AWSTemplateFormatVersion: '2010-09-09' Description: Snyk integration with AWS. (qs-1qm9kh0j6) Metadata: LICENSE: Apache License, Version 2.0 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Snyk Container integration Parameters: - SnykContainerOrganizationId - SnykContainerAWSAccountNumber - Label: default: Snyk Cloud integration Parameters: - SnykCloudOrganizationId - SnykCloudAWSAccountNumber - Label: default: Common configuration Parameters: - RoleNameSuffix - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: SnykContainerOrganizationId: default: Snyk Container organization ID SnykContainerAWSAccountNumber: default: Snyk Container AWS account number SnykCloudOrganizationId: default: Snyk Cloud organization ID SnykCloudAWSAccountNumber: default: Snyk Cloud AWS account number RoleNameSuffix: default: Snyk IAM role name suffix QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix Parameters: SnykContainerOrganizationId: Description: "Locate the organization ID by logging in to https://app.snyk.io and navigating to Settings." Type: String SnykContainerAWSAccountNumber: Description: "The Snyk Container AWS account number that assumes a role in your account." Type: String SnykCloudOrganizationId: Description: "Locate the organization ID by logging in to https://app.snyk.io and navigating to Settings." Type: String SnykCloudAWSAccountNumber: Description: "The Snyk Cloud AWS account number that assumes a role in your account." Type: String RoleNameSuffix: Description: "Unique suffix to append to the Snyk IAM roles." Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: The S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-), but it cannot start or end with a hyphen. Default: aws-quickstart Description: 'Name of the S3 bucket for your copy of the deployment assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new location.' Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing the Region updates code references to point to a new location. When using your own bucket, specify the Region.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/.]*$ ConstraintDescription: The S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End the prefix with a forward slash. Default: quickstart-snyk-security/ Description: 'S3 key prefix that is used to simulate a folder for your copy of the deployment assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new location.' Type: String Conditions: UsingDefaultBucket: !Equals - !Ref QSS3BucketName - 'aws-quickstart' Resources: SnykContainerIntegrationStack: Type: 'AWS::CloudFormation::Stack' Properties: Parameters: SnykContainerOrganizationId: !Ref 'SnykContainerOrganizationId' SnykContainerAWSAccountNumber: !Ref 'SnykContainerAWSAccountNumber' RoleNameSuffix: !Ref 'RoleNameSuffix' TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/snyk-container.template.yaml' - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' SnykCloudIntegrationStack: Type: 'AWS::CloudFormation::Stack' Properties: Parameters: SnykCloudOrganizationId: !Ref 'SnykCloudOrganizationId' SnykCloudAWSAccountNumber: !Ref 'SnykCloudAWSAccountNumber' RoleNameSuffix: !Ref 'RoleNameSuffix' TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/snyk-cloud.template.yaml' - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'QSS3BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'QSS3BucketRegion' Outputs: AWSRegion: Description: AWS Region for your Snyk integration. Value: !Sub '${AWS::Region}' SnykContainerRoleArn: Description: IAM Role ARN for Snyk Container integration Value: !GetAtt 'SnykContainerIntegrationStack.Outputs.SnykContainerRoleArn' SnykCloudRoleArn: Description: IAM Role ARN for Snyk Cloud integration Value: !GetAtt 'SnykCloudIntegrationStack.Outputs.SnykCloudRoleArn'