Skip to content

Commit fabefd8

Browse files
AWSAWS
AWS
authored and
AWS
committed
Release: v2.5.3
1 parent 3e48083 commit fabefd8

File tree

3 files changed

+68
-22
lines changed

3 files changed

+68
-22
lines changed

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
v2.5.2
1+
v2.5.3

customizations-for-aws-control-tower.template

Lines changed: 42 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
# permissions and limitations under the License.
1313

1414
AWSTemplateFormatVersion: '2010-09-09'
15-
Description: '(SO0089) - customizations-for-aws-control-tower Solution. Version: v2.5.2'
15+
Description: '(SO0089) - customizations-for-aws-control-tower Solution. Version: v2.5.3'
1616

1717
Parameters:
1818
PipelineApprovalStage:
@@ -127,7 +127,7 @@ Mappings:
127127
SourceBucketName:
128128
Name: control-tower-cfct-assets-prod
129129
SourceKeyName:
130-
Name: customizations-for-aws-control-tower/v2.5.2/custom-control-tower-configuration.zip
130+
Name: customizations-for-aws-control-tower/v2.5.3/custom-control-tower-configuration.zip
131131
CustomControlTowerPipelineS3TriggerKey:
132132
Name: custom-control-tower-configuration.zip
133133
CustomControlTowerPipelineS3NonTriggerKey:
@@ -145,7 +145,7 @@ Mappings:
145145
SolutionID: 'SO0089'
146146
MetricsURL: 'https://metrics.awssolutionsbuilder.com/generic'
147147
Data:
148-
AddonTemplate: 'https://s3.amazonaws.com/control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.2/custom-control-tower-initiation.template'
148+
AddonTemplate: 'https://s3.amazonaws.com/control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.3/custom-control-tower-initiation.template'
149149
AWSControlTower:
150150
ExecutionRole:
151151
Name: "AWSControlTowerExecution"
@@ -256,7 +256,6 @@ Resources:
256256
- id: W35
257257
reason: "This S3 bucket is used as the destination for 'CustomControlTowerPipelineS3Bucket' and 'CustomControlTowerPipelineArtifactS3Bucket'"
258258
Properties:
259-
AccessControl: LogDeliveryWrite
260259
VersioningConfiguration:
261260
Status: Enabled
262261
BucketEncryption:
@@ -279,7 +278,31 @@ Resources:
279278
Effect: Deny
280279
Principal: "*"
281280
Action: s3:DeleteBucket
282-
Resource: !Sub arn:${AWS::Partition}:s3:::${CustomControlTowerS3AccessLogsBucket}
281+
Resource: !Sub "arn:${AWS::Partition}:s3:::${CustomControlTowerS3AccessLogsBucket}"
282+
- Sid: EnableS3AccessLoggingForPipelineS3Bucket
283+
Effect: Allow
284+
Principal:
285+
Service: logging.s3.amazonaws.com
286+
Action:
287+
- s3:PutObject
288+
Resource: !Sub "arn:${AWS::Partition}:s3:::${CustomControlTowerS3AccessLogsBucket}/*"
289+
Condition:
290+
ArnLike:
291+
"aws:SourceArn": !Sub "arn:${AWS::Partition}:s3:::${CustomControlTowerPipelineS3Bucket}"
292+
StringEquals:
293+
"aws:SourceAccount": !Ref AWS::AccountId
294+
- Sid: EnableS3AccessLoggingForPipelineArtifactS3Bucket
295+
Effect: Allow
296+
Principal:
297+
Service: logging.s3.amazonaws.com
298+
Action:
299+
- s3:PutObject
300+
Resource: !Sub "arn:${AWS::Partition}:s3:::${CustomControlTowerS3AccessLogsBucket}/*"
301+
Condition:
302+
ArnLike:
303+
"aws:SourceArn": !Sub "arn:${AWS::Partition}:s3:::${CustomControlTowerPipelineArtifactS3Bucket}"
304+
StringEquals:
305+
"aws:SourceAccount": !Ref AWS::AccountId
283306

284307
CustomControlTowerCodeCommit:
285308
Type: AWS::CodeCommit::Repository
@@ -292,7 +315,7 @@ Resources:
292315
Code:
293316
S3:
294317
Bucket: control-tower-cfct-assets-prod
295-
Key: !Sub customizations-for-aws-control-tower/v2.5.2/custom-control-tower-configuration-${AWS::Region}.zip
318+
Key: !Sub customizations-for-aws-control-tower/v2.5.3/custom-control-tower-configuration-${AWS::Region}.zip
296319

