pubsys: add SSM parameter publishing #1060
Conversation
|
^ This push fixes an issue Ben found. There's a convenience function to join together SSM prefix and parameter name, making sure there's only one slash between them, and we removed a character in the wrong branch. |
| @@ -38,6 +38,8 @@ regions = ["us-west-2", "us-east-1", "us-east-2"] | |||
| profile = "my-profile" | |||
| # If specified, we assume this role before making any API calls. | |||
| role = "arn:aws:iam::012345678901:role/assume-global" | |||
| # If specified, this string will be prefixed on all parameter names published to SSM. | |||
| ssm_prefix = "/your/prefix/here" | |||
There was a problem hiding this comment.
The path to the ssm policy is not specified in Infra.toml?
There was a problem hiding this comment.
Yeah, though we could consider moving it, and there's also some separate discussion about combining some of our configuration sources...
The way we were thinking about the configuration sources is that the Makefile would have default values/paths for things that should work for most people and rarely need to change; Infra.toml would have user-specific settings that rarely need to change; parameters handle things that always need to be specified or frequently change; and JSON files as a "runtime store" for things that change each time, like the AMI IDs.
| name = "{variant}/{arch}/{image_version}/image_id" | ||
| value = "{image_id}" | ||
|
|
||
| [[parameter]] |
There was a problem hiding this comment.
Don't we have one of these for current? Should that be in the defaults.toml as well?
There was a problem hiding this comment.
For cargo ssm, the image_version in the template is replaced by the version you're building, and for promote-ssm, by the version you specify with -e SSM_TARGET=. So when we want to publish latest, we'd do cargo make promote-ssm -e SSM_TARGET=latest. In our release process we're planning to promote once from the full version (e.g. 0.5.0-abcdef) to the short version (0.5.0) and again to latest.
`cargo make ssm` will use the amis.json from `cargo make ami` to populate parameter name/value templates from files in `policies/ssm`. The parameters are set in SSM using the full build version, e.g. "0.5.0-abcdef", and it won't overwrite by default. `cargo make promote-ssm -e SSM_TARGET=VERSION` will promote (copy) those values from the full-build-version name to a more general one. It's recommended to promote from the full version to a short version like "0.5.0", then to a well-known pointer like "latest". This allows for easy rollback by promoting from an older version, using `-e SSM_SOURCE=OLD_VERSION`. Co-authored-by: Zac Mrowicki <mrowicki@amazon.com> Co-authored-by: Tom Kirchner <tjk@amazon.com>
|
^ This force-push fixes a typo caught by @webern. |
cargo make ssmwill use the amis.json fromcargo make amito populateparameter name/value templates from files in
policies/ssm. The parametersare set in SSM using the full build version, e.g. "0.5.0-abcdef", and it won't
overwrite by default.
cargo make promote-ssm -e SSM_TARGET=VERSIONwill promote (copy) those valuesfrom the full-build-version name to a more general one. It's recommended to
promote from the full version to a short version like "0.5.0", then to a
well-known pointer like "latest". This allows for easy rollback by promoting
from an older version, using
-e SSM_SOURCE=OLD_VERSION.Testing done:
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.