Update to version v2.0.0

Author: hnishar

CHANGELOG.md

@@ -4,9 +4,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.0] - 2021-03-15
+### Added
+- Support for new simplified manifest schema (version "2021-03-15"). This does not impact existing customers using manifest version "2020-01-01".
+### Changed
+- Optimization to skip update Stack Set workflow when only new accounts are added to the Stack Set.
+- Ability to create only Stack Sets if the account list is empty. This allows users to configure Stack Set resources with empty Organizational Units. Ref:[GitHub Issue 42](https://github.com/awslabs/aws-control-tower-customizations/issues/42)
+- Pinned versions for all the third-party packages.
+- Update cfn-nag package to v0.7.2 to utilize new rules. This may result in new failures and warning in the build stage. However, it would help you identify new issues.
+- Update default branch name to 'main'.
+- Add support for https path for the resource file in the manifest.
+
 ## [1.2.1] - 2020-10-01
 ### Changed
-- Fix the issue related to incompatibility between latest version of BotoCore and AWS CLI. Ref:[Boto3 Issue #2596](https://github.com/boto/boto3/issues/2596)
+- Fix the issue related to incompatibility between latest version of BotoCore and AWS CLI. Ref: [Boto3 Issue #2596](https://github.com/boto/boto3/issues/2596)
 
 ## [1.2.0] - 2020-06-20
 ### Added

NOTICE.txt

@@ -1,6 +1,6 @@
 Customizations for AWS Control Tower Solution
 
-Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except 
 in compliance with the License. A copy of the License is located at http://www.apache.org/licenses/LICENSE-2.0 
 or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, 

README.md

@@ -76,7 +76,7 @@ custom_control_tower_configuration
 ```   
 ***
 
-Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
 
 http://www.apache.org/licenses/LICENSE-2.0  

deployment/custom-control-tower-initiation.template

@@ -43,7 +43,7 @@ Parameters:
 
   CodeCommitBranchName:
     Description: Name of the branch in CodeCommit repository that contains custom Control Tower configuration.
-    Default: master
+    Default: main
     Type: String
 
   ExistingRepository:
@@ -584,7 +584,7 @@ Resources:
                 Action:
                   - s3:GetObject
                 Resource:
-                  - !Sub arn:${AWS::Partition}:s3:::%TEMPLATE_BUCKET_NAME%/*
+                  - !Sub arn:${AWS::Partition}:s3:::*/* # needed to support validation of remotely sourced templates feature. The host S3 bucket can be created by the customers or partners.
         - PolicyName: "Custom-Control-Tower-SCP-CodeBuild-Policy-StepFunctions"
           PolicyDocument:
             Version: "2012-10-17"
@@ -707,7 +707,7 @@ Resources:
                 Action:
                   - s3:GetObject
                 Resource:
-                  - !Sub arn:${AWS::Partition}:s3:::%TEMPLATE_BUCKET_NAME%/*
+                  - !Sub arn:${AWS::Partition}:s3:::*/* # needed to support validation of remotely sourced templates feature. The host S3 bucket can be created by the customers or partners.
         - PolicyName: "Custom-Control-Tower-StackSet-CodeBuild-Policy-StepFunctions"
           PolicyDocument:
             Version: "2012-10-17"
@@ -828,6 +828,10 @@ Resources:
                     Value: !FindInMap [KMS, Alias, Name]
                   - Name: EXECUTION_ROLE_NAME
                     Value: !FindInMap [AWSControlTower, ExecutionRole, Name]
+                  - Name: SOLUTION_ID
+                    Value: !FindInMap [Solution, Metrics, SolutionID]
+                  - Name: METRICS_URL
+                    Value: !FindInMap [Solution, Metrics, MetricsURL]
           Artifacts:
               Name: !Sub ${CustomControlTowerPipelineArtifactS3Bucket}-Built
               Type: CODEPIPELINE
@@ -2117,17 +2121,24 @@ Resources:
                 "Next": "List StackInstances Accounts"
               },
               "Skip Update StackSet?": {
-                  "Type": "Choice",
-                  "Choices": [
-                    {
-                      "Variable": "$.LoopFlag",
-                      "StringEquals": "yes",
-                      "Next": "Check Instance Pass"
-                    }
-                  ],
-                  "Default": "Update StackSet Pass"
-                },
-
+                 "Type": "Choice",
+                 "Choices": [
+                   {
+                     "Or": [
+                       {
+                         "Variable": "$.LoopFlag",
+                         "StringEquals": "yes"
+                       },
+                       {
+                         "Variable": "$.SkipUpdateStackSet",
+                         "StringEquals": "yes"
+                       }
+                     ],
+                     "Next": "Check Instance Pass"
+                   }
+                 ],
+                 "Default": "Update StackSet Pass"
+                 },
               "Update StackSet Pass": {
                 "Type": "Pass",
                 "Result": {

deployment/run-unit-tests.sh

@@ -3,5 +3,5 @@ echo 'pip3 install -r source/requirements.txt -t source/'
 pip3 install -r source/requirements.txt -t source/
 echo 'pip3 install -r source/testing_requirements.txt'
 pip3 install -r source/testing_requirements.txt
-echo 'cd source && pytest tests && cd -'
-cd source && pytest tests && cd -
+echo 'cd source && python3 -m pytest tests && cd -'
+cd source && python3 -m pytest tests && cd -

source/aws/services/cloudformation.py

@@ -1,5 +1,5 @@
 ##############################################################################
-#  Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
+#  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
 #                                                                            #
 #  Licensed under the Apache License, Version 2.0 (the "License").           #
 #  You may not use this file except in compliance                            #
@@ -36,6 +36,7 @@ def __init__(self, logger, **kwargs):
             'Caught exception OperationInProgressException'  \
             ' handling the exception...'
 
+    @try_except_retry()
     def describe_stack_set(self, stack_set_name):
         try:
             response = self.cfn_client.describe_stack_set(
@@ -58,6 +59,7 @@ def describe_stack_set_operation(self, stack_set_name, operation_id):
             self.logger.log_unhandled_exception(e)
             raise
 
+    @try_except_retry()
     def list_stack_instances(self, **kwargs):
         try:
             response = self.cfn_client.list_stack_instances(**kwargs)
@@ -335,6 +337,7 @@ def describe_stack_instance(self, stack_set_name, account_id, region):
             self.logger.log_unhandled_exception(e)
             raise
 
+    @try_except_retry()
     def list_stack_set_operations(self, **kwargs):
         try:
             response = self.cfn_client.list_stack_set_operations(**kwargs)

source/aws/services/code_pipeline.py

@@ -1,5 +1,5 @@
 ##############################################################################
-#  Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
+#  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
 #                                                                            #
 #  Licensed under the Apache License, Version 2.0 (the "License").           #
 #  You may not use this file except in compliance                            #

source/aws/services/ec2.py

@@ -1,5 +1,5 @@
 ##############################################################################
-#  Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
+#  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
 #                                                                            #
 #  Licensed under the Apache License, Version 2.0 (the "License").           #
 #  You may not use this file except in compliance                            #

source/aws/services/kms.py

@@ -1,5 +1,5 @@
 ###############################################################################
-#  Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.    #
+#  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.    #
 #                                                                             #
 #  Licensed under the Apache License, Version 2.0 (the "License").            #
 #  You may not use this file except in compliance with the License.

source/aws/services/organizations.py

@@ -1,5 +1,5 @@
 ##############################################################################
-#  Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
+#  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.   #
 #                                                                            #
 #  Licensed under the Apache License, Version 2.0 (the "License").           #
 #  You may not use this file except in compliance                            #