updated doc and some cleanup at pipeline.ts

aws-observability · Sep 29, 2023 · db02580 · db02580
1 parent b4c826d
commit db02580
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 45 deletions.
diff --git a/docs/patterns/images/multi-acc-new-eks-mixed-observability-pattern-runme-v1.gif b/docs/patterns/images/multi-acc-new-eks-mixed-observability-pattern-runme-v1.gif
diff --git a/...lti-new-eks-observability-accelerators/multi-acc-new-eks-mixed-observability.md b/...lti-new-eks-observability-accelerators/multi-acc-new-eks-mixed-observability.md
@@ -54,6 +54,8 @@ cd cdk-aws-observability-accelerator
 
 > ___Pro Tip:___ This document is compatible to run as Notebook with [RUNME for VS Code](https://docs.runme.dev/install#runme-for-vs-code) . There's no need to manually copy and paste commands. You can effortlessly execute them directly from this markdown file. Feel free to give it a try! `code docs/patterns/multi-new-eks-observability-accelerators/multi-acc-new-eks-mixed-observability.md`
 
+![runme-sample](../images/multi-acc-new-eks-mixed-observability-pattern-runme-v1.gif)
+
 ---
 
 ### SSO Profile Setup

diff --git a/lib/multi-acc-new-eks-mixed-observability-pattern/pipeline.ts b/lib/multi-acc-new-eks-mixed-observability-pattern/pipeline.ts
@@ -96,56 +96,11 @@ export class PipelineMultiEnvMonitoring {
         const blueprintCloudWatch = new CloudWatchMonitoringConstruct().create(scope, context.prodEnv2.account, context.prodEnv2.region, PROD2_ENV_ID);
         const blueprintAmg = new GrafanaOperatorConstruct().create(scope, context.monitoringEnv.account, context.monitoringEnv.region);
 
-        // Argo configuration per environment
-        // CHANGE ME FINALLY
-        // const prodArgoAddonConfig = createArgoAddonConfig(
-        //     'https://github.com/aws-observability/aws-observability-accelerator.git',
-        //     'artifacts/sample-apps/envs/prod',
-        //     'main',
-        //     'public'
-        // );
-        const prodArgoAddonConfig = createArgoAddonConfig(
-            'https://github.com/iamprakkie/aws-observability-accelerator.git',
-            'artifacts/sample-apps/envs/prod',
-            'artifacts',
-            'public'
-        );
-
-        // CHANGE ME FINALLY HERE AS WELL AS IN APP'S VALUES.YAML
-        // const grafanaOperatorArgoAddonConfig = createGOArgoAddonConfig(
-        //     'https://github.com/aws-observability/aws-observability-accelerator.git',
-        //     'artifacts/sample-apps/grafana-operator-app',
-        //     'main',
-        //     'private'
-        // );
-        const grafanaOperatorArgoAddonConfig = createGOArgoAddonConfig(
-            'https://github.com/iamprakkie/aws-observability-accelerator.git',
-            'artifacts/sample-apps/grafana-operator-app',
-            'artifacts',
-            'private'
-        );
-
         // Get AMG info from SSM SecureString
         const amgInfo = JSON.parse(await getSSMSecureString('/cdk-accelerator/amg-info',this.pipelineRegion))['amg'];
         amgWorkspaceUrl = amgInfo.workspaceURL;
         const amgWorkspaceIAMRoleARN = amgInfo.workspaceIAMRoleARN;
 
-        // Props for cross-account trust role in PROD1 account to trust AMG from MON account, inorder to access PROD1's AMP.
-        ampAssumeRoleName = "AMPAccessForTrustedAMGRole";
-        const AMPAccessRoleStackProps: CreateIAMRoleNestedStackProps = {
-            roleName: ampAssumeRoleName!,
-            trustArn: amgWorkspaceIAMRoleARN!,
-            policyDocument: getAMPAccessPolicyDocument()
-        };
-
-        // Props for cross-account trust role in PROD2 account to trust AMG from MON account, inorder to access PROD2's CloudWatch data
-        cwAssumeRoleName = "CWAccessForTrustedAMGRole";
-        const CWAccessRoleStackProps: CreateIAMRoleNestedStackProps = {
-            roleName: cwAssumeRoleName,
-            trustArn: amgWorkspaceIAMRoleARN!,
-            policyDocument: getCWAccessPolicyDocument()
-        };
-
         const AmgIamSetupStackProps: AmgIamSetupStackProps = {
             roleArn: amgWorkspaceIAMRoleARN,
             accounts: [context.prodEnv1.account!, context.prodEnv2.account!]
@@ -174,6 +129,21 @@ export class PipelineMultiEnvMonitoring {
             })
             .enableCrossAccountKeys();
 
