Parameters: emailAddress: Type: String AllowedPattern: .+ Description: (Required) An e-mail address with which to receive deployment notifications. instanceType: Type: String Default: ml.t2.medium Description: (Required) SageMaker Notebook instance type on which to host the AFA dashboard (e.g. ml.t2.medium, ml.t3.xlarge, ml.t3.2xlarge, ml.m4.4xlarge) lambdamapFunctionName: Type: String Default: AfaLambdaMapFunction Resources: CodeBuildRole728CBADE: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: codebuild.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/AWSCodeBuildDeveloperAccess - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/CloudWatchFullAccess - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/AmazonEC2ContainerRegistryPowerUser Tags: - Key: Project Value: Afa Metadata: aws:cdk:path: AfaBootstrapStack/CodeBuildRole/Resource CodeBuildRoleDefaultPolicy829527DE: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Effect: Allow Resource: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":logs:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :log-group:/aws/codebuild/ - Ref: AfaCodeBuildProject64003172 - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":logs:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :log-group:/aws/codebuild/ - Ref: AfaCodeBuildProject64003172 - :* - Action: - codebuild:CreateReportGroup - codebuild:CreateReport - codebuild:UpdateReport - codebuild:BatchPutTestCases - codebuild:BatchPutCodeCoverages Effect: Allow Resource: Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - ":codebuild:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :report-group/ - Ref: AfaCodeBuildProject64003172 - -* Version: "2012-10-17" PolicyName: CodeBuildRoleDefaultPolicy829527DE Roles: - Ref: CodeBuildRole728CBADE Metadata: aws:cdk:path: AfaBootstrapStack/CodeBuildRole/DefaultPolicy/Resource CodeBuildPolicy9FEF6D56: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: cloudformation:* Effect: Allow Resource: - Fn::Join: - "" - - "arn:aws:cloudformation:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :stack/ - Ref: AWS::StackName - "*" - Fn::Join: - "" - - "arn:aws:cloudformation:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :stack/AfaStack* - Fn::Join: - "" - - "arn:aws:cloudformation:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :stack/AfaLambdaMapStack* - Fn::Join: - "" - - "arn:aws:cloudformation:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :stack/CDKToolkit* - Action: - iam:DeletePolicy - iam:CreateRole - iam:AttachRolePolicy - iam:PutRolePolicy - iam:PassRole - iam:DetachRolePolicy - iam:DeleteRolePolicy - iam:GetRole - iam:GetPolicy - iam:UpdateRoleDescription - iam:DeleteRole - iam:CreatePolicy - iam:UpdateRole - iam:GetRolePolicy - iam:DeletePolicyVersion - iam:TagRole - iam:TagPolicy Effect: Allow Resource: - Fn::Join: - "" - - "arn:aws:iam::" - Ref: AWS::AccountId - :role/ - Ref: AWS::StackName - "*" - Fn::Join: - "" - - "arn:aws:iam::" - Ref: AWS::AccountId - :role/AfaStack* - Fn::Join: - "" - - "arn:aws:iam::" - Ref: AWS::AccountId - :role/AfaLambdaMapStack* - Fn::Join: - "" - - "arn:aws:iam::" - Ref: AWS::AccountId - :role/cdk-* - Fn::Join: - "" - - "arn:aws:iam::" - Ref: AWS::AccountId - :policy/ - Ref: AWS::StackName - "*" - Fn::Join: - "" - - "arn:aws:iam::" - Ref: AWS::AccountId - :policy/AfaStack* - Fn::Join: - "" - - "arn:aws:iam::" - Ref: AWS::AccountId - :policy/AfaLambdaMapStack* - Fn::Join: - "" - - "arn:aws:lambda:*:" - Ref: AWS::AccountId - :policy/ - Ref: AWS::StackName - "*" - Fn::Join: - "" - - "arn:aws:lambda:*:" - Ref: AWS::AccountId - :policy/AfaStack* - Fn::Join: - "" - - "arn:aws:lambda:*:" - Ref: AWS::AccountId - :policy/AfaLambdaMapStack* - Action: logs:* Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:logs:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :log-group:/aws/codebuild/AfaCodeBuildProject* - Action: lambda:* Effect: Allow Resource: - Fn::Join: - "" - - "arn:aws:lambda:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":function:" - Ref: lambdamapFunctionName - Fn::Join: - "" - - "arn:aws:lambda:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :function:AfaStack* - Action: - sagemaker:DescribeNotebookInstanceLifecycleConfig - sagemaker:DeleteNotebookInstance - sagemaker:StopNotebookInstance - sagemaker:DescribeNotebookInstance - sagemaker:CreateNotebookInstanceLifecycleConfig - sagemaker:DeleteNotebookInstanceLifecycleConfig - sagemaker:UpdateNotebookInstanceLifecycleConfig - sagemaker:CreateNotebookInstance - sagemaker:UpdateNotebookInstance - sagemaker:AddTags - sagemaker:DeleteTags - sagemaker:ListTags Effect: Allow Resource: - Fn::Join: - "" - - "arn:aws:sagemaker:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :notebook-instance/afastack* - Fn::Join: - "" - - "arn:aws:sagemaker:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :notebook-instance-lifecycle-config/notebooklifecycleconfig* - Action: sns:* Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:sns:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :AfaStack-NotificationTopic - Action: s3:* Effect: Allow Resource: - arn:aws:s3:::cdk-* - arn:aws:s3:::cdktoolkit-* - arn:aws:s3:::afastack* - Action: ssm:* Effect: Allow Resource: - Fn::Join: - "" - - "arn:aws:ssm:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :parameter/AfaS3Bucket - Fn::Join: - "" - - "arn:aws:ssm:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :parameter/AfaS3InputPath - Fn::Join: - "" - - "arn:aws:ssm:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :parameter/AfaS3OutputPath - Fn::Join: - "" - - "arn:aws:ssm:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :parameter/AfaAfcStateMachineArn - Fn::Join: - "" - - "arn:aws:ssm:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :parameter/cdk-bootstrap/* - Action: states:* Effect: Allow Resource: Fn::Join: - "" - - "arn:aws:states:" - Ref: AWS::Region - ":" - Ref: AWS::AccountId - :stateMachine:AfaStack* - Action: - ec2:DescribeAvailabilityZones - sts:GetCallerIdentity - ecr:GetAuthorizationToken - ecr:BatchCheckLayerAvailability - ecr:GetDownloadUrlForLayer - ecr:GetRepositoryPolicy - ecr:DescribeRepositories - ecr:ListImages - ecr:DescribeImages - ecr:BatchGetImage - ecr:GetLifecyclePolicy - ecr:GetLifecyclePolicyPreview - ecr:ListTagsForResource - ecr:DescribeImageScanFindings - ecr:InitiateLayerUpload - ecr:UploadLayerPart - ecr:CompleteLayerUpload - ecr:PutImage - ecr:SetRepositoryPolicy - ecr:CreateRepository - ecr:PutImageScanningConfiguration - ecr:DeleteRepository - ecr:TagResource - ecr:UntagResource Effect: Allow Resource: "*" Version: "2012-10-17" PolicyName: CodeBuildPolicy9FEF6D56 Roles: - Ref: CodeBuildRole728CBADE Metadata: aws:cdk:path: AfaBootstrapStack/CodeBuildPolicy/Resource AfaCodeBuildProject64003172: Type: AWS::CodeBuild::Project Properties: Artifacts: Type: NO_ARTIFACTS Environment: ComputeType: BUILD_GENERAL1_SMALL EnvironmentVariables: - Name: LAMBDAMAP_STACK_NAME Type: PLAINTEXT Value: AfaLambdaMapStack - Name: LAMBDAMAP_FUNCTION_NAME Type: PLAINTEXT Value: AfaLambdaMapFunction - Name: EMAIL Type: PLAINTEXT Value: Ref: emailAddress - Name: INSTANCE_TYPE Type: PLAINTEXT Value: Ref: instanceType - Name: AFA_STACK_NAME Type: PLAINTEXT Value: AfaStack Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0 ImagePullCredentialsType: CODEBUILD PrivilegedMode: true Type: LINUX_CONTAINER ServiceRole: Fn::GetAtt: - CodeBuildRole728CBADE - Arn Source: BuildSpec: Fn::Join: - "" - - |- { "version": "0.2", "phases": { "install": { "runtime-versions": { "python": "3.9", "nodejs": "16" }, "commands": [ "export CDK_TAGS=$(aws cloudformation describe-stacks --stack-name - Ref: AWS::StackName - |-2 --query Stacks[0].Tags | python -c 'import sys, json; print(\" \".join(\"--tags \" + d[\"Key\"] + \"=\" + d[\"Value\"] for d in json.load(sys.stdin)))')", "export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)", "export