feat: Merge Egress, AppStream and Account Update features (awslabs#750)

* Add Egress Store Toggle Setting * feat: Add iEgress Store Toggle Setting * feat: GALI-933 and GALI-934 add UI changes for egress store request submission and potential error * minor comment fix * fix: data-egress-controller lint issue * docs: Update docs to specify Packer version 1.6.0 (awslabs#484) * fix: adds 'stopped' filter for workspaces * bulkUserAdd API bugfix (awslabs#490) * fix: bug in openapi.yaml introduced in previous PR with unescaped asterisk causing malformed YAML file * fix: adds validation checks and more informative error messages for bulk-add-users API call. * fix: added unit and integration tests for changes * fix: moved notification boxes to avoid blocking the top ribbon. (awslabs#483) * chore: Update UI to show 3.1 (awslabs#493) * chore: Update issue templates (awslabs#487) * chore: Update issue templates * Trigger notification * fix: changes per review Co-authored-by: Robert Smayda <smayda44@gmail.com> * fix: Redirect non admin users to "/" if they try to access "/users" (awslabs#489) * chore: update PR checklist (awslabs#494) * chore: Add GH action to check for dependency vulnerabilities (awslabs#498) * fix: react compilation error (awslabs#500) * docs: hyperlink corrections (awslabs#497) * <docs: added hyperlinks in packer readme> * Revert "<docs: added hyperlinks in packer readme>" This reverts commit 501b7de. * docs: corrected the hyperlinks * feat: study permissions only shown to Study Admin (awslabs#501) * fix: add termination status for non-found workspaces (awslabs#502) * fix: Do not allow users to change root password (awslabs#503) * chore: docs dependency fix (awslabs#505) * chore(deps): bump dns-packet from 1.3.1 to 1.3.4 in /docs (awslabs#507) * chore(deps): bump dns-packet from 1.3.1 to 1.3.4 in /docs Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4. - [Release notes](https://github.com/mafintosh/dns-packet/releases) - [Changelog](https://github.com/mafintosh/dns-packet/blob/master/CHANGELOG.md) - [Commits](mafintosh/dns-packet@v1.3.1...v1.3.4) Signed-off-by: dependabot[bot] <support@github.com> * feat: Add warning that internal authentication shouldn't be used in production (awslabs#506) * feat: Encrypt s3 buckets for EMR log bucket and CICD Artifact bucket (awslabs#508) * chore: Disable EBS volume for storage gateway (awslabs#511) Co-authored-by: Tim Nguyen <thingut@amazon.com> * chore: Add encryption to CICD SNS topic (awslabs#512) Co-authored-by: Tim Nguyen <thingut@amazon.com> * fix: minor UI fix, add demo info * fix: remove console output and message update * feat: App Stream vpc (awslabs#523) * feat: [feat-secure-workspace-egress] GALI-884 Backend Egress Store Initiation (awslabs#510) * update Service Catalog template * add Egress Store init function when workspace is created * fix: data-egress-service lint * fix: environment-config-var-service.test testing with data-egress-service as dependency * fix: move reusable function into utiil * fix: update create-egress-store.json schema validation * fix: remove duplicate function in environment-resource-service.js * fix: update egress store resource config and update pnpm-lock * fix: add unit test of data egress service * fix: rephrase config note * fix: add more unit test for data egress service Co-authored-by: Xian Zhang <zhaxan@amazon.com> Co-authored-by: Jeet <68876606+jn1119@users.noreply.github.com> * feat: addon-egress-store-stack-policy * fix: lint in unit test * fix: add enableEgressStore in setting file * fix: store lint issue * feat: Extend account onboarding template to include AppStream resources (awslabs#539) * feat: Add image builder scripts (awslabs#541) * fix: remove redundant policy code * fix: change addon name to general name and update config explanation * fix: update pnpm-lock file * Minor changes to .defaults.yml * docs: Minor doc changes to example.yml * chore: delete terminate-egress-store.json * feat: add egress store termination * fix: update openapi * fix: update controller with no response for delete * fix: update codecov.yml * fix: codecov.yml * fix: add user test * fix: update openapi.yaml * fix: apply more test and user validation on calling ES termination function * fix: update error msg * fix: add lock for updating/write DDB item * fix: use workspace id as egress store id to aviod situation multiple egress store attached to one workspace. * fix: add s3-service test and update s3-service with error catch * fix: update pnpm-lock file * fix: update high_vul_threshold to 4 * fix: add test cases for s3 service * fix: fix lint issue of S3-service.test.js * fix: add list user test * fix: post deployment step check if egress store is enabled. * fix: shorten the workflowlooprunner role policy size * fix: update uppercase in post deployment step * fix: temp set high_vul_threshold to 4 * fix: update test of cfn stack policy updater * fix: update stack policy from empty stack policy * fix: resolve lint issue * fix: add unit test for updating stack policy * feat: Air gap EC2 and Sagemaker workspaces (awslabs#555) * feat: add object tagging functionality * fix: clean up test * fix: add egress test * fix: add s3 tests * fix: fix s3 tests * fix: add s3 service test and data-egress-serviice * feat: Allow creating new AppStream enabled account (awslabs#566) * feat: Story update connect (awslabs#571) * feat: adding logic to connect API * feat: adding scripts for firefox appstream * test: buildImage changes * test: launch params in abs path * fix: add missing space in launch params * fix: copy firefox ps script to App * feat: changing appstream stack name * feat: appstream returns dest url in connection * feat: adding UI changes for url scheme * fix: using isAppStreamEnabled flag * feat: update link in apsstream setup * code cleanup * chore: update lock file * fix: pull variable from env * fix: throw error for appstream resource not found * remove unreachable code * fix: workspace provision error when egressStoreIAMPolicyDocument is null * fix: add compute-platform-service test * feat: added backend code for connecting with Windows environments via AppStream (awslabs#576) * fix: Provision environment pulls namespace value from stack id (awslabs#575) * feat: Appstream connection updates (awslabs#578) * feat: editing UI components for appstream * feat: adding ec2linux ps1 file * fix: add ec2linux in buildImage * feat: update ec2linux ps1 location * feat: UI improvements appstream * testing changes * feat: adding UI changes for appstream * feat: changes per review * fix: single quotes to double * fix: update MobX observable in action * fix: mobx observable fix * update observables * fix: move egressStoreObjectHandler into postdeployment to avoid deployment with s3 bucket not found error * fix: test fix * fix: add compute-*-service tests * fix: add compute-price-service test * feat: appstream connect UI changes (awslabs#580) * fix: test coverage addition for appstream * feat: update instructions for appstream * feat: adding flag for list call * feat: adding appstream instruction * fix: add egress service tests * fix: serverless-plugin-ifelse dependency * feat: add notification * chore: Add provision account unit test (awslabs#572) * feat: add object list for egress store * fix: add db access for role:RoleEgressStoreObjectsHandler in post-deployment * fix: remove unused function in store * fix: fix data egress tests * fix: remove used data in UI * fix: lint * fix: lint * fix: lint and clean code * fix: lint issue in service and test * fix: add data-egress service * fix: add s3 tests * fix: lint in test * Update AppStream feat branch with latest code from develop (awslabs#585) * feat: AppStream code hardening (awslabs#583) * test: adding appstream unit tests * feat: adding unit tests for appstream URL plugin * fix: UI typo fix * feat: adding e2e tests for appstream instructions * test: optimizing e2e appstream tests * fix: potential dep vulnerabilities * fix: deployment with config * fix: data-egress service and tests * fix: remove console.log * fix: test * fix: lint * fix: tests for s3 service and data egress service * fix: s3-service tests * fix: s3 service to export api when init * feat: workspace provisioning mgmt (awslabs#594) * feat: env prov API update for appstream * feat: UI changes to verify proj appstream config * test: adding project service appstream tests * test: adding e2e test to verify create disabled * fix: changes per review * fix: await async methods (awslabs#599) * fix: prevent redundant looping (awslabs#600) * fix: unit test env connection & S3 service (awslabs#601) * fix: unit test env connection * fix: update s3 service to initiate S3 * feat: add disable BYOB when egress store feature is enabled * fix: add study service test * fix: lint * fix: using the string value of AppStream flag (awslabs#604) * Fix: ui and backend egress logic while terminating workspace * fix: data-egress service * fix: lint * feat: Restrict SageMaker presigned URL access to private VPC endpoint (awslabs#608) * fix: modify create-egress-store json validation * fix: hot fix for enable egress store submission * feat: post deploy appstream step (awslabs#612) * feat: add post dep step for appstream stack policy * test: adding unit tests update cfn policy * fix: changes per review * feat: Update Account page to use cards for Accounts. Update Account onboarding to use CFN template links. PRs: https://github.com/awslabs/service-workbench-on-aws/pulls?q=is%3Apr+author%3Aahl27+is%3Aclosed+APU * feat: Update APU feature to support onboarding and updating AppStream accounts (awslabs#606) * docs: onboarding account gali 1059 * docs: PR feedback addressed * fix: egress button submission error * fix: add egress store service tests * fix: lint issue * fix: get appstream setting optional bool (awslabs#633) * fix: get appstream setting optional bool * fix: changing optionalBoolean to getBoolean * fix: unit tests for getBoolean * undo potential merge conflict * feat: Disable CIDR feature when AppStream is enabled (awslabs#632) feat: Disable CIDR feature when AppStream is enabled * fix: egress store data access cross account * fix: add remove kms key policy unit test * fix: update kms policy when no study selected * fix: update method name to updateKMSPolicyForEgress * fix: Filter out empty CIDR blocks from security group details (awslabs#645) * fix: egress store should be terminated if it's not used after creation * fix: add error msg when error occurs in putting bucket policy * fix: lint issue * fix: edit error message * fix: lint * feat: Onboard instruction update (awslabs#647) * Update onboard account instructions * Trigger notification Co-authored-by: Tim Nguyen <thingut@amazon.com> * fix: edit bucket policy * fix: Various TRE bugfixes (awslabs#642) * fix: add pre-deployment * fix: add pre-deployment to delete environment * fix: lint * fix: minor egress update * fix: egress error message * fix: fix BYOB studies to work with SageMaker and EC2 Linux when AppStream is enabled (awslabs#658) * feat: Allow termination of non-appstream envs (awslabs#655) * feat: warn users to terminate non-appstream envs * feat: add check plugin for awsAccount APIs * fix: older unit tests * updated optionalBoolean to getBoolean in unit test * fix: changes per review * test: added unit tests for aws mgmt appstream * code cleanup * fix: remove unsed setting * fix: update error message in util function * fix: fix BYOB to work for EC2 Windows when AppStream is enabled (awslabs#662) * doc: adding pre-requisite info for appstream (awslabs#664) * doc: adding pre-requisite info for appstream * fix: Trigger Build * fix: lambda error (awslabs#670) * fix: account status check lambda * code cleanup * test: Split integration and E2E tests for AppStream/NonAppStream (awslabs#663) * test: connection url appstream (awslabs#673) * feat: adding appstream integ tests for connect URL * code cleanup * fix: changes per review * code cleanup * fix: Fix AccountOnboardingHandler to correctly check for non-AppStream environments (awslabs#677) * feat: adding Egress integ tests (awslabs#679) * feat: adding Egress integ tests * fix: code cleanup * change per review * test: Added appstream workspace tests (awslabs#671) * fix: Correct stage name for deploying TRE SWB (awslabs#681) * fix: Correct stage name for deploying TRE SWB * Second line Co-authored-by: Tim Nguyen <thingut@amazon.com> * fix: Enable AppStream and Egress Store (awslabs#682) Co-authored-by: Tim Nguyen <thingut@amazon.com> * fix: Run AppStream version of the tests (awslabs#683) Co-authored-by: Tim Nguyen <thingut@amazon.com> * fix: Correct Appstream test command to pick up spec files (awslabs#684) * Rstudio