297320
# SSM Parameter to store the git repository name
298321
CustomControlTowerRepoNameParameter:
@@ -551,7 +574,7 @@ Resources:
551574
- {KMSKeyName: !FindInMap [KMS, Alias, Name]}
552575
Source:
553576
Type: CODEPIPELINE
554-
BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1>/dev/null\n - export LC_ALL='en_US.UTF-8'\n - locale-gen en_US en_US.UTF-8\n - dpkg-reconfigure locales --frontend noninteractive\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.2/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES \n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n\n"
577+
BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1>/dev/null\n - export LC_ALL='en_US.UTF-8'\n - locale-gen en_US en_US.UTF-8\n - dpkg-reconfigure locales --frontend noninteractive\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.3/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES \n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n\n"
555578
Environment:
556579
ComputeType: BUILD_GENERAL1_SMALL
557580
Image: "aws/codebuild/standard:5.0"
@@ -576,7 +599,7 @@ Resources:
576599
- Name: SOLUTION_ID
577600
Value: !FindInMap [ Solution, Metrics, SolutionID ]
578601
- Name: SOLUTION_VERSION
579-
Value: v2.5.2
602+
Value: v2.5.3
580603
Artifacts:
581604
Name: !Sub ${CustomControlTowerPipelineArtifactS3Bucket}-Built
582605
Type: CODEPIPELINE
@@ -679,7 +702,7 @@ Resources:
679702
- {KMSKeyName: !FindInMap [KMS, Alias, Name]}
680703
Source:
681704
Type: CODEPIPELINE
682-
BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null \n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.2/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
705+
BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null \n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.3/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
683706
Environment:
684707
ComputeType: BUILD_GENERAL1_SMALL
685708
Image: "aws/codebuild/standard:5.0"
@@ -700,7 +723,7 @@ Resources:
700723
- Name: SOLUTION_ID
701724
Value: !FindInMap [ Solution, Metrics, SolutionID ]
702725
- Name: SOLUTION_VERSION
703-
Value: v2.5.2
726+
Value: v2.5.3
704727
Artifacts:
705728
Name: !Sub ${CustomControlTowerPipelineArtifactS3Bucket}-Built
706729
Type: CODEPIPELINE
@@ -855,7 +878,7 @@ Resources:
855878
- {KMSKeyName: !FindInMap [KMS, Alias, Name]}
856879
Source:
857880
Type: CODEPIPELINE
858-
BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.2/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
881+
BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod/customizations-for-aws-control-tower/v2.5.3/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
859882
Environment:
860883
ComputeType: BUILD_GENERAL1_SMALL
861884
Image: "aws/codebuild/standard:5.0"
@@ -880,7 +903,7 @@ Resources:
880903
- Name: SOLUTION_ID
881904
Value: !FindInMap [Solution, Metrics, SolutionID]
882905
- Name: SOLUTION_VERSION
883-
Value: v2.5.2
906+
Value: v2.5.3
884907
- Name: METRICS_URL
885908
Value: !FindInMap [Solution, Metrics, MetricsURL]
886909
- Name: CONTROL_TOWER_BASELINE_CONFIG_STACKSET
@@ -1003,10 +1026,10 @@ Resources:
10031026
Variables:
10041027
LOG_LEVEL: !FindInMap [LambdaFunction, Logging, Level]
10051028
SOLUTION_ID: !FindInMap [Solution, Metrics, SolutionID]
1006-
SOLUTION_VERSION: v2.5.2
1029+
SOLUTION_VERSION: v2.5.3
10071030
Code:
10081031
S3Bucket: !Sub "control-tower-cfct-assets-prod-${AWS::Region}"
1009-
S3Key: customizations-for-aws-control-tower/v2.5.2/custom-control-tower-config-deployer.zip
1032+
S3Key: customizations-for-aws-control-tower/v2.5.3/custom-control-tower-config-deployer.zip
10101033
FunctionName: CustomControlTowerDeploymentLambda
10111034
Description: Custom Control Tower Deployment Lambda
10121035
Handler: config_deployer.lambda_handler
@@ -1273,14 +1296,14 @@ Resources:
12731296
ADMINISTRATION_ROLE_ARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/service-role/AWSControlTowerStackSetRole
12741297
EXECUTION_ROLE_NAME: !FindInMap [AWSControlTower, ExecutionRole, Name]
12751298
SOLUTION_ID: !FindInMap [Solution, Metrics, SolutionID]
1276-
SOLUTION_VERSION: v2.5.2
1299+
SOLUTION_VERSION: v2.5.3
12771300
METRICS_URL: !FindInMap [Solution, Metrics, MetricsURL]
12781301
MAX_CONCURRENT_PERCENT: !Ref MaxConcurrentPercentage
12791302
FAILED_TOLERANCE_PERCENT: !Ref FailureTolerancePercentage
12801303
REGION_CONCURRENCY_TYPE: !Ref RegionConcurrencyType
12811304
Code:
12821305
S3Bucket: !Sub "control-tower-cfct-assets-prod-${AWS::Region}"
1283-
S3Key: customizations-for-aws-control-tower/v2.5.2/custom-control-tower-state-machine.zip
1306+
S3Key: customizations-for-aws-control-tower/v2.5.3/custom-control-tower-state-machine.zip
12841307
FunctionName: CustomControlTowerStateMachineLambda
12851308
Description: Custom Control Tower State Machine Handler
12861309
Handler: state_machine_router.lambda_handler
@@ -2888,10 +2911,10 @@ Resources:
28882911
LOG_LEVEL: !FindInMap [LambdaFunction, Logging, Level]
28892912
CODE_PIPELINE_NAME: !Ref CustomControlTowerCodePipeline
28902913
SOLUTION_ID: !FindInMap [ Solution, Metrics, SolutionID ]
2891-
SOLUTION_VERSION: v2.5.2
2914+
SOLUTION_VERSION: v2.5.3
28922915
Code:
28932916
S3Bucket: !Sub "control-tower-cfct-assets-prod-${AWS::Region}"
2894-
S3Key: customizations-for-aws-control-tower/v2.5.2/custom-control-tower-lifecycle-event-handler.zip
2917+
S3Key: customizations-for-aws-control-tower/v2.5.3/custom-control-tower-lifecycle-event-handler.zip
28952918
Description: Custom Control Tower Lifecyle event Lambda to handle lifecycle events
28962919
Handler: lifecycle_event_handler.lambda_handler
28972920
MemorySize: 512
@@ -3062,6 +3085,6 @@ Outputs:
30623085
Value: !Ref CustomControlTowerPipelineS3Bucket
30633086
CustomControlTowerSolutionVersion:
30643087
Description: Version Number
3065-
Value: "v2.5.2"
3088+
Value: "v2.5.3"
30663089
Export:
30673090
Name: Custom-Control-Tower-Version

0 commit comments

Comments
 (0)