==================================
AWS Control Tower Manifest Builder
.. image:: https://img.shields.io/pypi/v/aws_control_tower_manifest_builder.svg
:target: https://pypi.python.org/pypi/aws_control_tower_manifest_builder
.. image:: https://github.com/gabrielbac/aws_control_tower_manifest_builder/actions/workflows/test.yaml/badge.svg
:target: https://github.com/gabrielbac/aws_control_tower_manifest_builder/actions/workflows/test.yaml/
.. image:: https://github.com/gabrielbac/aws_control_tower_manifest_builder/actions/workflows/release.yaml/badge.svg
:target: https://github.com/gabrielbac/aws_control_tower_manifest_builder/actions/workflows/release.yaml/
.. image:: https://readthedocs.org/projects/aws-control-tower-manifest-builder/badge/?version=latest
:target: https://aws-control-tower-manifest-builder.readthedocs.io/en/latest/?version=latest
:alt: Documentation Status
Python package to automatically build the AWS Control Tower Manifest given Cloud Formation templates and SCPs as input.
Features
.. image:: Pipeline.drawio.png
Quick start
- Run
pip install aws-control-tower-manifest-builder
- Download sample template and SCPs from S3 "Add link". Extract to directory
- Run
aws_control_tower_manifest_builder --input-cf sample_templates --input-scp sample_scp --output output_manifest
Note: the sample template includes incorrecly formatted templates.
For Developers - before pushing a branch
- Clone the repo
make venv
make black
make lint
make test
make local-test
To bump version:
- Update HISTORY.rst
git fetch
to fetch all tagsmake bump-<patch-minor-major>
- Make a release in Github and add a tag.
- Cloud Formation templates require a metadata section with the following info:
.. code-block:: yaml
Metadata:
manifest_parameters: # can be customized with --metadata-name
name: detailed_template # Optional. Defaults to the file name. a-z, A-Z, 0-9, and "-"
description: string # Required for SCPs
deploy_method: stackset # Optional. All file in the template directory use "stackset" and in policy directory use "scp".
accounts: ["123456789012", "987456123989"] # Requires "accounts" and/or "organizational_unit". If accounts is used, enforce only account
# IDs with --enforce-account-number-only
organizational_units: ["dev", "prod"] # Requires "accounts" and/or "organizational_unit".
regions: ["us-east-1" , "us-east-2"] # Optional. Defaults to us-east-1.
parameters: # Optional. List of parameters [SSM, Alfred, Values]
- parameter_key: parameter1
parameter_value: value1
- parameter_key: parameter2
parameter_value: value2
export_outputs: # Optional. list of ssm parameters to store output values
- name: /org/member/test-ssm/app-id
value: $[output_ApplicationId]
=======
History
0.3.1 (2022-03-03)
0.4.0 (2022-03-27)
- Change to mantain order, comments and support exclamation marks in Cloudformation
0.4.1 (2022-03-27)
- Fix for the default region option
0.5.0 (2022-03-29)
- Add argument to set schema version
0.5.1 (2022-03-24)
- Fix issue when leaving region blank not picking default value
0.5.2 (2022-04-08)
- Fail if files name or name in metadata dont match regex
0.5.3 (2022-04-09)
- Fix in logging and update to Readme
0.5.4 (2022-04-18)
- Exit with error when there is an issue in any manifest file
0.6.0 (2022-05-18)
- Enforce description in SCP and correct extension
0.7.0 (2022-08-28)
- Added 2 new options
--metadata-name -> to customize the name in the metadata
--enforce-account-number-only -> Allows to enforce use of 12 digit account numbers
The input scps folder is not mandatory anymore
0.8.0 (2022-09-08)
- Added 1 new option
--enable_stack_set_deletion -> defaults to False. Set to True to enable the CT pipeline to delete stacksets.