From f024cd944f22f8978846b9aaf40143f9db12f178 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Mon, 2 Oct 2023 20:04:56 -0400 Subject: [PATCH 01/22] dotnet7 --- PetAdoptions/petsite/petsite/Dockerfile | 4 +- PetAdoptions/petsite/petsite/PetSite.csproj | 42 ++++++++++----------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/PetAdoptions/petsite/petsite/Dockerfile b/PetAdoptions/petsite/petsite/Dockerfile index 35eeb724..04a9114b 100644 --- a/PetAdoptions/petsite/petsite/Dockerfile +++ b/PetAdoptions/petsite/petsite/Dockerfile @@ -1,9 +1,9 @@ -FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim AS base +FROM mcr.microsoft.com/dotnet/aspnet:7.0-bullseye-slim-amd64 AS base WORKDIR /app EXPOSE 80 EXPOSE 443 -FROM mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim AS build +FROM mcr.microsoft.com/dotnet/sdk:7.0-bullseye-slim-amd64 AS build WORKDIR /src COPY . . RUN dotnet restore "PetSite.csproj" diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 548e3eac..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -1,6 +1,6 @@ - net6.0 + net7.0 a80ee246-1735-4630-bd6a-0fd3d01d8e35 Linux @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From 4a53c7e2d93c4b06d1c6e9856f72fabff9b2ac4a Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 11:57:55 -0400 Subject: [PATCH 02/22] revert dependencies --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 +++++++++++---------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 463932d2..39b93b2d 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,29 +15,31 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - + + + + + + From cf691a187d2bff9c69af9be03fbce404ddf44da5 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 16:45:36 -0400 Subject: [PATCH 03/22] update deps --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 ++++++++++----------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 39b93b2d..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From eae839961130f1abae50be485811ca5d7eecf584 Mon Sep 17 00:00:00 2001 From: Rodrigue Koffi Date: Thu, 12 Oct 2023 22:06:47 +0200 Subject: [PATCH 04/22] Bump staging to main (#254) * Add AmazonPrometheusRemoteWriteAccess policy to stepfnlambdaexecutionrole * dotnet7 * revert dependencies * update deps --------- Co-authored-by: Annamalai Sekar Co-authored-by: Rodrigue Koffi Co-authored-by: Imaya Kumar Jagannathan --- PetAdoptions/cdk/pet_stack/lib/services/stepfn.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/PetAdoptions/cdk/pet_stack/lib/services/stepfn.ts b/PetAdoptions/cdk/pet_stack/lib/services/stepfn.ts index db0f5358..28c4a639 100644 --- a/PetAdoptions/cdk/pet_stack/lib/services/stepfn.ts +++ b/PetAdoptions/cdk/pet_stack/lib/services/stepfn.ts @@ -24,7 +24,8 @@ export class PetAdoptionsStepFn extends Construct { iam.ManagedPolicy.fromManagedPolicyArn(this, 'second', 'arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess'), iam.ManagedPolicy.fromManagedPolicyArn(this, 'third', 'arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess'), iam.ManagedPolicy.fromManagedPolicyArn(this, 'fourth', 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'), - iam.ManagedPolicy.fromManagedPolicyArn(this, 'fifth', 'arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy') + iam.ManagedPolicy.fromManagedPolicyArn(this, 'fifth', 'arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy'), + iam.ManagedPolicy.fromManagedPolicyArn(this, 'sixth', 'arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess') ] }); From 21aa4f4c037f7de129e36a057ce62c475be16462 Mon Sep 17 00:00:00 2001 From: Janak Vadaria Date: Sat, 11 Nov 2023 15:16:48 +0530 Subject: [PATCH 05/22] Added Application insights module code --- .../cdk/pet_stack/lib/applications.ts | 9 ++++ PetAdoptions/cdk/pet_stack/lib/services.ts | 41 ++++++++++++++++++- .../dynamodb-query-function.py | 30 ++++++++++++++ 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 PetAdoptions/cdk/pet_stack/resources/application-insights/dynamodb-query-function.py diff --git a/PetAdoptions/cdk/pet_stack/lib/applications.ts b/PetAdoptions/cdk/pet_stack/lib/applications.ts index f84dd406..6736c1f5 100644 --- a/PetAdoptions/cdk/pet_stack/lib/applications.ts +++ b/PetAdoptions/cdk/pet_stack/lib/applications.ts @@ -1,6 +1,7 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import * as ssm from 'aws-cdk-lib/aws-ssm'; import * as eks from 'aws-cdk-lib/aws-eks'; +import * as resourcegroups from 'aws-cdk-lib/aws-resourcegroups'; import { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets'; import * as yaml from 'js-yaml'; import { Stack, StackProps, CfnJson, Fn, CfnOutput } from 'aws-cdk-lib'; @@ -119,6 +120,14 @@ export class Applications extends Stack { 'PetSiteECRImageURL': petsiteAsset.imageUri, 'PetStoreServiceAccountArn': petstoreserviceaccount.roleArn, }))); + // Creating AWS Resource Group for all the resources of stack. + const applicationsCfnGroup = new resourcegroups.CfnGroup(this, 'ApplicationsCfnGroup', { + name: stackName, + description: 'Contains all the resources deployed by Cloudformation Stack ' + stackName, + resourceQuery: { + type: 'CLOUDFORMATION_STACK_1_0', + } + }); } private createSsmParameters(params: Map) { diff --git a/PetAdoptions/cdk/pet_stack/lib/services.ts b/PetAdoptions/cdk/pet_stack/lib/services.ts index 903725da..099055b7 100644 --- a/PetAdoptions/cdk/pet_stack/lib/services.ts +++ b/PetAdoptions/cdk/pet_stack/lib/services.ts @@ -19,6 +19,8 @@ import * as cloud9 from 'aws-cdk-lib/aws-cloud9'; import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; import * as ecr from 'aws-cdk-lib/aws-ecr'; import * as ecrassets from 'aws-cdk-lib/aws-ecr-assets'; +import * as applicationinsights from 'aws-cdk-lib/aws-applicationinsights'; +import * as resourcegroups from 'aws-cdk-lib/aws-resourcegroups'; import { Construct } from 'constructs' import { PayForAdoptionService } from './services/pay-for-adoption-service' @@ -656,13 +658,50 @@ var dashboardBody = readFileSync("./resources/cw_dashboard_fluent_bit.json","utf dashboardBody: costControlDashboardBody }); + // Creating AWS Resource Group for all the resources of stack. + const servicesCfnGroup = new resourcegroups.CfnGroup(this, 'ServicesCfnGroup', { + name: stackName, + description: 'Contains all the resources deployed by Cloudformation Stack ' + stackName, + resourceQuery: { + type: 'CLOUDFORMATION_STACK_1_0', + } + }); + // Enabling CloudWatch Application Insights for Resource Group + const servicesCfnApplication = new applicationinsights.CfnApplication(this, 'ServicesApplicationInsights', { + resourceGroupName: servicesCfnGroup.name, + autoConfigurationEnabled: true, + cweMonitorEnabled: true, + opsCenterEnabled: true, + }); + // Adding dependency to create these resources at last + servicesCfnGroup.node.addDependency(petSiteCostControlDashboard); + servicesCfnApplication.node.addDependency(servicesCfnGroup); + // Adding a Lambda function to produce the errors - manually executed + var dynamodbQueryLambdaRole = new iam.Role(this, 'dynamodbQueryLambdaRole', { + assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'), + managedPolicies: [ + iam.ManagedPolicy.fromManagedPolicyArn(this, 'manageddynamodbread', 'arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'), + iam.ManagedPolicy.fromManagedPolicyArn(this, 'lambdaBasicExecRoletoddb', 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole') + ] + }); + + var dynamodbQueryFunction = new lambda.Function(this, 'dynamodb-query-function', { + code: lambda.Code.fromAsset(path.join(__dirname, '/../resources/application-insights')), + handler: 'dynamodb-query-function.lambda_handler', + memorySize: 128, + runtime: lambda.Runtime.PYTHON_3_9, + role: dynamodbQueryLambdaRole, + timeout: Duration.seconds(900) + }); + dynamodbQueryFunction.addEnvironment("DYNAMODB_TABLE_NAME", dynamodb_petadoption.tableName); this.createOuputs(new Map(Object.entries({ 'CWServiceAccountArn': cwserviceaccount.roleArn, 'XRayServiceAccountArn': xrayserviceaccount.roleArn, 'OIDCProviderUrl': cluster.clusterOpenIdConnectIssuerUrl, 'OIDCProviderArn': cluster.openIdConnectProvider.openIdConnectProviderArn, - 'PetSiteUrl': `http://${alb.loadBalancerDnsName}` + 'PetSiteUrl': `http://${alb.loadBalancerDnsName}`, + 'DynamoDBQueryFunction': dynamodbQueryFunction.functionName }))); diff --git a/PetAdoptions/cdk/pet_stack/resources/application-insights/dynamodb-query-function.py b/PetAdoptions/cdk/pet_stack/resources/application-insights/dynamodb-query-function.py new file mode 100644 index 00000000..ec66e514 --- /dev/null +++ b/PetAdoptions/cdk/pet_stack/resources/application-insights/dynamodb-query-function.py @@ -0,0 +1,30 @@ +import os +import time +import boto3 +from boto3.dynamodb.conditions import Key + +dynamodb = boto3.resource('dynamodb') +DYNAMODB_TABLE_NAME = os.environ['DYNAMODB_TABLE_NAME'] + +def lambda_handler(event, context): + table = dynamodb.Table(DYNAMODB_TABLE_NAME) + error_mode = event.get('error_mode') + if error_mode == 'true': + query_key = 'wrongKey' + else: + query_key = 'pettype' + t_end = time.time() + 60 * 13 + while time.time() < t_end: + try: + response = table.query( + KeyConditionExpression=Key(query_key).eq('puppy') + ) + items = response['Items'] + except Exception as e: + print("An exception occurred, but still continuing. The error is: ",e) + items = "FunctionError" + time.sleep(30) + return { + 'statusCode': 200, + 'body': items + } \ No newline at end of file From 4355db1a746710e8a572d9f1e14a4f8c1beddbea Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Mon, 2 Oct 2023 20:04:56 -0400 Subject: [PATCH 06/22] dotnet7 --- PetAdoptions/petsite/petsite/Dockerfile | 4 +- PetAdoptions/petsite/petsite/PetSite.csproj | 42 ++++++++++----------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/PetAdoptions/petsite/petsite/Dockerfile b/PetAdoptions/petsite/petsite/Dockerfile index 35eeb724..04a9114b 100644 --- a/PetAdoptions/petsite/petsite/Dockerfile +++ b/PetAdoptions/petsite/petsite/Dockerfile @@ -1,9 +1,9 @@ -FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim AS base +FROM mcr.microsoft.com/dotnet/aspnet:7.0-bullseye-slim-amd64 AS base WORKDIR /app EXPOSE 80 EXPOSE 443 -FROM mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim AS build +FROM mcr.microsoft.com/dotnet/sdk:7.0-bullseye-slim-amd64 AS build WORKDIR /src COPY . . RUN dotnet restore "PetSite.csproj" diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 548e3eac..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -1,6 +1,6 @@ - net6.0 + net7.0 a80ee246-1735-4630-bd6a-0fd3d01d8e35 Linux @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From af63d6fb97dffba2948af3ffa0b2b20f89cdd254 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 11:57:55 -0400 Subject: [PATCH 07/22] revert dependencies --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 +++++++++++---------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 463932d2..39b93b2d 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,29 +15,31 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - + + + + + + From f4e7c616e6fce45f7c31b09448a6494fd38f7583 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 16:45:36 -0400 Subject: [PATCH 08/22] update deps --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 ++++++++++----------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 39b93b2d..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From 3d993cc7b84d958728663357dca816ee8365e659 Mon Sep 17 00:00:00 2001 From: hmmuthus Date: Fri, 17 Nov 2023 10:06:09 -0500 Subject: [PATCH 09/22] Enabling AWS Observbility Enhanced monitoring for EKS and removed manifests --- PetAdoptions/cdk/pet_stack/lib/services.ts | 71 ++++++---------------- 1 file changed, 18 insertions(+), 53 deletions(-) diff --git a/PetAdoptions/cdk/pet_stack/lib/services.ts b/PetAdoptions/cdk/pet_stack/lib/services.ts index 099055b7..49d6ab72 100644 --- a/PetAdoptions/cdk/pet_stack/lib/services.ts +++ b/PetAdoptions/cdk/pet_stack/lib/services.ts @@ -549,60 +549,25 @@ export class Services extends Stack { awsLoadBalancerManifest.node.addDependency(loadBalancerServiceAccount); awsLoadBalancerManifest.node.addDependency(waitForLBServiceAccount); - // NOTE: amazon-cloudwatch namespace is created here!! - var fluentbitYaml = yaml.loadAll(readFileSync("./resources/cwagent-fluent-bit-quickstart.yaml","utf8")) as Record[]; - fluentbitYaml[1].metadata.annotations["eks.amazonaws.com/role-arn"] = new CfnJson(this, "fluentbit_Role", { value : `${cwserviceaccount.roleArn}` }); - - fluentbitYaml[4].data["cwagentconfig.json"] = JSON.stringify({ - agent: { - region: region }, - logs: { - metrics_collected: { - kubernetes: { - cluster_name: "PetSite", - metrics_collection_interval: 60 - } - }, - force_flush_interval: 5 - - } - - }); - - fluentbitYaml[6].data["cluster.name"] = "PetSite"; - fluentbitYaml[6].data["logs.region"] = region; - fluentbitYaml[7].metadata.annotations["eks.amazonaws.com/role-arn"] = new CfnJson(this, "cloudwatch_Role", { value : `${cwserviceaccount.roleArn}` }); - - // The `cluster-info` configmap is used by the current Python implementation for the `AwsEksResourceDetector` - fluentbitYaml[12].data["cluster.name"] = "PetSite"; - fluentbitYaml[12].data["logs.region"] = region; - - const fluentbitManifest = new eks.KubernetesManifest(this,"cloudwatcheployment",{ - cluster: cluster, - manifest: fluentbitYaml - }); - // CloudWatch agent for prometheus metrics - var prometheusYaml = yaml.loadAll(readFileSync("./resources/prometheus-eks.yaml","utf8")) as Record[]; - - prometheusYaml[0].metadata.annotations["eks.amazonaws.com/role-arn"] = new CfnJson(this, "prometheus_Role", { value : `${cwserviceaccount.roleArn}` }); - - const prometheusManifest = new eks.KubernetesManifest(this,"prometheusdeployment",{ - cluster: cluster, - manifest: prometheusYaml - }); - - prometheusManifest.node.addDependency(fluentbitManifest); // Namespace