Merge pull request #93 from CDLUC3/prod-build

Final updates for the Production build

config/prd/config.yaml

@@ -2,6 +2,7 @@
 # provide the name of an existing bucket.
 #
 template_bucket_name: 'uc3-dmp-hub-cf-bucket-cdluc3prd'
+
 # Stack tags are attached to every AWS resource created by these CloudFormation templates
 # with the exception of the Lambda functions and layers which are managed by AWS SAM.
 #

config/prd/global/cert.yaml

@@ -3,7 +3,7 @@ template:
   type: file
 
 parameters:
-  HostedZoneId: !ssm_parameter /uc3/dmp/hub/prd/HostedZoneId
+  HostedZoneId: !stack_attr sceptre_user_data.hosted_zone
 
   Domain: !stack_attr sceptre_user_data.domain
 

config/prd/global/route53.yaml

@@ -3,7 +3,7 @@ template:
   type: 'file'
 
 parameters:
-  HostedZoneId: !ssm_parameter /uc3/dmp/hub/prd/HostedZoneId
+  HostedZoneId: !stack_attr sceptre_user_data.hosted_zone
 
   Env: !stack_attr sceptre_user_data.env
   Domain: !stack_attr sceptre_user_data.domain
@@ -13,4 +13,4 @@ parameters:
   # This HostedZone is the default for ALL CloudFront Distributions
   TargetHostedZoneId: 'Z2FDTNDATAQYW2'
 
-  SetIdentifier: 'frobozz'
+  SetIdentifier: 'quendor'

config/prd/regional/config.yaml

@@ -3,14 +3,11 @@
 #   my_variable: !stack_attr sceptre_user_data.[variable]
 sceptre_user_data:
   vpc_id: !stack_output_external cdl-uc3-prd-vpc-stack::vpc
+
   public_subnets:
     - !stack_output_external cdl-uc3-prd-defaultsubnet-stack::defaultsubnet2a
     - !stack_output_external cdl-uc3-prd-defaultsubnet-stack::defaultsubnet2b
     - !stack_output_external cdl-uc3-prd-defaultsubnet-stack::defaultsubnet2c
-  private_subnets:
-    - !stack_output_external cdl-uc3-prd-privatesubnet-stack::privatesubnet2a
-    - !stack_output_external cdl-uc3-prd-privatesubnet-stack::privatesubnet2b
-    - !stack_output_external cdl-uc3-prd-privatesubnet-stack::privatesubnet2c
 
   hosted_zone: !ssm_parameter /uc3/dmp/hub/prd/HostedZoneId
 

config/prd/regional/dynamo.yaml

@@ -31,4 +31,4 @@ hooks:
 
     # Build and deploy the React based DMP ID Landing Page to the CloudFront S3 bucket
     # Args are: environment
-    - !cmd 'cd ./src/landing_page && ruby build_deply.sh prd'
+    - !cmd 'cd ./src/landing_page && ruby build_deply.rb prd'

config/stg/global/cert.yaml

@@ -3,7 +3,7 @@ template:
   type: file
 
 parameters:
-  HostedZoneId: !ssm_parameter /uc3/dmp/hub/stg/HostedZoneId
+  HostedZoneId: !stack_attr sceptre_user_data.hosted_zone
 
   Domain: !stack_attr sceptre_user_data.domain
 

config/stg/global/route53.yaml

@@ -3,7 +3,7 @@ template:
   type: 'file'
 
 parameters:
-  HostedZoneId: !ssm_parameter /uc3/dmp/hub/stg/HostedZoneId
+  HostedZoneId: !stack_attr sceptre_user_data.hosted_zone
 
   Env: !stack_attr sceptre_user_data.env
   Domain: !stack_attr sceptre_user_data.domain

config/stg/regional/config.yaml

@@ -12,7 +12,7 @@ sceptre_user_data:
     - !stack_output_external cdl-uc3-prd-privatesubnet-stack::privatesubnet2b
     - !stack_output_external cdl-uc3-prd-privatesubnet-stack::privatesubnet2c
 