AppStream integration (awslabs#678) * feat: Integrate RStudio workspaces with AppStream * chore: change condition for SSM endpoint to include custom domain presence * fix: open data lambda in appstream env (awslabs#687) * chore: Merge mainline into feat-secure-workspace-egress (awslabs#659) * fix: Use bucket region if available while mounting BYOB studies (awslabs#692) * fix: Allow Sagemaker Appstream workspaces to autostop (awslabs#689) * fix:Add AppStream param to envPollHandler error and allow Sagemaker instance access to Sagemaker API Endpoint * Remove commented out code Co-authored-by: Tim Nguyen <thingut@amazon.com> * test: Added infrastructure tests (awslabs#696) * fix: member account share appstream bug (awslabs#712) * fix: externalId requirement for add account form (awslabs#713) * fix: externalId requirement for add account form * test: adding unit test for add member account * fix: add required attribute to unit test * fix: remove hardcoded externalId string * feat: swb main study role (awslabs#710) * fix: enableEgressStore flag is boolean, not string (awslabs#715) * feat: Pull AppStream create connection test env id from config file (awslabs#718) Co-authored-by: Tim Nguyen <thingut@amazon.com> * feat: remove egress bucket pol (awslabs#720) * feat: removing egress bucket policy * test: adjusting unit tests for new business logic * fix: update main role prefix for workflow perms * add swb prefix for main study role in apiHandler * chore: Make Egress store function with roles and remove kms whitelisting of member accounts (awslabs#723) * fix: converting Egress flag from boolean to string bug (awslabs#730) * fix: Disable public IP address for Linux, Windows, and RStudio when AppStream is enabled(awslabs#731) * chore: Update aws-sdk to latest V2 version (awslabs#734) * Update Cypress tests to match tests from develop * Update integration test to include isAppStreamEnabled flag * Bump axios version for integratio test * Trigger notification * fix linting issues * Update test * chore: Merge develop and feat-egress-store-role into feat-secure-workspace-egress (awslabs#735) * feat: Create dedicated SGs for environment and interface endpoints (awslabs#736) * Revert "chore: Merge develop and feat-egress-store-role into feat-secure-workspace-egress (awslabs#735)" This reverts commit 40d54e8. * feat: Fetch egress store data by id instead of using a scan (awslabs#741) * fix: Delete egress role in workflow instead of API (awslabs#740) Co-authored-by: Tim Nguyen <thingut@amazon.com> * fix: Remove PolicyWorkflowLoopRunner DependsOn PermissionBoundaryPolicyStudyBucket * WIP: Allow shareAppStreamImage for update accoutn request * Update tests * Fix typos * Update AppStream egress disabled tests * chore: update docs and script to reference * docs: egress docs (awslabs#742) * docs: egress docs * Fix prepare_master_account file and remove yarn.lock file * docs: post deployment guide updates * docs: pr review * docs: spelling correction * docs: new post depl guide * docs: new post depl manual Co-authored-by: Sharma <shyogesh@88665a06ebc4.ant.amazon.com> Co-authored-by: Tim Nguyen <thingut@amazon.com> * docs: Minor comment updates and add copyright headers (awslabs#751) Co-authored-by: Xian Zhang <zhaxan@amazon.com> Co-authored-by: Tim Nguyen <nguyen102@users.noreply.github.com> Co-authored-by: ahl27 <lakaidan@amazon.com> Co-authored-by: Aidan Lakshman <aidanlakshman@gmail.com> Co-authored-by: Robert Smayda <smayda44@gmail.com> Co-authored-by: Sanket Dharwadkar <sdharwad@amazon.com> Co-authored-by: shyogesh-sw <79225266+shyogesh-sw@users.noreply.github.com> Co-authored-by: Yanyu Zheng <yz2690@columbia.edu> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tim Nguyen <thingut@amazon.com> Co-authored-by: zhaxan <25250067+MBtea@users.noreply.github.com> Co-authored-by: Aidan Lakshman <ahl27@pitt.edu> Co-authored-by: Yogesh Sharma <shyogesh@amazon.com> Co-authored-by: Marianna Ghirardelli <43092418+maghirardelli@users.noreply.github.com> Co-authored-by: Sharma <shyogesh@88665a06ebc4.ant.amazon.com>
jxuamazon · Oct 14, 2021 · 0659d60 · 0659d60
1 parent 482a521
commit 0659d60
Show file tree

Hide file tree

Showing 529 changed files with 54,143 additions and 10,157 deletions.