creation dependency - - -var dashboardBody = readFileSync("./resources/cw_dashboard_fluent_bit.json","utf-8"); - dashboardBody = dashboardBody.replaceAll("{{YOUR_CLUSTER_NAME}}","PetSite"); - dashboardBody = dashboardBody.replaceAll("{{YOUR_AWS_REGION}}",region); - - const fluentBitDashboard = new cloudwatch.CfnDashboard(this, "FluentBitDashboard", { - dashboardName: "EKS_FluentBit_Dashboard", - dashboardBody: dashboardBody - }); + // NOTE: Amazon CloudWatch Observability Addon for CloudWatch Agent and Fluentbit + const otelAddon = new eks.CfnAddon(this, 'otelObservabilityAddon', { + addonName: 'amazon-cloudwatch-observability', + clusterName: cluster.clusterName, + // the properties below are optional + resolveConflicts: 'OVERWRITE', + preserveOnDelete: false, + serviceAccountRoleArn: cwserviceaccount.roleArn, + }); + + var dashboardBody = readFileSync("./resources/cw_dashboard_fluent_bit.json","utf-8"); + dashboardBody = dashboardBody.replaceAll("{{YOUR_CLUSTER_NAME}}","PetSite"); + dashboardBody = dashboardBody.replaceAll("{{YOUR_AWS_REGION}}",region); + + const fluentBitDashboard = new cloudwatch.CfnDashboard(this, "FluentBitDashboard", { + dashboardName: "EKS_FluentBit_Dashboard", + dashboardBody: dashboardBody + }); const customWidgetResourceControllerPolicy = new iam.PolicyStatement({ effect: iam.Effect.ALLOW, From eefbc026ceeb98121d471288f36a973ee2bf2ea3 Mon Sep 17 00:00:00 2001 From: hmmuthus Date: Mon, 20 Nov 2023 22:02:02 -0500 Subject: [PATCH 10/22] Removed Fluentbit dashboard after oteladdon --- PetAdoptions/cdk/pet_stack/lib/services.ts | 9 --------- 1 file changed, 9 deletions(-) diff --git a/PetAdoptions/cdk/pet_stack/lib/services.ts b/PetAdoptions/cdk/pet_stack/lib/services.ts index 49d6ab72..ac0c6d0a 100644 --- a/PetAdoptions/cdk/pet_stack/lib/services.ts +++ b/PetAdoptions/cdk/pet_stack/lib/services.ts @@ -560,15 +560,6 @@ export class Services extends Stack { serviceAccountRoleArn: cwserviceaccount.roleArn, }); - var dashboardBody = readFileSync("./resources/cw_dashboard_fluent_bit.json","utf-8"); - dashboardBody = dashboardBody.replaceAll("{{YOUR_CLUSTER_NAME}}","PetSite"); - dashboardBody = dashboardBody.replaceAll("{{YOUR_AWS_REGION}}",region); - - const fluentBitDashboard = new cloudwatch.CfnDashboard(this, "FluentBitDashboard", { - dashboardName: "EKS_FluentBit_Dashboard", - dashboardBody: dashboardBody - }); - const customWidgetResourceControllerPolicy = new iam.PolicyStatement({ effect: iam.Effect.ALLOW, actions: [ From 905d0ac73c54fcc2102407297e7185a55ecba9c5 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Mon, 2 Oct 2023 20:04:56 -0400 Subject: [PATCH 11/22] dotnet7 --- PetAdoptions/petsite/petsite/Dockerfile | 4 +- PetAdoptions/petsite/petsite/PetSite.csproj | 42 ++++++++++----------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/PetAdoptions/petsite/petsite/Dockerfile b/PetAdoptions/petsite/petsite/Dockerfile index 35eeb724..04a9114b 100644 --- a/PetAdoptions/petsite/petsite/Dockerfile +++ b/PetAdoptions/petsite/petsite/Dockerfile @@ -1,9 +1,9 @@ -FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim AS base +FROM mcr.microsoft.com/dotnet/aspnet:7.0-bullseye-slim-amd64 AS base WORKDIR /app EXPOSE 80 EXPOSE 443 -FROM mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim AS build +FROM mcr.microsoft.com/dotnet/sdk:7.0-bullseye-slim-amd64 AS build WORKDIR /src COPY . . RUN dotnet restore "PetSite.csproj" diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 548e3eac..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -1,6 +1,6 @@ - net6.0 + net7.0 a80ee246-1735-4630-bd6a-0fd3d01d8e35 Linux @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From cc54eb93ecf5dd9736ed32e5bb71ce61533e242a Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 11:57:55 -0400 Subject: [PATCH 12/22] revert dependencies --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 +++++++++++---------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 463932d2..39b93b2d 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,29 +15,31 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - + + + + + + From c5462006e781fed38ffcab6fd54bb4fda19412e2 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 16:45:36 -0400 Subject: [PATCH 13/22] update deps --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 ++++++++++----------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 39b93b2d..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From 074ec5cf2f06753d022b41618afe4c0e80a2dfca Mon Sep 17 00:00:00 2001 From: Mark Oates Date: Wed, 3 Jan 2024 03:00:36 +0000 Subject: [PATCH 14/22] Update services.ts to include a specific addonVersion --- PetAdoptions/cdk/pet_stack/lib/services.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/PetAdoptions/cdk/pet_stack/lib/services.ts b/PetAdoptions/cdk/pet_stack/lib/services.ts index ac0c6d0a..c2a27068 100644 --- a/PetAdoptions/cdk/pet_stack/lib/services.ts +++ b/PetAdoptions/cdk/pet_stack/lib/services.ts @@ -553,6 +553,7 @@ export class Services extends Stack { // NOTE: Amazon CloudWatch Observability Addon for CloudWatch Agent and Fluentbit const otelAddon = new eks.CfnAddon(this, 'otelObservabilityAddon', { addonName: 'amazon-cloudwatch-observability', + addonVersion: 'v1.2.0-eksbuild.1', clusterName: cluster.clusterName, // the properties below are optional resolveConflicts: 'OVERWRITE', From 45dc129bf9987313cee5e10c51a84ee7f9a11ed3 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Mon, 2 Oct 2023 20:04:56 -0400 Subject: [PATCH 15/22] dotnet7 --- PetAdoptions/petsite/petsite/Dockerfile | 4 +- PetAdoptions/petsite/petsite/PetSite.csproj | 42 ++++++++++----------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/PetAdoptions/petsite/petsite/Dockerfile b/PetAdoptions/petsite/petsite/Dockerfile index 35eeb724..04a9114b 100644 --- a/PetAdoptions/petsite/petsite/Dockerfile +++ b/PetAdoptions/petsite/petsite/Dockerfile @@ -1,9 +1,9 @@ -FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim AS base +FROM mcr.microsoft.com/dotnet/aspnet:7.0-bullseye-slim-amd64 AS base WORKDIR /app EXPOSE 80 EXPOSE 443 -FROM mcr.microsoft.com/dotnet/sdk:6.0-bullseye-slim AS build +FROM mcr.microsoft.com/dotnet/sdk:7.0-bullseye-slim-amd64 AS build WORKDIR /src COPY . . RUN dotnet restore "PetSite.csproj" diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 548e3eac..