+        // ArgoCD configuration for monitoringEnv
+        // CHANGE ME FINALLY HERE AS WELL AS IN APP'S VALUES.YAML
+        // const grafanaOperatorArgoAddonConfig = createGOArgoAddonConfig(
+        //     'https://github.com/aws-observability/aws-observability-accelerator.git',
+        //     'artifacts/sample-apps/grafana-operator-app',
+        //     'main',
+        //     'private'
+        // );
+        const grafanaOperatorArgoAddonConfig = createGOArgoAddonConfig(
+            'https://github.com/iamprakkie/aws-observability-accelerator.git',
+            'artifacts/sample-apps/grafana-operator-app',
+            'artifacts',
+            'private'
+        );
+
         const monStage: blueprints.StackStage = {
             id: MON_ENV_ID,
             stackBuilder: blueprintAmg
@@ -186,6 +156,29 @@ export class PipelineMultiEnvMonitoring {
                 .addOns(grafanaOperatorArgoAddonConfig)
         };
 
+        // Argo configuration for prod1 and prod2
+        // CHANGE ME FINALLY HERE AS WELL AS IN APP'S VALUES.YAML
+        // const prodArgoAddonConfig = createArgoAddonConfig(
+        //     'https://github.com/aws-observability/aws-observability-accelerator.git',
+        //     'artifacts/sample-apps/envs/prod',
+        //     'main',
+        //     'public'
+        // );
+        const prodArgoAddonConfig = createArgoAddonConfig(
+            'https://github.com/iamprakkie/aws-observability-accelerator.git',
+            'artifacts/sample-apps/envs/prod',
+            'artifacts',
+            'public'
+        );
+
+        // Props for cross-account trust role in PROD1 account to trust AMG from MON account, inorder to access PROD1's AMP.
+        ampAssumeRoleName = "AMPAccessForTrustedAMGRole";
+        const AMPAccessRoleStackProps: CreateIAMRoleNestedStackProps = {
+            roleName: ampAssumeRoleName!,
+            trustArn: amgWorkspaceIAMRoleARN!,
+            policyDocument: getAMPAccessPolicyDocument()
+        };
+
         const ampStage: blueprints.StackStage = {
             id: PROD1_ENV_ID,
             stackBuilder: blueprintAmp
@@ -199,6 +192,14 @@ export class PipelineMultiEnvMonitoring {
                 .addOns(prodArgoAddonConfig)
         };
 
+        // Props for cross-account trust role in PROD2 account to trust AMG from MON account, inorder to access PROD2's CloudWatch data
+        cwAssumeRoleName = "CWAccessForTrustedAMGRole";
+        const CWAccessRoleStackProps: CreateIAMRoleNestedStackProps = {
+            roleName: cwAssumeRoleName,
+            trustArn: amgWorkspaceIAMRoleARN!,
+            policyDocument: getCWAccessPolicyDocument()
+        };
+
         const cwStage: blueprints.StackStage = {
             id: PROD2_ENV_ID,
             stackBuilder: blueprintCloudWatch
-Original file line number
+Diff line change
@@ Expand Up / @@ -54,6 +54,8 @@ cd cdk-aws-observability-accelerator @@
     > ___Pro Tip:___ This document is compatible to run as Notebook with [RUNME for VS Code](https://docs.runme.dev/install#runme-for-vs-code) . There's no need to manually copy and paste commands. You can effortlessly execute them directly from this markdown file. Feel free to give it a try! `code docs/patterns/multi-new-eks-observability-accelerators/multi-acc-new-eks-mixed-observability.md`
+    ![runme-sample](../images/multi-acc-new-eks-mixed-observability-pattern-runme-v1.gif)
     ---
     ### SSO Profile Setup
@@ Expand Down @@