diff --git a/.github/workflows/deploy-integ-appstream-egress.yml b/.github/workflows/deploy-integ-appstream-egress.yml
@@ -0,0 +1,130 @@
+#
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+name: Deploy & Integration Test (AppStream and Egress Enabled)
+on:
+  push:
+    branches:
+      - feat-secure-workspace-egress
+jobs:
+  pre-deployment-check:
+    name: Pre deployment check
+    runs-on: ubuntu-18.04
+    timeout-minutes: 10
+    steps:
+      - name: "Block Concurrent Deployments"
+        uses: softprops/turnstyle@v1
+        with:
+          poll-interval-seconds: 10
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  deploy:
+    name: Deploy to AppStream Dev
+    runs-on: ubuntu-18.04
+    needs: pre-deployment-check
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.13
+      - name: Install pnpm
+        run: npm install -g pnpm
+      - name: Install dependencies
+        run: ./scripts/install.sh
+      - name: Build all packages
+        run: ./scripts/build-all-packages.sh
+      - name: Deploy
+        env:
+          STAGE_NAME: tre
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS}}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }}
+        run: |
+          cp ./main/end-to-end-tests/e2eGitHubConfig.AppStreamEgress.yml ./main/config/settings/${STAGE_NAME}.yml
+          ./scripts/environment-deploy.sh ${STAGE_NAME}
+  infrastructure-test:
+    name: Infrastructure test
+    runs-on: ubuntu-18.04
+    needs: deploy
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Install pnpm and system libraries
+        run: npm install -g pnpm
+      - name: Install dependencies
+        run: pnpm install
+        working-directory: main/infrastructure-tests
+      - name: Run infrastructure tests
+        run: pnpm run testAppStreamEgressEnabled -- --stage=github
+        working-directory: ./main/infrastructure-tests
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }}
+          INFRA_TESTS_HOSTING_ACCOUNT_ID: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_ID }}
+          INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME }}
+  integration-test:
+    name: Integration test
+    runs-on: ubuntu-18.04
+    needs: infrastructure-test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Install pnpm and system libraries
+        run: |
+          npm install -g pnpm
+          sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb
+      - name: Install dependencies
+        run: pnpm install
+        working-directory: main/integration-tests
+      - name: Run integration tests
+        run: ./scripts/run-integration-tests.sh ${STAGE_NAME} AppStreamEgress
+        working-directory: ./
+        env:
+          DEPLOYMENT_BUCKET: ${{ secrets.DEPLOYMENT_BUCKET_APPSTREAM_EGRESS}}
+          STAGE_NAME: tre
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_APPSTREAM_EGRESS }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_APPSTREAM_EGRESS }}
+          aws-region: us-east-1
+  cypress-test:
+    name: Cypress test
+    runs-on: ubuntu-18.04
+    needs: integration-test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Install pnpm and system libraries
+        run: |
+          npm install -g pnpm
+          sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb
+      - name: Install dependencies
+        run: pnpm install
+        working-directory: main/end-to-end-tests
+      - name: Run cypress test
+        run: pnpm run cypress:run-tests:github:appstream-egress-enabled
+        working-directory: main/end-to-end-tests
+        env:
+          # Env parameters for cypress tests need header 'CYPRESS_' or 'cypress_'
+          # Cypress will strip the header and pass it to the tests
+          CYPRESS_BASE_URL: ${{ secrets.CYPRESS_BASE_URL_APPSTREAM_EGRESS}}
+          CYPRESS_researcherEmail: ${{ secrets.CYPRESS_RESEARCHER_EMAIL_APPSTREAM_EGRESS}}
