon.com/rds/home?region=%s#dbinstance:id=%s",
+            "",
+            "AWS::RDS::DBInstance", true),
+    ECS_CLUSTER("https://%s.console.aws.amazon.com/ecs/home#/clusters/%s",
+            "arn:%s:ecs:%s:%s:cluster/%s",
+            "AWS::ECS::Cluster", false),
+    LOG_GROUP("https://%s.console.aws.amazon.com/cloudwatch/home?region=%s#logsV2:log-groups/log-group/%s",
+            "",
+            "AWS::Logs::LogGroup", true),
+    VPC("https://%s.console.aws.amazon.com/vpc/home?region=%s#vpcs:search=%s",
+            "arn:%s:ec2:%s:%s:vpc/%s",
+            "AWS::EC2::VPC", true),
+    PRIVATE_SUBNET_A("https://%s.console.aws.amazon.com/vpc/home?region=%s#SubnetDetails:subnetId=%s",
+            "arn:%s:ec2:%s:%s:subnet/%s",
+            "AWS::EC2::Subnet", true),
+    PRIVATE_SUBNET_B("https://%s.console.aws.amazon.com/vpc/home?region=%s#SubnetDetails:subnetId=%s",
+            "arn:%s:ec2:%s:%s:subnet/%s",
+            "AWS::EC2::Subnet", true),
+    CODE_PIPELINE("https://%s.console.aws.amazon.com/codesuite/codepipeline/pipelines/%s/view",
+            "",
+            "AWS::CodePipeline::Pipeline", false),
+    ECR_REPO("https://%s.console.aws.amazon.com/ecr/repositories/%s/",
+            "",
+            "AWS::ECR::Repository", false),
+    LOAD_BALANCER("https://%s.console.aws.amazon.com/ec2/v2/home?region=%s#LoadBalancers:search=%s",
+            "",
+            "AWS::ElasticLoadBalancingV2::LoadBalancer", true),
+    HTTP_LISTENER("https://%s.console.aws.amazon.com/ec2/v2/home?region=%s#LoadBalancers:search=%s",
+            "",
+            "AWS::ElasticLoadBalancingV2::Listener", true),
+    HTTPS_LISTENER("https://%s.console.aws.amazon.com/ec2/v2/home?region=%s#LoadBalancers:search=%s",
+            "",
+            "AWS::ElasticLoadBalancingV2::Listener", true),
+    CLOUDFORMATION("https://%s.console.aws.amazon.com/cloudformation/home?region=%s#/stacks/stackinfo?filteringStatus=active&viewNested=true&hideStacks=false&stackId=%s",
+            "",
+            "AWS::CloudFormation::Stack", true),
+    ECS_SECURITY_GROUP("https://%s.console.aws.amazon.com/ec2/v2/home?region=%s#SecurityGroup:groupId=%s",
+            "arn:%s:ec2:%s:%s:security-group/%s",
+            "AWS::EC2::SecurityGroup", true);
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(AwsResource.class);
+
+    private final String urlFormat;
+    private final String arnFormat;
+    private final String resourceType;
+    private final boolean repeatRegion;
+
+    AwsResource(String urlFormat, String arnFormat, String resourceType, boolean repeatRegion) {
+        this.urlFormat = urlFormat;
+        this.arnFormat = arnFormat;
+        this.resourceType = resourceType;
+        this.repeatRegion = repeatRegion;
+    }
+
+    public String getUrlFormat() {
+        return this.urlFormat;
+    }
+
+    public String getArnFormat() {
+        return arnFormat;
+    }
+
+    public String getResourceType() {
+        return this.resourceType;
+    }
+
+    public String formatUrl(String region, String resourceId) {
+        String url;
+        try {
+            if (this.repeatRegion) {
+                url = String.format(this.urlFormat, region, region, resourceId);
+            } else {
+                url = String.format(this.urlFormat, region, resourceId);
+            }
+        } catch (IllegalFormatException e) {
+            LOGGER.error("Error formatting URL for {}", this.name(), e);
+            LOGGER.error(Utils.getFullStackTrace(e));
+            throw new RuntimeException(e);
+        }
+        return url;
+    }
+
+    public String formatArn(String partition, String region, String accountId, String resourceId) {
+        return String.format(this.arnFormat, partition, region, accountId, resourceId);
+    }
+
+}

functions/core-stack-listener/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/CloudFormationEvent.java renamed to layers/cloudformation-utils/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/CloudFormationEvent.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package com.amazon.aws.partners.saasfactory.saasboost;
 
 import java.util.LinkedHashMap;

functions/core-stack-listener/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/CloudFormationEventDeserializer.java renamed to layers/cloudformation-utils/src/main/java/com/amazon/aws/partners/saasfactory/saasboost/CloudFormationEventDeserializer.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package com.amazon.aws.partners.saasfactory.saasboost;
 
 import java.util.LinkedHashMap;