-  hosted_zone: !ssm_parameter /uc3/dmp/hub/stg/HostedZoneId
+  hosted_zone: !stack_output_external uc3-ops-aws-prd-route53::HostedZoneIdUc3StgCdlibNet
 
   env: 'stg'
   domain: 'dmphub.uc3stg.cdlib.net'

initial_setup.rb

@@ -0,0 +1,60 @@
+require 'optparse'
+
+@opts = { override: false, region: 'us-west-2', ezid_debug: false, pause_ezid: false }
+
+OptionParser.new do |parser|
+  parser.banner = "Usage: ruby initial_setup [options]"
+  parser.on("-e", "--environment ENV", "The environment (Example: dev)") { |e| @opts[:env] = e }
+  parser.on("-r", "--region AWS_REGION", "The AWS region (Default: us-west-2)") { |r| @opts[:region] = r }
+  parser.on("-o", "--override", TrueClass, "Replace existing values") { |o| @opts[:override] = o }
+
+  parser.on("-h", "--hosted-zone ZONE", "The HostedZoneId") { |h| @opts[:hosted_zone] = h }
+  parser.on("-a", "--admin-email EMAIL", "The Administrator email address") { |a| @opts[:email] = a }
+
+  parser.on("-x", "--pause-ezid", TrueClass, "Pause EZID submissions") { |o| @opts[:pause_ezid] = o }
+
+  parser.on("-m", "--ezid-debug-mode", TrueClass, "Increase Lambda log output") { |m| @opts[:ezid_debug] = m }
+  parser.on("-n", "--ezid-orgname NAME", "Your EZID hosting insitution name") { |n| @opts[:ezid_org] = n }
+  parser.on("-s", "--ezid-shoulder SHOULDER", "Your EZID DOI shoulder") { |s| @opts[:ezid_shoulder] = s }
+  parser.on("-u", "--ezid-username USER", "Your EZID username") { |u| @opts[:ezid_user] = u }
+  parser.on("-p", "--ezid-password PWD", "Your EZID password") { |p| @opts[:ezid_pwd] = p }
+end.parse!
+
+def put_param(key:, val:, secure: false, override: false)
+  name = "/uc3/dmp/hub/#{@opts[:env]}/#{key}"
+  args = [
+    "--region #{@opts[:region]}",
+    "--name #{name}",
+    "--value '#{val}'",
+    "--type #{secure ? 'SecureString' : 'String'}"
+  ]
+  args << "--overwrite" if @opts[:override]
+
+  puts "Adding value for SSM parameter #{name} --> '#{key == 'EzidPassword' ? '********' : val}'"
+  `aws ssm put-parameter #{args.join(' ')}`
+end
+
+if @opts.length > 3 && !@opts[:env].nil?
+  puts "Using options:"
+  pp @opts
+  puts ""
+
+  ezid_doi_base = 'https://doi.org/'
+  ezid_url = @opts[:env].downcase == 'prd' ? 'https://ezid.cdlib.org/' : 'https://ezid-stg.cdlib.org/'
+
+  put_param(key: 'HostedZoneId', val: @opts[:hosted_zone]) unless @opts[:hosted_zone].nil?
+  put_param(key: 'AdminEmail', val: @opts[:email]) unless @opts[:email].nil?
+
+  put_param(key: 'EzidApiUrl', val: ezid_url)
+  put_param(key: 'EzidBaseUrl', val: ezid_doi_base)
+
+  put_param(key: 'EzidDebugMode', val: @opts[:ezid_debug])
+  put_param(key: 'EzidPaused', val: @opts[:pause_ezid])
+
+  put_param(key: 'EzidHostingInstitution', val: @opts[:ezid_org]) unless @opts[:ezid_org].nil?
+  put_param(key: 'EzidShoulder', val: @opts[:ezid_shoulder], secure: true) unless @opts[:ezid_shoulder].nil?
+  put_param(key: 'EzidUsername', val: @opts[:ezid_user], secure: true) unless @opts[:ezid_user].nil?
+  put_param(key: 'EzidPassword', val: @opts[:ezid_pwd], secure: true) unless @opts[:ezid_pwd].nil?
+else
+  puts 'You must specify the environment and one or more options! Run `ruby initial_setup -h` for more info.'
+end