BOOTSTRAP_URL=aws://$AWS_ACCOUNT_ID/$AWS_DEFAULT_REGION", "npm i --silent --quiet --no-progress -g aws-cdk@2.17.0", "(( [[ -n \"CDK_TAGS\" ]] ) && ( cdk bootstrap ${BOOTSTRAP_URL} )) || ( cdk bootstrap ${BOOTSTRAP_URL} )" ] }, "pre_build": { "commands": [] }, "build": { "commands": [ "git clone https://github.com/aws-samples/lambdamap.git", "cd lambdamap/", "git checkout main", "make deploy STACK_NAME=$LAMBDAMAP_STACK_NAME CDK_TAGS=\"$CDK_TAGS\" FUNCTION_NAME=$LAMBDAMAP_FUNCTION_NAME EXTRA_CMDS=\"'git clone https://github.com/aws-samples/simple-forecast-solution.git ; cd ./simple-forecast-solution/ ; git checkout main ; pip install --use-deprecated=legacy-resolver -e .'\"", "cd ..", "git clone https://github.com/aws-samples/simple-forecast-solution.git", "cd simple-forecast-solution/", "git checkout main", "make deploy-ui EMAIL=$EMAIL INSTANCE_TYPE=$INSTANCE_TYPE AFA_STACK_NAME=$AFA_STACK_NAME CDK_TAGS=\"$CDK_TAGS\" " ] }, "post_build": { "commands": [ "echo 'Deploy Completed'" ] } } } Type: NO_SOURCE Cache: Type: NO_CACHE EncryptionKey: alias/aws/s3 Tags: - Key: Project Value: Afa Metadata: aws:cdk:path: AfaBootstrapStack/AfaCodeBuildProject/Resource LambdaRole3A44B857: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/AWSCodeBuildDeveloperAccess - Fn::Join: - "" - - "arn:" - Ref: AWS::Partition - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Tags: - Key: Project Value: Afa Metadata: aws:cdk:path: AfaBootstrapStack/LambdaRole/Resource LambdaFunctionBF21E41F: Type: AWS::Lambda::Function Properties: Code: ZipFile: | import os import json import boto3 import cfnresponse def lambda_handler(event, context): client = boto3.client("codebuild") client.start_build(projectName=os.environ["CODEBUILD_PROJECT_NAME"]) cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, "CustomResourcePhysicalID") return Role: Fn::GetAtt: - LambdaRole3A44B857 - Arn Environment: Variables: CODEBUILD_PROJECT_NAME: Ref: AfaCodeBuildProject64003172 Handler: index.lambda_handler Runtime: python3.8 Tags: - Key: Project Value: Afa DependsOn: - LambdaRole3A44B857 Metadata: aws:cdk:path: AfaBootstrapStack/LambdaFunction/Resource CustomResource: Type: AWS::CloudFormation::CustomResource Properties: ServiceToken: Fn::GetAtt: - LambdaFunctionBF21E41F - Arn DependsOn: - AfaCodeBuildProject64003172 UpdateReplacePolicy: Delete DeletionPolicy: Delete Metadata: aws:cdk:path: AfaBootstrapStack/CustomResource/Default CDKMetadata: Type: AWS::CDK::Metadata Properties: Analytics: v2:deflate64:H4sIAAAAAAAA/0WMywrCMBBFv6X7OLUoFHdCwXWoX5AmI6ZNMpAHUkL+XdMqru6Ze5nTQXfu4dhcxSscpFraLMkj5HsUcmHDw3HhhcWIng0pRLIjBkpeYt3+TC5En2Ss7edQOmpyhVVp1sJCHsnsLzU5GS3Xzb5RYZIUTkkbBZl7mnE3fbEwI+ykBORbcrKa6/jjUgrja3ySa09wgb6Zg9YHn1zUFmHc8w2b8eRe5wAAAA== Metadata: aws:cdk:path: AfaBootstrapStack/CDKMetadata/Default Condition: CDKMetadataAvailable Conditions: CDKMetadataAvailable: Fn::Or: - Fn::Or: - Fn::Equals: - Ref: AWS::Region - af-south-1 - Fn::Equals: - Ref: AWS::Region - ap-east-1 - Fn::Equals: - Ref: AWS::Region - ap-northeast-1 - Fn::Equals: - Ref: AWS::Region - ap-northeast-2 - Fn::Equals: - Ref: AWS::Region - ap-south-1 - Fn::Equals: - Ref: AWS::Region - ap-southeast-1 - Fn::Equals: - Ref: AWS::Region - ap-southeast-2 - Fn::Equals: - Ref: AWS::Region - ca-central-1 - Fn::Equals: - Ref: AWS::Region - cn-north-1 - Fn::Equals: - Ref: AWS::Region - cn-northwest-1 - Fn::Or: - Fn::Equals: - Ref: AWS::Region - eu-central-1 - Fn::Equals: - Ref: AWS::Region - eu-north-1 - Fn::Equals: - Ref: AWS::Region - eu-south-1 - Fn::Equals: - Ref: AWS::Region - eu-west-1 - Fn::Equals: - Ref: AWS::Region - eu-west-2 - Fn::Equals: - Ref: AWS::Region - eu-west-3 - Fn::Equals: - Ref: AWS::Region - me-south-1 - Fn::Equals: - Ref: AWS::Region - sa-east-1 - Fn::Equals: - Ref: AWS::Region - us-east-1 - Fn::Equals: - Ref: AWS::Region - us-east-2 - Fn::Or: - Fn::Equals: - Ref: AWS::Region - us-west-1 - Fn::Equals: - Ref: AWS::Region - us-west-2