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -1,6 +1,6 @@ - net6.0 + net7.0 a80ee246-1735-4630-bd6a-0fd3d01d8e35 Linux @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From 3d0992d1daa17feef69766e71304eaae288ebf7f Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 11:57:55 -0400 Subject: [PATCH 16/22] revert dependencies --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 +++++++++++---------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 463932d2..39b93b2d 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,29 +15,31 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - + + + + + + From 15fbf48503e3eaaa9b43fa0bc2ffba11fc3c7d48 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Tue, 3 Oct 2023 16:45:36 -0400 Subject: [PATCH 17/22] update deps --- PetAdoptions/petsite/petsite/PetSite.csproj | 40 ++++++++++----------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/PetAdoptions/petsite/petsite/PetSite.csproj b/PetAdoptions/petsite/petsite/PetSite.csproj index 39b93b2d..463932d2 100644 --- a/PetAdoptions/petsite/petsite/PetSite.csproj +++ b/PetAdoptions/petsite/petsite/PetSite.csproj @@ -15,31 +15,29 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + - - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + From 40ec5bccd60881d8f76774ed7f6896f0802fd3bc Mon Sep 17 00:00:00 2001 From: Rafael Pereyra Date: Thu, 18 Jan 2024 16:40:51 +0000 Subject: [PATCH 18/22] Removed CDK Nag dependencies --- PetAdoptions/cdk/pet_stack/app/pet_stack.ts | 2 +- PetAdoptions/cdk/pet_stack/package.json | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/PetAdoptions/cdk/pet_stack/app/pet_stack.ts b/PetAdoptions/cdk/pet_stack/app/pet_stack.ts index 491d1d54..cbbd3db1 100644 --- a/PetAdoptions/cdk/pet_stack/app/pet_stack.ts +++ b/PetAdoptions/cdk/pet_stack/app/pet_stack.ts @@ -4,7 +4,7 @@ import { Services } from '../lib/services'; import { Applications } from '../lib/applications'; //import { EKSPetsite } from '../lib/ekspetsite' import { App, Tags, Aspects } from 'aws-cdk-lib'; -import { AwsSolutionsChecks } from 'cdk-nag'; +//import { AwsSolutionsChecks } from 'cdk-nag'; const stackName = "Services"; diff --git a/PetAdoptions/cdk/pet_stack/package.json b/PetAdoptions/cdk/pet_stack/package.json index e7e748d2..b0a39691 100644 --- a/PetAdoptions/cdk/pet_stack/package.json +++ b/PetAdoptions/cdk/pet_stack/package.json @@ -20,8 +20,7 @@ "ts-jest": "^29.1.1", "ts-node": "^10.9.1", "ts-replace-all": "1.0.0", - "typescript": "^5.2.2", - "cdk-nag": "^2.27.114" + "typescript": "^5.2.2" }, "dependencies": { "@aws-cdk/aws-lambda-python-alpha": "^2.93.0-alpha.0", From 8afc1f09ce931aab189a6e486e3f3230d594ea32 Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Wed, 31 Jan 2024 11:37:11 -0500 Subject: [PATCH 19/22] Replace banner text --- .../wwwroot/images/main_banner_text.png | Bin 7678 -> 9302 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/PetAdoptions/petsite/petsite/wwwroot/images/main_banner_text.png b/PetAdoptions/petsite/petsite/wwwroot/images/main_banner_text.png index aabc70d620d1c0f1c823ab793b477ee53c311a73..0f2d1e29dc578b480791410dd6f9af7695a028a1 100644 GIT binary patch literal 9302 zcmb7qWmHsc)bP$v;U7*!P|^T+^tSk?aL0>C4~mvkwXw(RV3 zxy4kcf{{|F{AgNR8@HJKF<_{VsV_%#kK*F#tmU3We5{7UZP9t+O}De`=6x*Pvs%VC zdk}+GZu4r-O8(bhz3??oKgt0BBPA^D`*^ekPR@mg=CY0#f6n&umF)#PG#N!YSai(2 zk8y=QXQ9!3?5^Kj4@SD-wt*eW1HAv`v9K*NrWE-g`PRW|>a5?~BLB}1SIh=jKCvc= z3Yl)9U*Mc|_!+rvla^(b?Ef`!ynP&fv=WzG7~qxA*AKzrl!sL8Z>HRHPEH6V z0+K!nv<;hW8OV}xFb@(wVs_ht$xGfW7rjT_4X8Uz;HPiJ6+|{a_&Xp*N$5}TKG{P8 zn^1lSz)YOLlT3Mm)UB}GV{X)+9T@Vls(HVqNyiA>^ieHjii~?Upy@MGt3{7R4yl~VJFL%*`s#iC=sU)G zYn!8;D;09sP**ZY0ECrwg(TxoZrfS9liZQqf#x)P>M`S^#KQ>v@qfLUw}hs%F&h}V zV*gsT*)L)CBPuVG<|DBt*eXD;6>jj~NMdqP6K6?db$KxKGaSp1ajNP29D zj?sKldyq(~%G5eD!zG|MX3ERpd`=RIoC89=Z#+UU=ObR`OLQ^peg?o8ig!g1MaYZG zpBv#UGTbJDQscXGloSdHAG#b;QmZ&wvcW}@^OQk1jovhn0LsdYfRst@HKD5B_l@3* zX_bG{I%G$gut117om(d>fTVD7{W%iJSx&c{?a?vf%acOP58|eg0XR&fdGfWDpYK-w z`4b4svMoyD$K7lSTGeQ;aX3AyMBqVr=FV#W-O$uG*#_Txw(H~islk+?uSxwY41-uxi27>iv{iD zOpon-aLy`RVqf^oe6p&R`L`=S*Eb%Qa#o4>x9_|}zL0+2(UoCcW9_;ISsFDoryNuZ z47a*qV+_YL7*6yx6Y=)^bUP}U%YkH6nkzyBur-gT+l4PzjJK1aEuhrM#NLNorEK?tO;I-- zUfwC3qkP7wh4oHH8L55lZmV1nBR}?k`D!T3O!s^H47{zm)8>;hMs9fVU}y%*se$Sp z7G5G169Yj(xJ7baVCWn*KQHY)9l2ME>Cj2l7FKXihmK{t=u`XUY)@W_SwD+7gBl^jyQDNXil98Y`0 zgZpvCAQHK(jbKMyy%fo#q5AG7n=x>H@SId}`8ngSNBg_4wy7M305goJSHJ3=uz9ki zyFDLIWe&J#Txy14Z(lrO_5ax2jmxfQ0(zr-L48T@jg?npJ>cwBTfT+zr4DZFyH^j9 z$aFFM7f1HbOg9>TBAM}O{krA*6-|R}h1U!!qp-@_E{_j7;&GHUk#J3vX#UxIQ~EY$ zo6gFg+KeKU1_-~B%85>y&-hnZqQkC3Ds-Fvlup(q>c#++i}{I%pS zgYeX>_aw2O7@?mR1>TIS^;cfSaF*su$QE9b;Ck2g)fQ3aoSGXZkm`S15k25Om^_pG zF$^<}y4TJ$2hkBP0BYuJxN#qw9ZC@yFDp54gN`Cz0PGs-20dbj<71(&dM{hadv*oG z`Hh8Fu=G+)ntlI%BEBvtjAfHV>~UBRm^!zdibEDR><#yP2vdq#eTU{)*|AEKvZkCi z4Gm9?iF6@x@Px!oEaaq_^$^R$_e?8-AnIFpd}mu{^S#=?^)b}Q3Rx4eL;>LI!qIlG z9i;SSrAfCOWcN*ilJ#3_L`_iE45646+O=*VV&a!D<l?zsFG#{CDL|5wv!neiLy7gZEFu85#g^K? zh#(5UH~$`%Xhcoy{IsQH9eH%{lf_ajHIzSAawa0E(ig@6At~wGMj-(+kB zvqgXI_YGKWFvw0HO2^1QW?uV6R`S37T4CHbv~e3ZpEQ>}Gzl2`K)YuPuedtnFbj#onsu(&mE~NUfYj)P4?x5jaV{Dw8o&(B> z=ba{N6OYGH({5NB?8-m27J8dVO)=ubY@mA!)P4lD(@4$sR$G|L~)ymgIZYAon82|wJ(2+;g z)*WoDOQ>OMp1uN^(6%u?E}$~E`+&xMQb-K$^83k@ip>*u9< z;4=nvm5wj_h)zQ>8Mkqn69Syl%Wb`wK$H3wgb6ctZUmLoc+oGf`w-U!OQqkk2%PA~ zWv!8)3C0SE&{@qFoNDty&IdvDP{E+mh=#huhTZF4?_M{4t{n7rK4R(U1!gLSdy=iq zXb9p-Hg9&I{qNzu-V4<84Y!pAD>l?~Ko;ue>;RhN88*#hW6 z(e!Un#YcyS+O^km+-GWj9xO#D357ZCQk4T_3xqtGxpvrs`&oXJPpRFC6=|;6{)-++ zH;`$Xj!;@@)fm}QPx{k+{kVrIK}`f6C#5JMKfOs{0r)SmqC^K=HHZCN!7sk^IuJdb zc51OxwPY|f#!=rPP(jOV_Wr0>+Y=Dde>I)n%W5dgI3kp>WPgD5k>!D|Xb^oF5bHay zH}mxkbxJeQP>!I%mHA*5T3s?My*6r0dxDsjJ`w1$tuJ?-<@RaL0Z?&!1iPfdWxbt| zw;qvNN?z`;Te5zq$yk`~^TFLTI>)DO-fWVT+Ku|x%MNzkwb{lKL4bEo>Aw6ziv4=^c#zB4|g5=Z;TTKOeLYxTJB^Y zFngK&2h*Q2)ObeKkO-0~yDXIUzwhfarkrxw*gi@^-rXIj15J{>RLyJQmwLX8(#V* zZkH@DY0rujpY|&N5B8?YK7JlC#m;9uG?+}D75BjiB7F-HpA&LD@t(u?*i^L|&|pp5 zwrHv;%Ql_%pj+?-q>w-P-A11q@G>l0|6>Atyi{?7L~X$qPxp__Df)+HvEw`PtQWed zC^CIs!oYt>LuWVhHko=Zq!j@Q?#*%8ywMr-|j ztIbm;P6q$K8|}X%A_P(u!CRCR=Yl-M(s;&Ae!5gNA~>gUq&M+7cNXMau_WHoN_8zQ z9*tXL`nUK&6qjl=MaVXq6n9@2-63qLuA)6#xpt25t-$GoF&{q{IeRikZscDVjALE| zu5dthZ=qq=V}`!8>Jv1Hth3vp29KHRldYFzp~IkLzjUl7SHy@`Xwq=`nSN8d&*@hF zkKy{Zu5bL$DyqQDdT&&lLsQa9wuD7}nOr}G2V{~vccX21tMRk1z&^IrTBs==DJe12 ztb-@Y^7Y)&*?a*+(>>62d%amv{xqFp%bp2X@8L z;E2E4aA*4^O^RLf^A4coFmjXma{GIK5UCHr49h7X0hUF|Av~WlxKy%Do+FEaAl$zt>YZowj z2&i=#t1o#D?B+x7i$`Wnh$$3WDbclr^~`Z0U|Gap&;j8ILQkBKHN1fs!D;+R6+V)~ z2~z=x792h`waHxBV~=e4_+Iut3ppKZr{EOA+HQGQWnRJ~&8ZJc&kfYvTAer?2i@?_+c9a)hjys? zwopwZM|lDoR5GXo(D~;32l;nXoO7gFr@mYI=Z+=-89d;Blm>Pe_3;C1+C z75a1J8lv*`<0L1TSYQAorO{X(YsxYVPW*Wb{><;R2%4<4Md-*1mhMc}yPt$#A*)z> z_P{55QycRZLi$|U@+9XP$Y%Fv>hjWR-kJcmWlu@F_Ts7XT)qPxQvH-lrdRIH;S!op zB9swdRmRWIsgau!l9oD=!xbZ*(D4B?K0Kaeqqzi4*H2R!K>nZ4hN6DNz7*G9;nUmy z-tZ`m^jg0Cb&wD#^D4AbwB@6OE&L}3{^=p@h$(`vwFY-!`=<@f_twT#)@fl!d?b|| zUFuppcTtP0np;sthoHsGmmD?FW#D9@eGI2ss%SP1_vyX6?fI7-fhC~fcRW=QBiOl= zk)U~%c~l1bNABJIXU=I%#i87^;G@iv&+tavwYF0Aj6|bTgjat*n%?)c{Dg<0K=_%n zyawPrAUn+G*z~_iG9`k1mdR+oUk!r1Z?(#lUW>x%@8z6UlY8t6pP1S^O<4v!L~c;m z=?Eia884vIpo)@I>Q+HsB14M|%_pqLvl0Ura5eWRvlv-V4&WoePkv4JqaR;Op1sl= zMaEd>R<@nT$(oXtPtE422PnO)_#jfs#5(=w-@ zdQ>_1;#(*+t^_J8<9%eV`NOE;Vpp1~YIAlJCBW0jSKPMpbfdGn(8|xJHzlV0qJvNv znqV2l?aydG5^vgsJq3khugeg+Y6SJ1z(pNIM0ncqriv4JUYvZ?TDlOy=A@}9;L*_C zXXBhZ+}&K4;VpSi8E;^(K2n`tvAP%#hB9>~ z8d0WO_&N*bK~PsNCT>5O(4P*zn>{>JQb2v&e}APl^-pS~LyvVFbYI(`t~RTn>r}&& z&r7s-a59PU1OjLrJcC6`_#lYOwe|eq_BI3>EL(^`>hbO!;UEc{N53^@oe70qC_3i3 zT;y?DJk26dD$#;~+1*30Rg+#3PoTKd3O*|KVlY%=#8n|YPfgZ86)BOOtIy4jS zpc=sZ)ZI6)yI!Q!