src/sam/template.yaml

@@ -103,7 +103,7 @@ Resources:
     Type: 'AWS::IAM::ManagedPolicy'
     Properties:
       Description: 'DMPHub - Read access to the DynamoDB Table'
-      ManagedPolicyName: 'DmpHubDynamoReadPolicy'
+      ManagedPolicyName: !Sub 'DmpHub${Env}DynamoReadPolicy'
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
@@ -124,7 +124,7 @@ Resources:
     Type: 'AWS::IAM::ManagedPolicy'
     Properties:
       Description: 'DMPHub - Write access (and GetItem) to the DynamoDB Table'
-      ManagedPolicyName: 'DmpHubDynamoWritePolicy'
+      ManagedPolicyName: !Sub 'DmpHub${Env}DynamoWritePolicy'
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
@@ -205,7 +205,7 @@ Resources:
     Type: 'AWS::IAM::ManagedPolicy'
     Properties:
       Description: 'DMPHub - Access to the EventBus'
-      ManagedPolicyName: 'DmpHubEventBusPolicy'
+      ManagedPolicyName: !Sub 'DmpHub${Env}EventBusPolicy'
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
@@ -218,7 +218,7 @@ Resources:
     Type: 'AWS::IAM::ManagedPolicy'
     Properties:
       Description: 'DMPHub - Access to the Cognito User Pool Client'
-      ManagedPolicyName: 'DmpHubCognitoPolicy'
+      ManagedPolicyName: !Sub 'DmpHub${Env}CognitoPolicy'
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
@@ -231,7 +231,7 @@ Resources:
     Type: 'AWS::IAM::ManagedPolicy'
     Properties:
       Description: 'DMPHub - Access to the S3 Bucket'
-      ManagedPolicyName: 'DmpHubS3Policy'
+      ManagedPolicyName: !Sub 'DmpHub${Env}S3Policy'
       PolicyDocument:
         Version: '2012-10-17'
         Statement:

templates/dynamo.yaml

@@ -13,8 +13,8 @@ Parameters:
   SsmPath:
     Type: 'String'
 
-  OpenSearchDomain:
-    Type: 'String'
+  # OpenSearchDomain:
+  #   Type: 'String'
 
   DynamoTableClass:
     Type: 'String'
@@ -63,61 +63,61 @@ Resources:
   # DynamoDB polymorphic table for external info (e.g. ROR, DataCite, Crossref, etc.)
   #   See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html
   # ----------------------------------------------
-  ResourcesDynamoTable:
-    Type: 'AWS::DynamoDB::Table'
-    DeletionPolicy: !If
-      - PreventDelete
-      - 'Retain'
-      - 'Delete'
-    Properties:
-      KeySchema:
-        - AttributeName: 'RESOURCE_TYPE'
-          KeyType: 'HASH'
-        - AttributeName: 'ID'
-          KeyType: 'RANGE'
-
-      AttributeDefinitions:
-        # The type of record (e.g. FUNDER, REPOSITORY, PERSON, etc.)
-        - AttributeName: 'RESOURCE_TYPE'
-          AttributeType: 'S'
-        # The identifier for the resource (e.g. ROR, ORCID, URL, etc.)
-        - AttributeName: 'ID'
-          AttributeType: 'S'
-        # The last updated date
-        - AttributeName: 'source'
-          AttributeType: 'S'
-
-      GlobalSecondaryIndexes:
-        # An index to help us quickly fetch all of the
-        - IndexName: 'source_gsi'
-          KeySchema:
-            - AttributeName: 'source'
-              KeyType: 'HASH'
-            - AttributeName: 'ID'
-              KeyType: 'RANGE'
-          Projection:
-            ProjectionType: 'INCLUDE'
-            NonKeyAttributes: ['RESOURCE_TYPE', 'touch_date']
-          ContributorInsightsSpecification:
-            Enabled: !Ref DynamoEnableContributorInsights
-          ProvisionedThroughput: !If
-            - ProvisionedCapacity
-            - ReadCapacityUnits: !Ref DynamoReadCapacityUnits
-              WriteCapacityUnits: !Ref DynamoWriteCapacityUnits
-            - !Ref AWS::NoValue
-
-      BillingMode: !Ref DynamoBillingMode
-      TableClass: !Ref DynamoTableClass
-      ProvisionedThroughput: !If
-        - ProvisionedCapacity
-        - ReadCapacityUnits: !Ref DynamoReadCapacityUnits
-          WriteCapacityUnits: !Ref DynamoWriteCapacityUnits
-        - !Ref AWS::NoValue
-      ContributorInsightsSpecification:
-        Enabled: !Ref DynamoEnableContributorInsights
-      # Determine cost before enabling
-      PointInTimeRecoverySpecification:
-        PointInTimeRecoveryEnabled: !Ref DynamoEnablePointInTimeRecovery
+  # ResourcesDynamoTable:
+  #   Type: 'AWS::DynamoDB::Table'
+  #   DeletionPolicy: !If
+  #     - PreventDelete
+  #     - 'Retain'
+  #     - 'Delete'
+  #   Properties:
+  #     KeySchema:
+  #       - AttributeName: 'RESOURCE_TYPE'
+  #         KeyType: 'HASH'
+  #       - AttributeName: 'ID'
+  #         KeyType: 'RANGE'
+  #
+  #     AttributeDefinitions:
+  #       # The type of record (e.g. FUNDER, REPOSITORY, PERSON, etc.)
+  #       - AttributeName: 'RESOURCE_TYPE'
+  #         AttributeType: 'S'
+  #       # The identifier for the resource (e.g. ROR, ORCID, URL, etc.)
+  #       - AttributeName: 'ID'
+  #         AttributeType: 'S'
+  #       # The last updated date
+  #       - AttributeName: 'source'
+  #         AttributeType: 'S'
+  #
+  #     GlobalSecondaryIndexes:
+  #       # An index to help us quickly fetch all of the
+  #       - IndexName: 'source_gsi'
+  #         KeySchema:
+  #           - AttributeName: 'source'
+  #             KeyType: 'HASH'
+  #           - AttributeName: 'ID'
+  #             KeyType: 'RANGE'
+  #         Projection:
+  #           ProjectionType: 'INCLUDE'
+  #           NonKeyAttributes: ['RESOURCE_TYPE', 'touch_date']
+  #         ContributorInsightsSpecification:
+  #           Enabled: !Ref DynamoEnableContributorInsights
+  #         ProvisionedThroughput: !If
+  #           - ProvisionedCapacity
+  #           - ReadCapacityUnits: !Ref DynamoReadCapacityUnits
+  #             WriteCapacityUnits: !Ref DynamoWriteCapacityUnits
+  #           - !Ref AWS::NoValue
+  #
+  #     BillingMode: !Ref DynamoBillingMode
+  #     TableClass: !Ref DynamoTableClass
+  #     ProvisionedThroughput: !If
+  #       - ProvisionedCapacity
+  #       - ReadCapacityUnits: !Ref DynamoReadCapacityUnits
+  #         WriteCapacityUnits: !Ref DynamoWriteCapacityUnits
+  #       - !Ref AWS::NoValue
+  #     ContributorInsightsSpecification:
+  #       Enabled: !Ref DynamoEnableContributorInsights
+  #     # Determine cost before enabling
+  #     PointInTimeRecoverySpecification:
+  #       PointInTimeRecoveryEnabled: !Ref DynamoEnablePointInTimeRecovery
 
