#!/bin/bash # This script setups the aws accounts with the required permissions for CDK deployments, the accounts are bootstrapped # and configured to enable cross account access as per the architecture diagram read -p 'Governance Account (12-digits): ' gov_account read -p 'Dev Account (12-digits): ' dev_account read -p 'PreProd Account (12-digits): ' preprod_account read -p 'Prod Account (12-digits): ' prod_account read -p 'Deployment region (aws regions i.e. us-east-1): ' region echo 'Updating constants.py file with accounts and region details' pattern="[0-9a-zA-Z\-]*" sed -i '' -e "s/^PIPELINE_ACCOUNT = \"$pattern\"/PIPELINE_ACCOUNT = \"$gov_account\"/" \ -e "s/^DEV_ACCOUNT = \"$pattern\"/DEV_ACCOUNT = \"$dev_account\"/" \ -e "s/^PREPROD_ACCOUNT = \"$pattern\"/PREPROD_ACCOUNT = \"$preprod_account\"/" \ -e "s/^PROD_ACCOUNT = \"$pattern\"/PROD_ACCOUNT = \"$prod_account\"/" \ -e "s/^DEFAULT_DEPLOYMENT_REGION = \"$pattern\"/DEFAULT_DEPLOYMENT_REGION = \"$region\"/" \ mlops_infra/config/constants.py echo 'AWS profiles to be used for each account' read -p 'Governance Account AWS Profile: ' gov_profile read -p 'Dev Account AWS Profile: ' dev_profile read -p 'PreProd Account AWS Profile: ' preprod_profile read -p 'Prod Account AWS Profile: ' prod_profile cdk bootstrap aws://$gov_account/$region --profile $gov_profile cdk bootstrap aws://$dev_account/$region --trust $gov_account --cloudformation-execution-policies 'arn:aws:iam::aws:policy/AdministratorAccess' --profile $dev_profile cdk bootstrap aws://$preprod_account/$region --trust $dev_account,$gov_account --cloudformation-execution-policies 'arn:aws:iam::aws:policy/AdministratorAccess' --profile $preprod_profile cdk bootstrap aws://$prod_account/$region --trust $dev_account,$gov_account --cloudformation-execution-policies 'arn:aws:iam::aws:policy/AdministratorAccess' --profile $prod_profile