Added support for GitHub

.gitignore

@@ -27,4 +27,5 @@ build
 /deployment/open-source
 /deployment/state_machines/sample_events/
 /deployment/global-s3-assets/
-/deployment/regional-s3-assets/
+/deployment/regional-s3-assets/
+*.swp

README.md

@@ -4,7 +4,11 @@ The Customizations for AWS Control Tower solution combines AWS Control Tower and
 ## Getting Started 
 To get started with Customizations for AWS Control Tower, please review the [documentation](https://docs.aws.amazon.com/controltower/latest/userguide/customize-landing-zone.html)
 
-## Running unit tests for customization 
+The solution can be deployed using one of three sources, S3, CodeCommit and GitHub.
+
+## Deploying with S3 as the Source
+
+### Running unit tests for customization 
 * Clone the repository, then make the desired code changes 
 * Next, run unit tests to make sure added customization passes the tests 
 
@@ -13,7 +17,7 @@ chmod +x ./deployment/run-unit-tests.sh
 ./deployment/run-unit-tests.sh
 ``` 
 
-## Building the customized solution
+### Building the customized solution
 * Building the solution from source requires Python 3.6 or higher
 * Configure the solution name, version number, bucket name and (optional) opt-in region support of your target Amazon S3 distribution bucket 
 
@@ -49,15 +53,57 @@ chmod +x ./deployment/build-s3-dist.sh
     s3://my-bucket-name-$REGION/$SOLUTION_NAME/$VERSION/
     ``` 
 
-## Deploying the customized solution
+### Deploying the customized solution
 * Get the link of the custom-control-tower-initiation.template loaded to your Amazon S3 bucket. 
 * Deploy the Customizations for AWS Control Tower solution to your account by launching a new AWS CloudFormation stack using the link of the custom-control-tower-initiation.template.
 
+## Deploying with GitHub as the Source
+
+### Prepare a GitHub Repository
+Create a repository within your GitHub account, and populate with the contents of this repository. 
+**Consider making the target repository private**. 
+You can use the [Import your project to GitHub](https://github.com/new/import) to make this process easier.
 
+### Running unit tests for customization 
+* Clone your GitHub repository, You might use a tool such as [GitHub Desktop](https://desktop.github.com/download/), if you wish.
+* then make the desired code changes
+* Next, run unit tests to make sure added customization passes the tests
+
+```  
+chmod +x ./deployment/run-unit-tests.sh
+./deployment/run-unit-tests.sh
+```
+Once you have a build ready, commit it to the repository and push it to GitHub.
+
+### Deploying the customized solution
+* [Developer Tools - Connections](https://console.aws.amazon.com/codesuite/settings/connections) instance for GitHub
+* Select **Create connection**
+  * Select `GitHub` as the **provider**
+  * **Create GitHub App connection** in **Connection name** type `GitHub - CfCT`
+  * Select **Connect to GitHub**
+* Connect to GitHub
+  * Select **Install a new app**
+  * Select the GitHub User/Organization for your repository
+* AWS Connector for GitHub
+  * Under **Repository access**, select **Only select repositories** and select only the repository you created earlier.
+  * Select **Save**
+* Make a note of the Code Connections ARN, as you'll need to provide this when deploying the AWS CloudFormation stack.
+
+* Get the link of the custom-control-tower-initiation.template in the root of your repository.
+* Deploy the Customizations for AWS Control Tower solution to your account by launching a new AWS CloudFormation stack using the link of the custom-control-tower-initiation.template.
+ * Under **AWS CodePipeline Source** 
+   * Select `GitHub (via Code Connection)`
+ * Under **GitHub Setup (Applicable if 'GitHub (via Code Connection)' was selected as the CodePipeline Source)**
+   * **The ARN of the Code Connection** provide the `Code Connection ARN`
+   * **The GitHub user or organization that owns the repository** type the GitHub user/organization under which you created the repository
+   * **The GitHub repository for the customizations** the repository name (defaults to `custom-control-tower-configuration`)
+   * **The branch name for the GitHub repository** the branch name (defaults to `main`)
+
+
 ## Collection of operational metrics
 
 This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [documentation here](https://docs.aws.amazon.com/controltower/latest/userguide/cfct-metrics.html).
 
 ## License
 
-See license [here](https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/LICENSE.txt) 
+See license [here](https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/LICENSE.txt) 

customizations-for-aws-control-tower.template

@@ -32,6 +32,7 @@ Parameters:
     AllowedValues:
       - 'Amazon S3'
       - 'AWS CodeCommit'
+      - 'GitHub (via Code Connection)'
     Default: 'Amazon S3'
     Type: String
 
@@ -54,6 +55,28 @@ Parameters:
       - 'Yes'
       - 'No'
 
+  CodeConnection:
+    Description:  Resource ARN for the Code Connection to use
+    Type: String
+    AllowedPattern: '(?!.*\s)|(arn:aws(-[\w]+)*:.+:.+:[0-9]{12}:.+)'
+
+  GitHubOwnerName:
+    Description: The user/organization that owns the GitHub repository
+    Default: git-username
+    Type: String
+    AllowedPattern: '(?!.*\s)|(^[A-Za-z0-9](?:[A-Za-z0-9]|-(?=[A-Za-z0-9])){0,38}$)'
+
+  GitHubRepositoryName:
+    Description: The name of the GitHub repository that contains custom Control Tower configuration. The suffix .git is prohibited.
+    Default: custom-control-tower-configuration
+    Type: String
+    AllowedPattern: '^[\w\.-]+'
+
