Merge pull request #29 from lvthillo/main

Make it possible to add custom tags to CF (nested) stacks and underlying resources.
aws-samples · Jul 6, 2023 · cf0cb9a · cf0cb9a
2 parents c64694c + becca5d
commit cf0cb9a
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 29 deletions.
diff --git a/amplify/backend/tags.json b/amplify/backend/tags.json
@@ -1,10 +1 @@
-[
-  {
-    "Key": "user:Stack",
-    "Value": "{project-env}"
-  },
-  {
-    "Key": "user:Application",
-    "Value": "{project-name}"
-  }
-]
+[]
diff --git a/deployment/deploy.sh b/deployment/deploy.sh
@@ -27,12 +27,26 @@ git remote add origin codecommit::$REGION://team-idc-app
 git push origin main
 
 cd ./deployment
-
-aws cloudformation deploy --region $REGION --template-file template.yml \
---stack-name TEAM-IDC-APP \
---parameter-overrides \
-  Source=$EMAIL_SOURCE \
-  Login=$IDC_LOGIN_URL \
-  teamAdminGroup="$TEAM_ADMIN_GROUP" \
-  teamAuditGroup="$TEAM_AUDITOR_GROUP" \
---no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+if [[ ! -z "$TAGS" ]];
+then
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+    tags="$TAGS" \
+  --tags $TAGS \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+else
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+    tags="$TAGS" \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+fi
diff --git a/deployment/parameters-template.sh b/deployment/parameters-template.sh
@@ -20,3 +20,4 @@ ORG_MASTER_PROFILE=org_master_profile
 TEAM_ACCOUNT_PROFILE=team_account_profile
 TEAM_ADMIN_GROUP="team_admin_group_name"
 TEAM_AUDITOR_GROUP="team_auditor_group_name"
+TAGS="project=iam-identity-center-team environment=prod"
diff --git a/deployment/template.yml b/deployment/template.yml
@@ -13,6 +13,10 @@ Parameters:
   teamAuditGroup:
     Type: String
     Description: TEAM application Auditor group
+  tags:
+    Type: String
+    Description: TEAM application tags
+    Default: ""
 
 Resources:
   TriggerAmplifyBuild:
@@ -113,6 +117,8 @@ Resources:
           Value: !Ref teamAdminGroup
         - Name: TEAM_AUDITOR_GROUP
           Value: !Ref teamAuditGroup
+        - Name: TAGS
+          Value: !Ref tags
       Tags:
         - Key: Branch
           Value: main

diff --git a/deployment/update.sh b/deployment/update.sh
@@ -24,14 +24,29 @@ git remote add origin codecommit::$REGION://team-idc-app
 git remote add team https://github.com/aws-samples/iam-identity-center-team.git
 git pull team main
 
-aws cloudformation deploy --region $REGION --template-file template.yml \
---stack-name TEAM-IDC-APP \
---parameter-overrides \
-  Source=$EMAIL_SOURCE \
-  Login=$IDC_LOGIN_URL \
-  teamAdminGroup="$TEAM_ADMIN_GROUP" \
-  teamAuditGroup="$TEAM_AUDITOR_GROUP" \
---no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+if [[ ! -z "$TAGS" ]];
+then
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+    tags="$TAGS" \
+  --tags $TAGS \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+else
+  aws cloudformation deploy --region $REGION --template-file template.yml \
+  --stack-name TEAM-IDC-APP \
+  --parameter-overrides \
+    Source=$EMAIL_SOURCE \
+    Login=$IDC_LOGIN_URL \
+    teamAdminGroup="$TEAM_ADMIN_GROUP" \
+    teamAuditGroup="$TEAM_AUDITOR_GROUP" \
+    tags="$TAGS" \
+  --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM
+fi
 
 git push origin main
 git remote remove team
diff --git a/docs/docs/deployment/deployment_process.md b/docs/docs/deployment/deployment_process.md
@@ -46,6 +46,7 @@ Create a new file named **parameters.sh** in the **deployment** directory. Copy
 - **TEAM_ACCOUNT_PROFILE** - Named profile for TEAM Application deployment Account
 - **TEAM_ADMIN_GROUP** - Name of IAM Identity Center group for TEAM administrators
 - **TEAM_AUDITOR_GROUP** - Name of IAM Identity Center group for TEAM auditors
+- **TAGS** - Tags that should be propagated to nested stacks and underlying resources
 
 For example:
 
@@ -58,6 +59,7 @@ ORG_MASTER_PROFILE=OrgMAsterProfileName
 TEAM_ACCOUNT_PROFILE=TeamAccountProfileName
 TEAM_ADMIN_GROUP=team_admin_group_name
 TEAM_AUDITOR_GROUP=team_auditor_group_name
+TAGS="tag1=value1 tag2=value2"
 ```
 
 ---

diff --git a/parameters.js b/parameters.js
@@ -6,7 +6,7 @@
 const fs = require("fs");
 const path = require("path");
 
-const { AWS_APP_ID, AWS_BRANCH, EMAIL_SOURCE, SSO_LOGIN, TEAM_ADMIN_GROUP, TEAM_AUDITOR_GROUP } = process.env;
+const { AWS_APP_ID, AWS_BRANCH, EMAIL_SOURCE, SSO_LOGIN, TEAM_ADMIN_GROUP, TEAM_AUDITOR_GROUP, TAGS } = process.env;
 
 async function update_auth_parameters() {
   console.log(`updating amplify config for branch "${AWS_BRANCH}"...`);
@@ -87,7 +87,28 @@ async function update_groups_parameters() {
   );
 }
 
+async function update_tag_parameters() {
+  console.log(`updating amplify/backend/tags.json"...`);
+
+  const tagsParametersJsonPath = path.resolve(
+    `./amplify/backend/tags.json`
+  );
+
+  const tagsArray = TAGS ? TAGS.split(' ').map((tag) => {
+    const [key, value] = tag.split('=');
+    return {
+      Key: key,
+      Value: value,
+    };
+  }) : [];
+
+  fs.writeFileSync(tagsParametersJsonPath, JSON.stringify(tagsArray, null, 2));
+}
+
+
+
 update_custom_parameters();
 update_auth_parameters();
 update_react_parameters();
-update_groups_parameters();
+update_groups_parameters();
+update_tag_parameters();