+          CYPRESS_researcherPassword: ${{ secrets.CYPRESS_RESEARCHER_PASSWORD_APPSTREAM_EGRESS}}
+          CYPRESS_adminEmail: ${{ secrets.CYPRESS_ADMIN_EMAIL_APPSTREAM_EGRESS}}
+          CYPRESS_adminPassword: ${{ secrets.CYPRESS_ADMIN_PASSWORD_APPSTREAM_EGRESS}}
diff --git a/.gitignore b/.gitignore
@@ -32,6 +32,7 @@ docs/build
 */*/*/config/settings/*.yml
 !*/*/*/config/settings/.defaults.yml
 !*/*/*/config/settings/example*.yml
+!main/infrastructure-tests/config/settings/github.yml
 
 # rStudio specific
 source/ServiceWorkbenchOnAWS/main/solution/machine-images/config/infra/files/rstudio/*
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -360,4 +360,4 @@ We recommend to apply this patch as soon as possible
 
 ### Added
 
-- Initial launch! :rocket:
+- Initial launch! :rocket:
diff --git a/addons/addon-base-post-deployment/packages/base-post-deployment/package.json b/addons/addon-base-post-deployment/packages/base-post-deployment/package.json
@@ -2,14 +2,14 @@
   "name": "@aws-ee/base-post-deployment",
   "version": "1.0.0",
   "private": true,
-  "description": "A library containing base set of post-deployment steps to be run with solutions based on <TODO-NAME> addons",
+  "description": "A library containing base set of post-deployment steps",
   "author": "Amazon Web Services",
   "license": "Apache-2.0",
   "dependencies": {
     "@aws-ee/base-api-services": "workspace:*",
     "@aws-ee/base-services": "workspace:*",
     "@aws-ee/base-services-container": "workspace:*",
-    "aws-sdk": "^2.647.0",
+    "aws-sdk": "^2.1000.0",
     "generate-password": "^1.5.0",
     "lodash": "^4.17.21"
   },

diff --git a/addons/addon-base-pre-deployment/packages/base-pre-deployment/.eslintrc.json b/addons/addon-base-pre-deployment/packages/base-pre-deployment/.eslintrc.json
@@ -0,0 +1,25 @@
+{
+  "extends": ["plugin:jest/recommended", "airbnb-base", "prettier"],
+  "plugins": ["jest", "prettier"],
+  "rules": {
+    "prettier/prettier": ["error"],
+    "no-unused-vars": [
+      "error",
+      {
+        "varsIgnorePattern": "^_.+",
+        "argsIgnorePattern": "^_",
+        "caughtErrorsIgnorePattern": "^_",
+        "args": "after-used",
+        "ignoreRestSiblings": true
+      }
+    ],
+    "prefer-destructuring": 0,
+    "no-underscore-dangle": 0,
+    "no-param-reassign": 0,
+    "class-methods-use-this": 0,
+    "no-use-before-define": 0
+  },
+  "env": {
+    "jest/globals": true
+  }
+}
diff --git a/addons/addon-base-pre-deployment/packages/base-pre-deployment/.gitignore b/addons/addon-base-pre-deployment/packages/base-pre-deployment/.gitignore
@@ -0,0 +1,23 @@
+**/.class
+**/.DS_Store
+**/coverage
+**/node_modules
+
+**/npm-debug.log
+**/pnpm-debug.log
+
+# Serverless directories
+.serverless
+
+# Webpack generated directories
+.webpack
+
+# VisualStudioCode.gitignore
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+# IntelliJ Idea Module Files
+*.iml
diff --git a/addons/addon-base-pre-deployment/packages/base-pre-deployment/.prettierrc.json b/addons/addon-base-pre-deployment/packages/base-pre-deployment/.prettierrc.json
@@ -0,0 +1,7 @@
+{
+  "tabWidth": 2,
+  "printWidth": 120,
+  "singleQuote": true,
+  "quoteProps": "consistent",
+  "trailingComma": "all"
+}
diff --git a/addons/addon-base-pre-deployment/packages/base-pre-deployment/README.md b/addons/addon-base-pre-deployment/packages/base-pre-deployment/README.md
@@ -0,0 +1,13 @@
+## To invoke pre deployment locally
+
+After you run
+
+```
+$ pnpx sls deploy -s <stage>
+```
+
+You can invoke lambda locally
+
+```
+$ pnpx sls invoke local -f preDeployment -s <stage>
+```
diff --git a/addons/addon-base-pre-deployment/packages/base-pre-deployment/jest.config.js b/addons/addon-base-pre-deployment/packages/base-pre-deployment/jest.config.js
@@ -0,0 +1,26 @@
+/*
+ *  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License").