`({1R2Nk{(SyE!SbjOqB@`S4_n*KSD{DCyfRR(;rA>|Ko<$*%E zM~R*eB-wt53D$Q~w6GqETO1I&;xanD@;I2PjupcTU}kJ?En=6ZaUUf#&pzh+ z^i4^62>l0&B-1lqvp?;N&=N?D*=W^UCC>bRy1v21>D{@K{h`f^$n7eZ-4PW(e0(7}DTKLs{A8OgD_09+(gPbgD z#%dP1t&$s>VRt7ye}>53ngQ?BTrJBx%bDsY9$Vdt{iqi$1!v^hK5b0WQp*4tB5_m+ zy{O1{1*|#nTp0w}l?VTim)F$p;g@`G_RUoa|0_B8GgEfK<*b3@Z4{;1W2WhtG)5+gquv|JrmOV&nM+c?zM?}FW;;?e??vQ`snzGl6UJBLxTUcvR zu4A;V=5O4v?%hlxv1z)f*AvacKiR!{)G$wfLzTF}{=p{+B;@7vuQ6RMv?L#h8{FTS z(7VbFehnxZ6UkhQBcOSRG}>HfgUedUn9^rqZdidTd;{XH8Xf-h$!Kj^y-ZCO{Wx)z zMPsxqzhOtLf*>bHm34F+DTyBkzUJP08yR7wQ9^*^_O4$3pzPxtB~X>?ek>OPQKM7+ zvu3e%MVZ;qHt4`X(iy4Ptd@U__7P_t%CHB?_E#(Sy!!OV7ye&jjVHude$5WE<=+T+ z9-{_Dm?d1%+mAkac&Xr5CSc{DAdiclX|Zi}v>NqV^JVuZ{Ez{uSueu@iDKG8wn2nY8_Y8QsZKsACkIwrozHPEP;j}pYeP9Z1@D(RoqA(_}cP!_`>rYJEvuNzj z)u+6XQ;~-kGX!>{pA!e0txCC9YF+ib<=%u%vRLF~T{Fd#!zg6}e%sFDaH-e-B($jy zC?%K<_sWv~jr!(NCOyrRW8_XaSfPWZ46?MAOO!r6Tie)%xM5+w@}T^d((0{@1WFxD z{DMovwgi9ORCow`N7V2M{GhBPuO#LZM;gmO4x_l^ zIRUUfS;ITgWu9ov*KzA%C%FX|a7|d>)e0LMmQ&2kok(KZ(h-E9%f+5Bj+WUyrw`3H zIpE0{QGXo#!PJzG2luiDl(jnA+`Nt^8rp*=lA4BX=pU$@rC?Cn5E&VJL<&%ak39M|@Ie9EIUDGSn7%yb#5ugWKk z1@!1ooJ$t9n{YPY%BalZJGja8Zq2kY5?IIbXM|l(TG-$Ya2{H-#cJ*Ikl%N@Vuv2kuh*OE1 zmho|Z^szk5nt-el^@KS{y?`LXTY0_+(erJvRV2yZaVe%MFPt3|*d?lU9JuGd6e=U;;DgZisLh9(rbDdKt<%va#Pv_ZRQ#`AJ(Gjpc2H?44V%%+$I6xU^4#b;hxkB;oMbN+SxO@*}h~7#X zH^k6ov5V*7k}NEc?)w>?67D<;yEm7W3=QO$Oz1{QD{CFMj7&Yl)S3~_NkP%E2AGx( zTHOX;qc)yb5)`^2s3*S09-0OP377YJz*|7l>H3s#*2BJHOgW9cx#dr$wY-4#Ay_RM z&33a^CN6HKaJ4b@>)CuXKy6a3&zA`+jX@7UElru4v_x4xLpPhzYs89;4>?NQ9vjmU zNN{UMMS83;;MSG!3nbR_9Y|uwC2ds+vuUd|2^e~87-TEHC3u`La|g%RP>+IQuW_M1 zlKN!e0P2lM{-d3@q|FyLpQa=qOm9V>MXLkR=&0}Q!J#2_vOZyq=(IjjK>2j*%$<|h zr;Hr&bgyJyqQ^Q!6HFNOniHi4|99iBMi|($SNaRNtFOd^>4YbiOUTvsi{2LCi6ZsG zI7wPM$M_Z}9^KX6;O6OOPFA4k*5?VhxF=bj4vVi20;FwGE1)5F@t{9HeMPSf-# z-%{VZmEp-9*GJrX@LQAVvzqpB^Zx;tx3C`eSMo<1nLl&p>Z}_|rKz~zv6Lyj-)>^0 zlI+g9q$ca~du@||>$Z2Z>maLTR)&K$a`L23qAmUDLq7k8U%wf|^z1T?>62>fElpDz zOXfd~7L8{}lH006N|#w8wV4SR#QLh%7n{j<$RfJMh_?iZUlBaumF2#ml0mHkXSF~? zDOK{V6?Z;)db2O<3ln>{rq1U3Ym~$8d9m_MBErarSbTHjEIAfzLHiyOeb2B?m`)=z z)!g)l-Nw`Yl}EixexSUSqv^Q8Li+R1DL+40(O+Gu8MXo@nssQg!y6!LamKx^%r(&b zfk+Iw+9$hkkElE_OBYA}cZelz2Fonqn%vFeF388PHheF4q7w#mDq-QRDPE9a5D?KI zN4va$<&f2qPw8QMBCxLwUhG{7UpM{ZhIhf1ACovrlX~7GZF?X!^!I$k(V zi*M{3iUP53bH0(R)@(X+|KAHJ{x`w!|EDOUZ*2StvyFgDxRJ74=()NC08-LWtd=(m F`5(2V@&5n- literal 7678 zcmch6^-~oZg@cuy4OhKE0-mUU<>{mz;wQZ07|vqB&h zdXK71p754Lw(Ix$`hf9lSD&sny0$ppBf!zs@v}=j!Ar{9FTEZP%dze^RPHB$TwT-B zMM89qQ3zxxICZ2dGEn={1p7Y}{KV9f@q%e)kC-a&+gmS^ZQa$~=XXI0UEcy!>0>xo zs>6B1&3Ra}E<_wte=>yJW_nEJU=fHq>AT(ia31;^Xde2*#tg=%#FE^ib8M`|qp@kZ z8J=gA^zkoLi_hLstITz-9qj+LI;VogIctY0L8q5s3h%%C7|haYyaG+SKB>@aLaJx{ zfo#SUrAkaveqyyC%%QWOm#!1LQDd87WlY9^RT9KADLPWCSlL&^+CamK0Pu0V^XJ^z ze0t|0c<)CHF+WmhLtxZF4C4tfMX>WUk&P^Y?#>dkkM`70W-SR_qOr3x9iit8JC@TdZ2h;%q?&@y1Ul9xk zIbCM}fQ{~d2J|Qpb$bQTUF4Oe(RVSZ2>E#apxt1W<}p=A7SF5SQ9$ThNr#t6ph2~PxeWUDWNKmUQiIK7 zC0Wsc{6;!`5Wj#K(gKt8Ze9K_$1d!?egv6+pkrpBB#MpMdclIOZJE1=;g4_zX(*uI zSdcmjQ+bYC=(`>7Em)=RXo*heLgc6_#(n)guwLVGUKdK)X z*)rd^vncuI3Y}%i10hEX%@#qntYMNpxozOxwhVfdr>=nU(>)-8NZy}*DENV8|28AL zYcs(_iWvA;K~L@NIJ5UdG6yZS1T{lHO@-gK?c=_uaTKQpwDV6>qlB@5F|VQ)X8sb+ zHkanir%kX5e?I6Q3;rnTwvo^^>D}jKp3?+vaqJ2~f&LW#K%X0Lq*(oU*Ms;lS8iWf zoQ=HxBPpSWOSL?SGSnrk(y|x&?>L93_=&ko8t_Q-2w`MndlP(0Q=z0?a^&(gIku1vR*@H z%0PRX!VjH7p+s44cGv@ur51)e1;VDAtqziivT^+0qR0e2^Typ9CzxQvmese+-fyv? z?H~zZbn*izfz{aoZ`3pp8U_#G_;?pa>h4?e(lzwSg5;4XfDa*YY-pFLMP>1epV{6V zi|J{PRFVmG#0IFd@%x_MT&{)k4qWVRDJl0~LMWk$$s|8v8ubfd@ScA;>-&Q~WRo}`xoA^T>T)OIyM)~Vs zeBoaEfVk+y6G07^9(Y2 z`!apRlVZ3CeRe`8^Qus0B>8z?=FPI6$jkbODYiCTPk^_PuzGyK<98)AWo27Lb2VwJ zaY?sUm~LR=homgHQNrPzLrkALbSeIn8&)GBF(?H*TUmwddI2n8?Pk239SHDA zh#|R82!An=uz@cXnnX zap}m9)Y4s^W6^LVzkZG8t@IBE3K_4KI~!7dXG&rE_}S9rY8RN(oag7LE=}2`OlL!| zJR@8?g?r=UwRPo5(>`mg`X(=o3tnR<0M_oK+(mAx;G9wNl1p(C5E0dpwwk-wjj424 zQc!oNR_y6k6uWI06)w|tCR_eX&(qK8p&MCESgP=Zup4a{RRxEB3$wHAX;@U_8cX=_ zm6O1mzpG9MYaOB(*yj1V(G8++rG1pU4yc&gQ~o=52eokCPNk{k>+6&up9cFr5y08& zGML=1T`tixLwRkZLRs_b3L^yv>9%UU;7GZ4P!lE(G%fBSqhZNYyhBFGM250Riq;1IRCe#UTGr4yHxzXJuL z=M(PDh8blmfHeObdY7@aa?FPaks*C@eD*Y~wY}orDZDnFuxIU_Dq*YR?Iqf?zb5bL zDQ7GbLuPZQd?Ck|0`*Dg1ac7EUq5u8Px z&20F&sMXG>wqIpO8~3pSjlj^9(!r!Voyv8ZeXg44rHaA$;hok;h=Y1X8Y2y69pcux zh0D2K*POgxl_f=3xX5$g1;aU#Pj#`@$c4*T>2u^qvmBIYPr&;y=;f%(+I6X>w_vuX zqn{A@wXPi>IaBr&Ama>qS;N{`{Wtadua=mBnH<8%or<)ql4{WNbHr|t#joEX5lmMU z6kV@z1031DQ*U4y^Y>qJK1$~5Ct$z|?7CGPUqxy_I=z~}fULg%4xd?8Pe*+GXnA(m zXgM)-Cnz=ep>>eYUe6r#RUM=@%dYfpedYTnnXB*fgaac9Gz(zhF)HE9(dkf^4c!nKxU`fRj^Gz$k9gG*hm>+Us z!O~CmD#VDU+m07S&!fq=1Cog=#h?6y2-+uQm@w7#4FAPmg)F|^ob-I7QlLr#RlNX2sSv3cL`PCS@B?F@|^mjz1=*wTeT5gr+sD& z7-5ybYvjpsOcf?Zp&dSHR#D$C{KQCd`RJfXbl2Fdu4zDhAl`fKrRwahuLj7i6)+yy9b0=R)TW$wFd57*BX|jr!$OP~;5*)xuP{OE z#Bmc5kgy%4SMDz#rsw=JX;8v|(W>{t1&YA>OSR7m;xj?J-QE~3%?uhBz=gPD!FFYY zqLEGtmxG7KKyHulpNU)D19Sc<&CJ?Sy|(nE>Cc0L<+&STk~TtONh~aI4=nf%m-ei^ zs+Yb06}MzFEh&FDd+ks`qwp8rDjxa_{{E|LrD!|FnmIs?Tt>*`WhE zEB2cuspT@26$64I3_qOB3*{JlGz%xJadfX}ncbfW)3)T!&s92&8u~n^3jla^>n){A zI_^182dbbNP2e3q7dIg*=zz_0$6pK=0H=r@=h+%r6Glo{{RM8jGWXi(&<|Ui*tZr% znB!kZMOAdYI?K1dJei|ub^JO!((9*Zb2-%03C6)YCxo3rPx{j%y2xBxS^k?05*tRE z`41h~0dNT0-gNhQGfM)zbe65O_7)-_%Ox5|y>*m0|MyO;10z|~zo~=g=B{ijqU=d< z<+D$7N$IgBev0~tZbn+APU4WvaAADi9Q&52;u)9HGTJ&iU_wKSg7wu^xz4&|k%UPU zp{RE>qD7P~yzYJE37wB?kv~2%#w57B!FVC;c`U+vAqpq63^PePyMi?sR`<$Ii+eB- zkBe901B>L70u8@>;0s_P&AjzO5s($!L|33FH9=Wg*3jjxv-gzo1I#meI!F5JO{ukE z=R8F&js$lg7f-bl?fyrU%&R%aopfK8QdDli*h1NPbf!b923~$jNmyA`msH06hX;d=2!w=`ZX4H9A;D#KhBXEr%T#hE~SX#9jH&Oig0LMSnj(t;N znk!4#%Pn}E&zZUje;B~?S+ydCCFMNB>$uaGdw*Sy%%{Oz8_XH?3a=_E@|5wd@QN^J z^4-;p_iP+R!w;f{wNd!NeQNALghRgOMBP_s{FHWWNXFi?PmX7!7v~mz{SjOzwknsg zWcD>_K6slwPPj>*4N<>RZvWPJWfS#}R`UHMk3svb|G_lL}`viw2x+x{N5 zUpkpTkPjYB2lv2@K9Qy5swk8&W3DteEbN19{kTgW!@khSUvJmNo*NoMBqLcn6 zzx|>T~{-Clh!)D_XUR6%L;S;-?O`6y<302W10qkQ}fC>N%`5=8KawrA;{akw@YX&EuTT5hA zW)mMu&9T$~{Al#&6)N&QT^R{kO7h=mE=1nnL1*dJYysw(wXBWcz~6U&Lo+@aLvCF9 zU@6?1vv&NHhV%dN`-M8GS2PpdYG89*+Eg<8@dtLoYhq#^r>_Cri~Ndsp{eeY|EOH= zSB@9QLsjRs@yDg{LP3eVYtYiIvjJcW<~lnmZuZy--6kza5~X7FMm`=nS~Xm4`dde| zM6WbnaJx8sR7q#cf#3f=E%S(e(@CZ}gWoX>!-^yk+duvNK~Xr-|E-Ke-#{d_@oER} zuNe$OT zYyJF5`B3(DD_7BZLO&n$J7PZd&LV=>N6UX28)fA~L|i>02hF#6X8Nqu*Yo>y@B%8IBuNO<#VGgZU1OTmQBiS$^TXk(vnOdw($<{CO@CM@XO z<~Y5Klt(`7FwRKJ7f~%$hoA=WffbT5nGGaz9}Z}stjTcrZ{@Ty@3vMaHi*GQ!5s8jXG} zYXSBQg|7J8$ED1KF^m;QAe1b3!jhM2dJ=c0dCx>fU#r#!Jw@x)d4Qilv(ZH>!>Yru zr(9RggT$NmC^2UstXFC`;0_emVLSBeG#hQ|`000_T8?VIH1-JdMCK$;7;-!q z{+1DOa8?~YLbLADGB#JTAHRmU@oA5FViljKz<#d~dBybuDUO~^(7mO9fJ+M*>Y7)T zs)DHr44@5&6w`^Lh!7zIwNNo%2UCOhqldEiEAQo4?yIEagf55iW5YT?3&(3%p)gry z^9;S1G}Gc_tsBT2mj7sXF+vW7I zI*aW`5M-Umg|Jo}+r>%`T=h;(4Wcg&CSG3;wttVeQ%+h&#mAAoQOF+230LIXE+;`! zKo+0BnX5X{1w^%NcrvW2ecCLlXPQZcrkxM;D&HdqmO?J_;$@{?mZ$dbk0Y!J!BoN$ z>)JM(o(L0#`KquUFFaCCF0KltTLh@S#ek-}hj>!q0?K8$eX1wuz7xCGQJvYs8tVE2 z2kgr4O7TArZnpVBY{{3Tp=g0;Tlh#9JQ>k?JZ_oR_BpdxC!^x-%KjfTmuF(Xv*%Jj ziQ#hd=0BhaGk*Dc5#6u}aVxiG)Ws2_Gm><4v@mQ$wDmj{)7~p&!$3`Zg`*^C4=L`* zrcoOTJm7@Wk2&30vp^a$t_Px#GmrK{D~pe1`j9!{Ox% zpH$z6xPi_JE!