Cloud Deployment Framework (CDF) provides an automated, cloud native, and secure way to deploy cloud resources. Based on JSON configuration files, CDF uses AWS CDK to automatically create Codepipeline Pipelines that clone repos, run secrutiy checks on code, and deploy resources. It will also build any needed docker containers for Codebuild Projects
| Infrastructure as Code Tools | Link |
|---|---|
| Cloud Formation | https://aws.amazon.com/cloudformation/ |
| Terraform | https://www.terraform.io |
| Tools | Description | Link |
|---|---|---|
| cfn_nag | The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure | https://github.com/stelligent/cfn_nag |
| checkov | Checkov uses a common command line interface to manage and analyze infrastructure as code (IaC) scan results across platforms such as Terraform, CloudFormation, Kubernetes, Helm, ARM Templates and Serverless framework | https://www.checkov.io |
| Semgrep (Coming soon) | Static analysis at ludicrous speed Find bugs and enforce code standards | https://semgrep.dev |
You will need the following on your local machine:
- Python3
- awscli
- cdk: run the Bootstrapping process four at https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html
cdk bootstrap aws://ACCOUNT-NUMBER-1/REGION-1- docker
- Clone the repo
- Rename
config.d.templatestoconfig.d - Edit
config.d/config.jsonto set pipelines names, sources, deployment options, and any parameters needed
Sample config.json file:
{
"pipelines" :[
{
"name" : "cfn-pipeline1",
"provider" : "aws",
"source" : {
"source_type" : "codecommit",
"repo_name" : "cdf-repo1",
"branch" : "main"
},
"deployment" : {
"assume_role" :{
"role": "TODO"
},
"aws_account" : "",
"iam_policy_file" : "config.d/iam-policy.json",
"region" : "us-east-1",
"type" : "cfn",
"parameters" : "VpcCIDR=10.0.0.0/16 Region=$REGION",
"capabilities" : "CAPABILITY_IAM CAPABILITY_NAMED_IAM",
"deployment_file" : "main.yaml",
"checks" : [
"general_all",
"cfn_nag",
"checkov"
]
}
},
]
}-
Edit the IAM policy file used by the pipeline to deploy resources
config.d/iam-policy.jsonNote: This file is referenced inconfig.d/config.json. It is recomended to have different policies for each pipeline -
Run:
cdk deploy --all- Verify that your pipelines were created in Codepipline in AWS console
To report a bug, request a feature, or submit a suggestion/feedback, please submit an issue through the GitHub repository: https://github.com/Ahmed-AG/cdf/issues/new