+  GitHubBranchName:
+    Description: Name of the branch in GitHub repository that contains custom Control Tower configuration.
+    Default: main
+    Type: String
+
   RegionConcurrencyType:
     Description: Select the the concurrency type of deploying StackSets operations in Regions.
     Default: 'PARALLEL'
@@ -100,6 +123,13 @@ Metadata:
       - ExistingRepository
       - CodeCommitRepositoryName
       - CodeCommitBranchName
+    - Label:
+        default: GitHub Setup (Applicable if 'GitHub (via Code Connection)' was selected as the CodePipeline Source)
+      Parameters:
+        - CodeConnection
+        - GitHubOwnerName
+        - GitHubRepositoryName
+        - GitHubBranchName
     - Label:
         default: AWS CloudFormation StackSets Configuration
       Parameters:
@@ -126,6 +156,14 @@ Metadata:
         default: Max Concurrent Percentage
       FailureTolerancePercentage:
         default: Failure Tolerance Percentage
+      CodeConnection:
+        default: The ARN of the Code Connection
+      GitHubOwnerName:
+        default: The GitHub user or organization that owns the repository
+      GitHubRepositoryName:
+        default: The GitHub repository for the customizations
+      GitHubBranchName:
+        default: The branch name for the GitHub repository
 
 Mappings:
   BucketConfiguration:
@@ -167,10 +205,38 @@ Conditions:
   IsPipelineApprovalStageCondition: !Equals [!Ref PipelineApprovalStage, 'Yes']
   IsBuildCustomControlTowerCondition: !Equals [!FindInMap [AutoBuild, CustomControlTower, Flag], 'Yes']
   IsCodeCommitPipelineSource: !Equals [!Ref CodePipelineSource, 'AWS CodeCommit']
+  IsGitHubPipelineSource: !Equals [!Ref CodePipelineSource, 'GitHub (via Code Connection)']
   IsS3PipelineSource: !Equals [!Ref CodePipelineSource, "Amazon S3"]
   IsExistingRepository: !Equals [!Ref ExistingRepository, 'Yes']
   IsNewCodeCommitRepository: !And [!Not [!Condition IsExistingRepository], !Condition IsCodeCommitPipelineSource]
 
+Rules:
+  GitHubPipelineSource:
+    RuleCondition:  !Equals
+      - !Ref CodePipelineSource
+      - 'GitHub (via Code Connection)'
+    Assertions:
+      - Assert: !Not
+          - !Equals
+              - !Ref CodeConnection
+              - ""
+        AsertDescription: "The ARN of a Code Connection is required for a deployment using GitHub as its source"
+      - Assert: !Not
+          - !Equals
+              - !Ref GitHubOwnerName
+              - ""
+        AsertDescription: "The Owner (User or Organization) for the GitHub repoitory is required for a deployment using GitHub as its source"
+      - Assert: !Not
+          - !Equals
+              - !Ref GitHubRepositoryName
+              - ""
+        AsertDescription: "The repository name for the GitHub repository is required for a deployment using GitHub as its source"
+      - Assert: !Not
+          - !Equals
+              - !Ref GitHubBranchName
+              - ""
+        AsertDescription: "The branch name for the GitHub repository is required for a deployment using GitHub as its source"
+
 Resources:
 
   PipelineApprovalTopic:
@@ -450,6 +516,17 @@ Resources:
                     - "sns:Publish"
                   Resource: !Ref PipelineApprovalTopic
                 - !Ref AWS::NoValue
+              - !If
+                - IsGitHubPipelineSource
+                - Effect: "Allow"
+                  Action: 
+                    - 'codestar-connections:UseConnection'
+                    - 'codestar-connections:GetConnection'
+                    - 'codestar-connections:ListConnections'
+                    - 'codestar-connections:ListTagsForResource'
+                  Resource: !Ref CodeConnection
+                - !Ref AWS::NoValue
+
 
   CustomControlTowerCodePipeline:
     Type: AWS::CodePipeline::Pipeline
@@ -464,24 +541,24 @@ Resources:
           Actions:
             - Name: Source
               ActionTypeId:
-                !If
-                  - IsCodeCommitPipelineSource
-                  - Category: Source
-                    Owner: AWS
-                    Version: "1"
-                    Provider: CodeCommit
-                  - Category: Source
-                    Owner: AWS
-                    Version: "1"
-                    Provider: S3
+                Category: Source
+                Owner: AWS
+                Version: 1
+                Provider: !If [ IsCodeCommitPipelineSource, CodeCommit, !If [ IsGitHubPipelineSource, CodeStarSourceConnection, S3]]
               OutputArtifacts:
                 - Name: SourceApp
               Configuration:
                 !If
-                  - IsCodeCommitPipelineSource
-                  - RepositoryName: !Ref CodeCommitRepositoryName
-                    BranchName: !Ref CodeCommitBranchName
-                    PollForSourceChanges: false
+                - IsCodeCommitPipelineSource
+                - RepositoryName: !Ref CodeCommitRepositoryName
+                  BranchName: !Ref CodeCommitBranchName
+                  PollForSourceChanges: false
+                - !If
+                  - IsGitHubPipelineSource
+                  - ConnectionArn: !Ref CodeConnection
+                    FullRepositoryId: !Sub "${GitHubOwnerName}/${GitHubRepositoryName}"
+                    BranchName: !Ref GitHubBranchName
+                    DetectChanges: true
                   - S3Bucket: !Ref CustomControlTowerPipelineS3Bucket
                     S3ObjectKey: !FindInMap [BucketConfiguration, CustomControlTowerPipelineS3TriggerKey, Name]
                     PollForSourceChanges: false