^*E)DRP{>)T1SO39Loh&!I+=psTr+mzv<2cO2UZBSe9+(iV4Fg?Rr zU6w94$zn_h4ZcZ>BJPinB{)}9&1$7S-sNU8D58l!Q5WTX_44|slXs-cF z(gh=nm!qEY%41eUTLbEKB4<(vQ|vhKTm_u=34(VFYGD*`9mB&n3@)ETZ;*7zK`l$b z``qo>WPnHIM;JbZTH%#z4c8xf&frwvPG=X44%e-2BGz-x(AwyA~o9cq-b^(Bk(i5JA=i zR3e&#U0>FG)a=8Q?;=!NaS5`MuL; z56N2d12gJqGHTR9*hvUJ8P6d9;mG<{sC3|a7kWhT zJU%n(mobdZsXJ5GHvzl?yK<)~3CSx2b4r=vr$Z9fZ;b(rp^z(I%2_dlaZ}u=(B8lB zW4GPb)|Z&=gv(}ZVr6BzF{3$5(OY)^rbB!UeDL(}-%C`3yTocQn@E7bt>d=KJlJ5eQGAj z9hhjU#dZOV1)qyX7-Da?h&alynkR5RLl58Rr|Aotj}jLN2gQL~ftgtAJ)EY(({Xqt zXeWwUjN{G(g7VXob3C-;gAsaV;>%l>55GoK+t`{bd!l#MTo-$8qK{ui%8)x0^l zx_W4GwpeEzwISAU(VIs24D}X#M9k6l|o$|JR=g(AtV`+0} zfSzA2S?cr4#&`gTXesiBnIy_NI@YJ9ttqw?pJ}pd(!2LfoO7LDh893b-r2h&sMZ#j z(nWO%-K>h|2&oe_qvlZQ?o$!EHGS;+oEBjBWW+(0x%BYNaVu{l- z&#VA57wbeG6~ED-eUum|&dtx?I{i24&}&@z>5T6u=dB$rG~-JIffg;NJ3ZTX`aEZ3 z;BIe1!XTR>=_w7q{?dS~A<)Q5!tzgO!WWK1rnI-`2yc;FR3`pIx^8zQ@f+#hTTiC9 zOUF!bijDAtX2y(I!cTU!wzs@}47OnpJG5rA#J-0aat1=F_~dI$Y&cKeb1-Hs&su8| z=wy?iw3-uTvpIOoo4|31_Dk9g0mTVHTs?V8rGT`(=!m#sC6J?+dZg7@*@ z^{WiG3_!Nu`1&xL_AZS7`UAf|2``2y2dW&bkOl85_nYiB{H?DHP`UPzc=P(8ZdaEt zGjt!(EFX`#BRd`^>D0EskEry5&=MEmn| zLxwhcRSPt{a^B|bru|b6$QJpOmU`x8#fw@*d3@#3?JX|XnjKaGClYQ<%5CK~(O=8N zeP_N&QL!o`la?i|hn>-B5qBZgYZ}LN6}&d(xNXv3Re{yxH45DcyY?r&mw081;AQtp z#$Z1B!Al{QY#`?<3$5hA=2%z@U1TK~o$izu)ymLe5 z5!&S*EGR*eBle0>4{;jvh|;cvJ6X;`siSsw40@v Date: Fri, 9 Feb 2024 10:47:33 -0500 Subject: [PATCH 20/22] Bumped version CDK due python deprecation in EKS modules --- PetAdoptions/cdk/pet_stack/package.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/PetAdoptions/cdk/pet_stack/package.json b/PetAdoptions/cdk/pet_stack/package.json index b0a39691..319e42ab 100644 --- a/PetAdoptions/cdk/pet_stack/package.json +++ b/PetAdoptions/cdk/pet_stack/package.json @@ -12,10 +12,10 @@ "cdk": "cdk" }, "devDependencies": { - "@aws-cdk/assert": "2.68.0", + "@aws-cdk/assert": "^2.68.0", "@types/jest": "^29.5.4", "@types/node": "^20.5.7", - "aws-cdk": "2.93.0", + "aws-cdk": "^2.97.0", "constructs": "^10.2.69", "ts-jest": "^29.1.1", "ts-node": "^10.9.1", @@ -23,12 +23,12 @@ "typescript": "^5.2.2" }, "dependencies": { - "@aws-cdk/aws-lambda-python-alpha": "^2.93.0-alpha.0", + "@aws-cdk/aws-lambda-python-alpha": "^2.97.0-alpha.0", "@types/js-yaml": "4.0.5", - "aws-cdk-lib": "^2.93.0", + "aws-cdk-lib": "^2.97.0", "cdk-ecr-deployment": "^2.5.30", "jest": "^29.6.4", "js-yaml": "^4.1.0", "source-map-support": "^0.5.21" } -} +} \ No newline at end of file From bdfc5b3fd925e19cc7ea4254a7c075eab8b37d2a Mon Sep 17 00:00:00 2001 From: Rafael Pereyra <31078199+rafaelpereyra@users.noreply.github.com> Date: Fri, 9 Feb 2024 10:52:54 -0500 Subject: [PATCH 21/22] Bumped version CDK due python deprecation in EKS modules (#267) Co-authored-by: Imaya Kumar Jagannathan Co-authored-by: Rafael Pereyra --- PetAdoptions/cdk/pet_stack/package.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/PetAdoptions/cdk/pet_stack/package.json b/PetAdoptions/cdk/pet_stack/package.json index b0a39691..319e42ab 100644 --- a/PetAdoptions/cdk/pet_stack/package.json +++ b/PetAdoptions/cdk/pet_stack/package.json @@ -12,10 +12,10 @@ "cdk": "cdk" }, "devDependencies": { - "@aws-cdk/assert": "2.68.0", + "@aws-cdk/assert": "^2.68.0", "@types/jest": "^29.5.4", "@types/node": "^20.5.7", - "aws-cdk": "2.93.0", + "aws-cdk": "^2.97.0", "constructs": "^10.2.69", "ts-jest": "^29.1.1", "ts-node": "^10.9.1", @@ -23,12 +23,12 @@ "typescript": "^5.2.2" }, "dependencies": { - "@aws-cdk/aws-lambda-python-alpha": "^2.93.0-alpha.0", + "@aws-cdk/aws-lambda-python-alpha": "^2.97.0-alpha.0", "@types/js-yaml": "4.0.5", - "aws-cdk-lib": "^2.93.0", + "aws-cdk-lib": "^2.97.0", "cdk-ecr-deployment": "^2.5.30", "jest": "^29.6.4", "js-yaml": "^4.1.0", "source-map-support": "^0.5.21" } -} +} \ No newline at end of file From 7449c6a1d1dd2d55b41f79bef2b19c9930b1ec9e Mon Sep 17 00:00:00 2001 From: Imaya Kumar Jagannathan Date: Fri, 9 Feb 2024 13:54:06 -0500 Subject: [PATCH 22/22] Add use case files --- .../observability-getting-started-ADOT.yml | 203 +++++++++++ .../observability-getting-started.yml | 325 ++++++++++++++++++ 2 files changed, 528 insertions(+) create mode 100644 PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started-ADOT.yml create mode 100644 PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started.yml diff --git a/PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started-ADOT.yml b/PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started-ADOT.yml new file mode 100644 index 00000000..a8ebf1b6 --- /dev/null +++ b/PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started-ADOT.yml @@ -0,0 +1,203 @@ +#* +#* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +#* SPDX-License-Identifier: MIT-0 +#* +#* Permission is hereby granted, free of charge, to any person obtaining a copy of this +#* software and associated documentation files (the "Software"), to deal in the Software +#* without restriction, including without limitation the rights to use, copy, modify, +#* merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +#* permit persons to whom the Software is furnished to do so. +#* +#* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +#* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +#* PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +#* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +#* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +#* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +#* + +#------------------------------------------------------------------------------ +# +# Template: observability-getting-started-ADOT.yml +# Purpose: CloudFormation template to deploy EC2 instance for observability immersion day. +# +#------------------------------------------------------------------------------ +--- +AWSTemplateFormatVersion: '2023-10-10' +Description: AWS CloudFormation template to launch an EC2 instance with required IAM permissions. Written for Observability getting started workshop Februray 2023. **WARNING** This template creates a VPC, public subnet, Internet Gateway, 1 EC2 with Apache installed, and associated route tables and permissions. You will be billed for the AWS resources used if you create a stack from this template. + +#----------------------------------------------------------- +# Parameters +#----------------------------------------------------------- +Parameters : + LatestAmazonLinuxAmiId : + # Use public Systems Manager Parameter + Type : 'AWS::SSM::Parameter::Value' + Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' + +# Calling AMI public parameters +# https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html + +Resources: + + #------------------------------------------------- + # VPC and required resources to enable network connectivity to AWS Systems Manager + #------------------------------------------------- + VPC: + Type: 'AWS::EC2::VPC' + Properties: + CidrBlock: 10.0.0.0/16 + EnableDnsSupport: true + EnableDnsHostnames: true + InstanceTenancy: default + Tags: + - Key: Name + Value: ObservabilityGettingStartedADOT + InternetGateway: + Type: 'AWS::EC2::InternetGateway' + Properties: + Tags: + - Key: Name + Value: ObservabilityGettingStartedADOT + VPCGatewayAttachment: + Type: 'AWS::EC2::VPCGatewayAttachment' + Properties: + VpcId: !Ref VPC + InternetGatewayId: !Ref InternetGateway + SubnetPublic: + Type: 'AWS::EC2::Subnet' + Properties: + AvailabilityZone: !Select [0, !GetAZs ''] + CidrBlock: 10.0.0.0/20 + VpcId: !Ref VPC + Tags: + - Key: Name + Value: ObservabilityGettingStartedADOT + RouteTablePublic: + Type: 'AWS::EC2::RouteTable' + Properties: + VpcId: !Ref VPC + Tags: + - Key: Name + Value: ObservabilityGettingStartedADOT + RouteTableAssociationPublic: + Type: 'AWS::EC2::SubnetRouteTableAssociation' + Properties: + SubnetId: !Ref SubnetPublic + RouteTableId: !Ref RouteTablePublic + RouteTablePublicInternetRoute: + Type: 'AWS::EC2::Route' + DependsOn: VPCGatewayAttachment + Properties: + RouteTableId: !Ref RouteTablePublic + DestinationCidrBlock: '0.0.0.0/0' + GatewayId: !Ref InternetGateway + InstanceSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: 'Security Group for CW ImmersionDay test instances' + GroupName: ObservabilityGettingStartedADOT + SecurityGroupIngress: + - Description: Ingress to allow access for Apache from Internet on port 80 + IpProtocol: 6 + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - Description: Ingress to allow API invocation on port 4000 + IpProtocol: 6 + FromPort: 4000 + ToPort: 4000 + CidrIp: 0.0.0.0/0 + SecurityGroupEgress: + - Description: Egress to allow ADOT to communicate with CloudWatch and Amazon Managed Prometheus service + IpProtocol: 6 + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + Tags: + - Key: Name + Value: ObservabilityGettingStartedADOT + VpcId: !Ref VPC + #------------------------------------------------- + # IAM ROLE FOR EC2 Instance + #------------------------------------------------- + InstanceRole: + Type: AWS::IAM::Role + Properties: + RoleName: SSMCloudWatchADOTInstanceRole + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - ec2.amazonaws.com + Action: + - sts:AssumeRole + Path: '/' + ManagedPolicyArns: + - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore + - arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess + RolePolicies: + Type: AWS::IAM::Policy + Properties: + PolicyName: AWSDistroOpenTelemetryPolicy + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:PutLogEvents + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:DescribeLogStreams + - logs:DescribeLogGroups + - ssm:GetParameters + - ssm:PutParameter + Resource: '*' + Roles: + - !Ref InstanceRole + + InstanceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + InstanceProfileName: SSMCloudWatchADOTInstanceRole + Path: '/' + Roles: + - !Ref InstanceRole + #------------------------------------------------- + # EC2 instance using the latest Amazon Linux AMI + #------------------------------------------------- + LinuxEC2Instance: + Type: AWS::EC2::Instance + Properties: + InstanceType: t2.small + ImageId: !Ref LatestAmazonLinuxAmiId + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeviceIndex: 0 + GroupSet: + - !Ref InstanceSecurityGroup + SubnetId: !Ref SubnetPublic + UserData: + Fn::Base64: + !Sub | + #!/bin/bash + #Cloudformation Stack: ${AWS::StackName} + sudo yum install httpd -y + sudo service httpd start + sudo chkconfig httpd on + sudo su + echo "Welcome to ADOT monitoring for EC2 instances and workloads" >> /var/www/html/index.html + exit + IamInstanceProfile: !Ref InstanceProfile + Tags: + - Key: Name + Value: AppServer +Outputs: + IAMRole: + Description: IAM Role + Value: !Ref InstanceRole + WebsiteURL: + Description: Website URL "http:///" + Value: !Sub "http://${LinuxEC2Instance.PublicIp}/" \ No newline at end of file diff --git a/PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started.yml b/PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started.yml new file mode 100644 index 00000000..142b61e2 --- /dev/null +++ b/PetAdoptions/cdk/pet_stack/resources/use_cases/observability-getting-started.yml @@ -0,0 +1,325 @@ +#* +#* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +#* SPDX-License-Identifier: MIT-0 +#* +#* Permission is hereby granted, free of charge, to any person obtaining a copy of this +#* software and associated documentation files (the "Software"), to deal in the Software +#* without restriction, including without limitation the rights to use, copy, modify, +#* merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +#* permit persons to whom the Software is furnished to do so. +#* +#* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +#* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +#* PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +#* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +#* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +#* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +#* + +#------------------------------------------------------------------------------ +# +# Template: cw-immersionday-resources.yml +# Purpose: CloudFormation template to deploy EC2 instance for observability immersion day. +# +#------------------------------------------------------------------------------ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: AWS CloudFormation template to launch EC2 instances and create apache style log events. Written for Observability getting started workshop June 2022. **WARNING** This template creates a VPC, public subnet, Internet Gateway, 2 EC2s, a Lambda function and CloudWatch Log Group, and associated route tables and permissions. You will be billed for the AWS resources used if you create a stack from this template. + +#----------------------------------------------------------- +# Parameters +#----------------------------------------------------------- +Parameters : + LatestAmazonLinuxAmiId : + # Use public Systems Manager Parameter + Type : 'AWS::SSM::Parameter::Value' + Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' + +# Calling AMI public parameters +# https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html + +Resources: + + #------------------------------------------------- + # VPC and required resources to enable network connectivity to AWS Systems Manager + #------------------------------------------------- + VPC: + Type: 'AWS::EC2::VPC' + Properties: + CidrBlock: 10.0.0.0/16 + EnableDnsSupport: true + EnableDnsHostnames: true + InstanceTenancy: default + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + InternetGateway: + Type: 'AWS::EC2::InternetGateway' + Properties: + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + VPCGatewayAttachment: + Type: 'AWS::EC2::VPCGatewayAttachment' + Properties: + VpcId: !Ref VPC + InternetGatewayId: !Ref InternetGateway + SubnetPublic: + Type: 'AWS::EC2::Subnet' + Properties: + AvailabilityZone: !Select [0, !GetAZs ''] + CidrBlock: 10.0.0.0/20 + VpcId: !Ref VPC + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + RouteTablePublic: + Type: 'AWS::EC2::RouteTable' + Properties: + VpcId: !Ref VPC + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + RouteTableAssociationPublic: + Type: 'AWS::EC2::SubnetRouteTableAssociation' + Properties: + SubnetId: !Ref SubnetPublic + RouteTableId: !Ref RouteTablePublic + RouteTablePublicInternetRoute: + Type: 'AWS::EC2::Route' + DependsOn: VPCGatewayAttachment + Properties: + RouteTableId: !Ref RouteTablePublic + DestinationCidrBlock: '0.0.0.0/0' + GatewayId: !Ref InternetGateway + InstanceSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: 'Security Group for CW ImmersionDay test instances' + GroupName: ObservabilityGettingStartedImmersionDay + SecurityGroupEgress: + - Description: Egress to allow CloudWatch agent to communicate with CloudWatch service + IpProtocol: 6 + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + VpcId: !Ref VPC + #------------------------------------------------- + # IAM ROLE FOR EC2 Instance + #------------------------------------------------- + InstanceRole: + Type: AWS::IAM::Role + Properties: + RoleName: SSMCloudWatchInstanceRole + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - ec2.amazonaws.com + Action: + - sts:AssumeRole + Path: '/' + ManagedPolicyArns: + - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy + - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore + - arn:aws:iam::aws:policy/AmazonSSMPatchAssociation + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + + InstanceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + InstanceProfileName: SSMCloudWatchInstanceRole + Path: '/' + Roles: + - !Ref InstanceRole + #------------------------------------------------- + # EC2 instance using the latest Amazon Linux AMI + #------------------------------------------------- + LinuxEc2Instance1: + Type: AWS::EC2::Instance + Properties: + InstanceType: t2.small + ImageId: !Ref LatestAmazonLinuxAmiId + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeviceIndex: 0 + GroupSet: + - !Ref InstanceSecurityGroup + SubnetId: !Ref SubnetPublic + UserData: + Fn::Base64: + !Sub | + #!/bin/bash + #Cloudformation Stack: ${AWS::StackName} + yum update -y + yum install -y tomcat tomcat-webapps + systemctl start tomcat.service + IamInstanceProfile: !Ref InstanceProfile + Tags: + - Key: Name + Value: AppServer1 + + LinuxEc2Instance2: + Type: AWS::EC2::Instance + Properties: + InstanceType: t2.small + ImageId: !Ref LatestAmazonLinuxAmiId + NetworkInterfaces: + - AssociatePublicIpAddress: true + DeviceIndex: 0 + GroupSet: + - !Ref InstanceSecurityGroup + SubnetId: !Ref SubnetPublic + UserData: + Fn::Base64: + !Sub | + #!/bin/bash + #Cloudformation Stack: ${AWS::StackName} + yum update -y + yum install -y tomcat tomcat-webapps + systemctl start tomcat.service + IamInstanceProfile: !Ref InstanceProfile + Tags: + - Key: Name + Value: AppServer2 + + #------------------------------------------------- + # Lambda log group to store the fake logs in (ensures it will be deleted on stack deletion) + # Note: can't change the path for the lambda to log to + #------------------------------------------------- + LambdaLogGroup: + Type: AWS::Logs::LogGroup + Properties: + LogGroupName: !Sub /aws/lambda/${LambdaFunctionApacheLogGenerator}-${AWS::StackName} + RetentionInDays: 7 + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + #------------------------------------------------- + # Lambda function to generate fake looking apache logs + #------------------------------------------------ + LambdaFunctionApacheLogGenerator: + Type: AWS::Lambda::Function + Properties: + Code: + ZipFile: | + # To generate fake apache style logs + import json + import datetime + import random + import time + + def lambda_handler(event, context): + maxnumevents = 5 + numevents = int(random.randrange(1,maxnumevents,1)) # can set numevents to a fixed value if wish + + + # create list of pages + pages = ['searchProduct.html','addToCart.html','makePayment.html'] + + # create list of possible events + # 127.0.0.1 - frank [10Oct2000135536 -0700] "GET apache_pb.gif HTTP/1.0" 200 2326 123 + eventList = ['127.0.0.1 - - timestamp "GET page HTTP/1.0" status loadtime bytesLoaded'] + + # have a few more 200s to make these the most common + statusValues = ['200','200','200','200','200','200','200','200','403','404','500','303'] + + + for x in range(1,numevents+1): + # create log events + event = random.choice(eventList) + page = random.choice(pages) + status = random.choice(statusValues) + loadtime = random.randrange(300,1000,1) + bytesLoaded = random.randrange(100,1000,1) + + # create timestamp + timestamp = datetime.datetime.now().astimezone() + # 2021-08-25T150000.000-0600 + timestr = timestamp.strftime('%Y-%m-%dT%H%M%S%z') + # 10-Oct-2000T135536 -0700 + + # replace variables + event = event.replace('page', str(page)) + event = event.replace('status', str(status)) + event = event.replace('loadtime', str(loadtime)) + event = event.replace('bytesLoaded', str(bytesLoaded)) + event = event.replace('timestamp', str(timestr)) + + print(event) + + # add a delay - want a timegap between events (between 1 and 5 secs) + sleepfor = random.randrange(1, 5, 1) + time.sleep(sleepfor); + + # end loop through numevents + + return + + Description: Apache log generator + FunctionName: !Sub LambdaFunctionApacheLogGenerator-${AWS::StackName} + Handler: index.lambda_handler + MemorySize: 128 + Role: !GetAtt LambdaIAMRole.Arn + Runtime: python3.9 + Timeout: 60 + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + + #------------------------------------------------- + # Lambda Role for ability to log events + #------------------------------------------------ + LambdaIAMRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Action: + - sts:AssumeRole + Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Policies: + - PolicyDocument: + Version: 2012-10-17 + Statement: + - Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/LambdaFunctionApacheLogGenerator-${AWS::StackName}:* + PolicyName: LambdaCloudWatchLogs + Tags: + - Key: Name + Value: ObservabilityGettingStartedImmersionDay + #------------------------------------------------- + # Scheduled event to run the Lambda every 2 minutes to generate timespaced logs + #------------------------------------------------ + EventBridgeRule: + Type: AWS::Events::Rule + Properties: + Name: !Sub InvokeLambdaApacheLogs-${AWS::StackName} + ScheduleExpression: rate(2 minutes) + Targets: + - Arn: !GetAtt LambdaFunctionApacheLogGenerator.Arn + Id: !Sub LambdaFunctionApacheLogGenerator-${AWS::StackName} + + + PermissionForEventsToInvokeLambda: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !Ref LambdaFunctionApacheLogGenerator + Action: lambda:InvokeFunction + Principal: events.amazonaws.com + SourceArn: !GetAtt EventBridgeRule.Arn