+ *  You may not use this file except in compliance with the License.
+ *  A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ *  or in the "license" file accompanying this file. This file is distributed
+ *  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *  express or implied. See the License for the specific language governing
+ *  permissions and limitations under the License.
+ */
+
+// jest.config.js
+module.exports = {
+  // verbose: true,
+  notify: false,
+  testEnvironment: 'node',
+  // testPathIgnorePatterns: ['service.test.js'],
+
+  // Configure JUnit reporter as CodeBuild currently only supports JUnit or Cucumber reports
+  // See https://docs.aws.amazon.com/codebuild/latest/userguide/test-reporting.html
+  reporters: ['default', ['jest-junit', { suiteName: 'jest tests', outputDirectory: './.build/test' }]],
+};
diff --git a/addons/addon-base-pre-deployment/packages/base-pre-deployment/jsconfig.json b/addons/addon-base-pre-deployment/packages/base-pre-deployment/jsconfig.json
@@ -0,0 +1,6 @@
+{
+  "exclude": [
+    "node_modules",
+    "**/node_modules/*"
+  ]
+}
diff --git a/...ns/addon-base-pre-deployment/packages/base-pre-deployment/lib/deployment-store-service.js b/...ns/addon-base-pre-deployment/packages/base-pre-deployment/lib/deployment-store-service.js
@@ -0,0 +1,88 @@
+/*
+ *  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License").
+ *  You may not use this file except in compliance with the License.
+ *  A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ *  or in the "license" file accompanying this file. This file is distributed
+ *  on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *  express or implied. See the License for the specific language governing
+ *  permissions and limitations under the License.
+ */
+
+const Service = require('@aws-ee/base-services-container/lib/service');
+const { runAndCatch } = require('@aws-ee/base-services/lib/helpers/utils');
+
+const createOrUpdateSchema = require('./schema/deployment-item');
+
+const settingKeys = {
+  tableName: 'dbDeploymentStore',
+};
+
+class DeploymentStoreService extends Service {
+  constructor() {
+    super();
+    this.dependency(['jsonSchemaValidationService', 'dbService']);
+  }
+
+  async init() {
+    await super.init();
+    const [dbService] = await this.service(['dbService']);
+    const table = this.settings.get(settingKeys.tableName);
+
+    this._getter = () => dbService.helper.getter().table(table);
+    this._updater = () => dbService.helper.updater().table(table);
+    this._query = () => dbService.helper.query().table(table);
+    this._deleter = () => dbService.helper.deleter().table(table);
+  }
+
+  async find({ type, id, fields = [] }) {
+    return this._getter()
+      .key({ type, id })
+      .projection(fields)
+      .get();
+  }
+
+  async mustFind({ type, id, fields = [] }) {
+    const result = await this.find({ type, id, fields });
+    if (!result) throw this.boom.notFound(`deployment item of type "${type}" and id "${id}" does not exist`, true);
+    return result;
+  }
+
+  async createOrUpdate(rawData) {
+    const [validationService] = await this.service(['jsonSchemaValidationService']);
+
+    // Validate input
+    await validationService.ensureValid(rawData, createOrUpdateSchema);
+
+    const { type, id } = rawData;
+
+    // Time to save the the db object
+    return this._updater()
+      .key({ type, id })
+      .item(rawData)
+      .update();
+  }
+
+  async delete({ type, id }) {
+    // Lets now remove the item from the database
+    const result = await runAndCatch(
+      async () => {
+        return this._deleter()
+          .condition('attribute_exists(type) and attribute_exists(id)') // yes we need this
+          .key({ type, id })
+          .delete();
+      },
+      async () => {
+        throw this.boom.notFound(`deployment item of type "${type}" and id "${id}" does not exist`, true);
+      },
+    );
+
+    return result;
+  }
+}
+
+module.exports = DeploymentStoreService;