#!/usr/bin/env bash set -e # Check if the context input has been entered before WORKLOAD_CDK_CONTEXT_FILE=./workload-account-infra/cdk.context.json if [ -f "$WORKLOAD_CDK_CONTEXT_FILE" ]; then REGION_DEFAULT=$(cat $WORKLOAD_CDK_CONTEXT_FILE | jq -r '."home-region"') MONITORING_ACCOUNT_ID_DEFAULT=$(cat $WORKLOAD_CDK_CONTEXT_FILE | jq -r '."monitoring-account-id"') MONITORING_ACCOUNT_ROLE_NAME_DEFAULT=$(cat $WORKLOAD_CDK_CONTEXT_FILE | jq -r '."monitoring-account-role-name"') MONITORING_ACCOUNT_EVENTBUS_ARN_DEFAULT=$(cat $WORKLOAD_CDK_CONTEXT_FILE | jq -r '."monitoring-account-eventbus-arn"') MONITORING_ACCOUNT_SINK_ARN_DEFAULT=$(cat $WORKLOAD_CDK_CONTEXT_FILE | jq -r '."monitoring-account-sink-arn"') CLI_PROFILE_NAME_DEFAULT=$(cat $WORKLOAD_CDK_CONTEXT_FILE | jq -r '."awscli-profile"') fi read -p "Home region [$REGION_DEFAULT]: " REGION REGION=${REGION:-$REGION_DEFAULT} echo "" echo "Please enter values from the monitoring stack outputs..." read -p "Monitoring Account ID [$MONITORING_ACCOUNT_ID_DEFAULT]: " MONITORING_ACCOUNT_ID MONITORING_ACCOUNT_ID=${MONITORING_ACCOUNT_ID:-$MONITORING_ACCOUNT_ID_DEFAULT} read -p "Monitoring Account Role Name [$MONITORING_ACCOUNT_ROLE_NAME_DEFAULT]: " MONITORING_ACCOUNT_ROLE_NAME MONITORING_ACCOUNT_ROLE_NAME=${MONITORING_ACCOUNT_ROLE_NAME:-$MONITORING_ACCOUNT_ROLE_NAME_DEFAULT} read -p "Monitoring Account Eventbus ARN [$MONITORING_ACCOUNT_EVENTBUS_ARN_DEFAULT]: " MONITORING_ACCOUNT_EVENTBUS_ARN MONITORING_ACCOUNT_EVENTBUS_ARN=${MONITORING_ACCOUNT_EVENTBUS_ARN:-$MONITORING_ACCOUNT_EVENTBUS_ARN_DEFAULT} read -p "Monitoring Account Sink Identifier [$MONITORING_ACCOUNT_SINK_ARN_DEFAULT]: " MONITORING_ACCOUNT_SINK_ARN MONITORING_ACCOUNT_SINK_ARN=${MONITORING_ACCOUNT_SINK_ARN:-$MONITORING_ACCOUNT_SINK_ARN_DEFAULT} if [[ -z $CLI_PROFILE_NAME_DEFAULT ]] || [[ $CLI_PROFILE_NAME_DEFAULT == "" ]] || [[ $CLI_PROFILE_NAME_DEFAULT = null ]]; then read -p "Workload account AWSCLI profile name. Press [enter] to use the default AWS creds from the chain: " WORKLOAD_ACCOUNT_AWSCLI_PROFILE_NAME else read -p "Workload account AWSCLI profile name [$CLI_PROFILE_NAME_DEFAULT]: " WORKLOAD_ACCOUNT_AWSCLI_PROFILE_NAME WORKLOAD_ACCOUNT_AWSCLI_PROFILE_NAME=${WORKLOAD_ACCOUNT_AWSCLI_PROFILE_NAME:-$CLI_PROFILE_NAME_DEFAULT} fi # Shouldn't need to change any of the scripts below if [[ -z $WORKLOAD_ACCOUNT_AWSCLI_PROFILE_NAME ]] || [[ $WORKLOAD_ACCOUNT_AWSCLI_PROFILE_NAME == "" ]] then PROFILE="" echo "Profile not specified. Use default AWS credential." else PROFILE="--profile ${WORKLOAD_ACCOUNT_AWSCLI_PROFILE_NAME}" fi WORKLOAD_ACCOUNT=$(aws sts get-caller-identity ${PROFILE} | jq -r ".Account") read -p "Current deploying to Account $WORKLOAD_ACCOUNT. Is this correct? [y/n]: " confirm if [[ $confirm == "y" ]] || [[ $confirm == "Y" ]] then echo "Account confirmed. Processding with the deployment.." else echo "Please confirm your AWS credential." exit 1 fi cat << EOF >./.env WORKLOAD_ACCOUNT=$WORKLOAD_ACCOUNT WORKLOAD_PROFILE=$PROFILE CDK_DEPLOY_REGION=$REGION EOF # Deploy StackSet into Management account cat << EOF >./workload-account-infra/cdk.context.json { "home-region": "$REGION", "monitoring-account-id": "$MONITORING_ACCOUNT_ID", "monitoring-account-sink-arn": "$MONITORING_ACCOUNT_SINK_ARN", "monitoring-account-role-name": "$MONITORING_ACCOUNT_ROLE_NAME", "monitoring-account-eventbus-arn": "$MONITORING_ACCOUNT_EVENTBUS_ARN" } EOF cdk bootstrap aws://$WORKLOAD_ACCOUNT/$REGION $PROFILE make build make deploy-workload-account-infra