aws-deployment-framework icon indicating copy to clipboard operation
aws-deployment-framework copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Improve single-repo hub-spoke deployment experience

Open Lux-CC opened this issue 4 years ago • 2 comments

This issue is a combines some of the issues I've experienced recently when trying to deploy two different stacks from the same repo in a single pipeline for an enterprise customer.

What am I trying to achieve? I'm trying to deploy a hub-spoke-like template in which I first deploy a stack to a 'hub' account (for example for a centralized mailing solution). Then, based on the outputs of that first stack (i.e. a secret ARN), deploy some basic resources to all other accounts in the organization. I usually have these two templates and parameters in different folders of that repository (for example hub/ and spoke/)

What problems I'm running into?

  • The package_transform helper script is built to work in $CODEBUILD_SRC_DIR and makes the use of the root_dir: hub option harder. Workaround: run CODEBUILD_SRC_DIR=$CODEBUILD_SRC_DIR/hub bash adf-build/helpers/package_transform.sh instead
  • Package transform cannot transform templates named other than template.yml. Workaround: name all templates template.yml
  • I have to install the adf 'shared' builds twice (both in the hub and in the spoke folder) to generate the params:
     - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet # Copy down the shared modules from S3
      - pip install -r adf-build/requirements.txt -q # Install Requirements via requirements.txt
      - python adf-build/generate_params.py  # Generate Parameter files dynamically
  • when the hub is a 'normal' cloudformation template and the spoke is SAM, ADF always looks for template_{region}.yml when CONTAINS_TRANSFORM is set to true (see adf_codepipeline.py). Workaround: use the package transform twice even though not required.
  • when using param_overrides to pass parameters from the hub stage to spoke stages, you can only pass 1 parameter.
  • param_overrides does not work if you specify different root_dir options in different stages. When zipping it includes the root_dir folder, but the next stage can't read that.

Also, it's not documented that template_filename does't work when using package_transform. Happy to help on some of these issues, but I'm first curious to what your thoughts on this use-case is.

Lux-CC avatar Feb 10 '21 13:02 Lux-CC

Since it's been almost a month now without any reply and this is still an active problem for us, I was wondering if there are any plans at all on picking up the issue? Or what are your thoughts on hub-spoke deployments with ADF?

Lux-CC avatar Mar 09 '21 09:03 Lux-CC

@LRuttenCN I faced exactly the same issue..we have 2 different stacks in the same repo and we need to deploy them with in the same pipeline and only one of them have SAM..thank you for bringing this up and currently I'm trying to follow the workarounds you mentioned but still want to know if this is the best way to do this..fingers crossed

csmuthukuda avatar Mar 10 '21 02:03 csmuthukuda

I am happy to inform you that this feature was added in v3.2.0. I'm hereby closing this issue.

sbkok avatar May 17 '24 19:05 sbkok