   # ----------------------------------------------
   # DynamoDB polymorphic table for DMPs
@@ -254,19 +254,19 @@ Resources:
       Type: 'String'
       Value: !Select [1, !Split ['/', !GetAtt DynamoTable.Arn]]
 
-  OpenSearchDomainParameter:
-    Type: 'AWS::SSM::Parameter'
-    Properties:
-      Description: !Sub "${AWS::StackName} OpenSearch Domain"
-      Name: !Sub "${SsmPath}OpenSearchDomain"
-      Type: 'String'
-      Value: !Ref OpenSearchDomain
+  # OpenSearchDomainParameter:
+  #   Type: 'AWS::SSM::Parameter'
+  #   Properties:
+  #     Description: !Sub "${AWS::StackName} OpenSearch Domain"
+  #     Name: !Sub "${SsmPath}OpenSearchDomain"
+  #     Type: 'String'
+  #     Value: !Ref OpenSearchDomain
 
 Outputs:
-  ResourcesDynamoTableName:
-    Value: !Select [1, !Split ['/', !GetAtt ResourcesDynamoTable.Arn]]
-    Export:
-      Name: !Sub '${Env}-ResourcesDynamoTableName'
+  # ResourcesDynamoTableName:
+  #   Value: !Select [1, !Split ['/', !GetAtt ResourcesDynamoTable.Arn]]
+  #   Export:
+  #     Name: !Sub '${Env}-ResourcesDynamoTableName'
 
   DynamoTableName:
     Value: !Select [1, !Split ['/', !GetAtt DynamoTable.Arn]]
@@ -286,7 +286,7 @@ Outputs:
     Export:
       Name: !Sub '${Env}-DynamoTableArn'
 
-  ResourcesDynamoTableArn:
-    Value: !GetAtt ResourcesDynamoTable.Arn
-    Export:
-      Name: !Sub '${Env}-ResourcesDynamoTableArn'
+  # ResourcesDynamoTableArn:
+  #   Value: !GetAtt ResourcesDynamoTable.Arn
+  #   Export:
+  #     Name: !Sub '${Env}-ResourcesDynamoTableArn'