From 2ba13a92cef00a424a7655536341eee7ad65e6b6 Mon Sep 17 00:00:00 2001 From: Kay Hau Date: Sun, 29 Sep 2024 16:43:32 +1000 Subject: [PATCH] Refactored Phoenix IaC and added IaC test workflow for Phoenix --- .github/workflows/bedrock-build.yml | 30 ++++++++++++++++----- Bedrock/cdk/phoenix/Makefile | 15 ++++++----- Bedrock/cdk/phoenix/app.py | 6 +++-- Bedrock/cdk/phoenix/{ => lib}/base_infra.py | 27 ++++++++++++------- Bedrock/cdk/phoenix/{ => lib}/phoenix.py | 2 +- CHANGELOG.md | 5 ++-- 6 files changed, 57 insertions(+), 28 deletions(-) rename Bedrock/cdk/phoenix/{ => lib}/base_infra.py (65%) rename Bedrock/cdk/phoenix/{ => lib}/phoenix.py (99%) diff --git a/.github/workflows/bedrock-build.yml b/.github/workflows/bedrock-build.yml index e3be7823..7d6e161d 100644 --- a/.github/workflows/bedrock-build.yml +++ b/.github/workflows/bedrock-build.yml @@ -14,7 +14,6 @@ concurrency: defaults: run: shell: bash - working-directory: Bedrock/cdk/guardrail jobs: bedrock-guardrail: @@ -24,22 +23,41 @@ jobs: ENV_STAGE: dev steps: - uses: actions/checkout@v4 - - run: make lint-python - - uses: actions/setup-node@v4 with: node-version: 22 - - name: Set up aws-cdk run: make install-cdk - - name: Print deployment environment run: | echo "INFO: cdk version: $(cdk --version)" echo "INFO: node version: $(node --version)" echo "INFO: npm version: $(npm --version)" echo "INFO: python3 version: $(python3 --version)" - - name: Run cdk synth + working-directory: Bedrock/cdk/guardrail run: make synth-guardrail + + bedrock-phoenix: + name: Test Bedrock Phoenix IaC + runs-on: ubuntu-latest + env: + ENV_STAGE: dev + steps: + - uses: actions/checkout@v4 + - run: make lint-python + - uses: actions/setup-node@v4 + with: + node-version: 22 + - name: Set up aws-cdk + run: make install-cdk + - name: Print deployment environment + run: | + echo "INFO: cdk version: $(cdk --version)" + echo "INFO: node version: $(node --version)" + echo "INFO: npm version: $(npm --version)" + echo "INFO: python3 version: $(python3 --version)" + - name: Run cdk synth + working-directory: Bedrock/cdk/phoenix + run: make synth-local diff --git a/Bedrock/cdk/phoenix/Makefile b/Bedrock/cdk/phoenix/Makefile index dd9f4b1e..81ef94eb 100644 --- a/Bedrock/cdk/phoenix/Makefile +++ b/Bedrock/cdk/phoenix/Makefile @@ -9,16 +9,19 @@ install-cdk: python3 -m pip install -U pip pip3 install -r requirements.txt -synth-phoenix: +synth: cdk synth $(APP_NAME)-Phoenix -c env=$(ENV_STAGE) -diff-phoenix: +synth-local: + CDK_LOCAL_SYNC=true cdk synth $(APP_NAME)-Phoenix -c env=$(ENV_STAGE) + +diff: cdk diff $(APP_NAME)-Phoenix -c env=$(ENV_STAGE) -deploy-phoenix: - cdk deploy $(APP_NAME)-Phoenix -c env=$(ENV_STAGE) $(APP_NAME) --require-approval never +deploy: + cdk deploy $(APP_NAME)-Phoenix -c env=$(ENV_STAGE) --require-approval never -destroy-phoenix: +destroy: cdk destroy $(APP_NAME)-Phoenix -f -c env=$(ENV_STAGE) test-cdk: @@ -41,4 +44,4 @@ lint-yaml: yamllint -c .github/linters/.yaml-lint.yml -f parsable . clean: - rm -rf cdk.out __pycache__ + rm -rf cdk.out lib/__pycache__ diff --git a/Bedrock/cdk/phoenix/app.py b/Bedrock/cdk/phoenix/app.py index faf31f42..2bf7898d 100644 --- a/Bedrock/cdk/phoenix/app.py +++ b/Bedrock/cdk/phoenix/app.py @@ -2,8 +2,8 @@ from os.path import dirname, join, realpath import yaml -from aws_cdk import App, Environment, Tags -from phoenix import AlbFargate +from aws_cdk import App, CliCredentialsStackSynthesizer, Environment, Tags +from lib.phoenix import AlbFargate ENV_DIR = join(dirname(realpath(__file__)), "environment") @@ -25,6 +25,8 @@ def main(): config=config, image=config["Phoenix"]["image"], env=Environment(account=config["Account"], region=config["Region"]), + synthesizer=CliCredentialsStackSynthesizer(), + termination_protection=(ENV_NAME == "prd"), ) # stack.alb_sg.add_ingress_rule( # peer=another_stack.task_security_group, diff --git a/Bedrock/cdk/phoenix/base_infra.py b/Bedrock/cdk/phoenix/lib/base_infra.py similarity index 65% rename from Bedrock/cdk/phoenix/base_infra.py rename to Bedrock/cdk/phoenix/lib/base_infra.py index 21ab80bc..ba7e59cc 100644 --- a/Bedrock/cdk/phoenix/base_infra.py +++ b/Bedrock/cdk/phoenix/lib/base_infra.py @@ -1,8 +1,12 @@ +import os + from aws_cdk import aws_ec2 as ec2 from aws_cdk import aws_route53 as r53 from aws_cdk.aws_ssm import StringParameter from constructs import Construct +CDK_LOCAL_SYNC = os.environ.get("CDK_LOCAL_SYNC", "false").lower() == "true" # with no credentials + AZS = ["ap-southeast-2"] SSM_PARAM_INT_CERT_WILDCARD_ARN = "/account/int-certificate-wildcard-arn" SSM_PARAM_INT_HOSTZONE_NAME = "/account/int-hostedzone-name" @@ -21,11 +25,9 @@ def __init__(self, scope: Construct, app_name: str) -> None: self.app_name = app_name self.base_stack_name = app_name.lower() - self.int_certificate_wildcard_arn = StringParameter.value_from_lookup( - self, SSM_PARAM_INT_CERT_WILDCARD_ARN - ) - self.int_hosted_zone_name = StringParameter.value_from_lookup(self, SSM_PARAM_INT_HOSTZONE_NAME) - self.int_hosted_zone_id = StringParameter.value_from_lookup(self, SSM_PARAM_INT_HOSTZONE_ID) + self.int_certificate_wildcard_arn = self._value_from_lookup(SSM_PARAM_INT_CERT_WILDCARD_ARN) + self.int_hosted_zone_name = self._value_from_lookup(SSM_PARAM_INT_HOSTZONE_NAME) + self.int_hosted_zone_id = self._value_from_lookup(SSM_PARAM_INT_HOSTZONE_ID) self.int_hosted_zone = r53.HostedZone.from_hosted_zone_attributes( self, "InternalHostedZone", @@ -38,13 +40,13 @@ def __init__(self, scope: Construct, app_name: str) -> None: self.int_domain_name = self.int_hosted_zone_name[:-1] self.app_subnet_ids = [ - StringParameter.value_from_lookup(self, SSM_PARAM_VPC01_SUBNET_APP_A_ID), - StringParameter.value_from_lookup(self, SSM_PARAM_VPC01_SUBNET_APP_B_ID), - StringParameter.value_from_lookup(self, SSM_PARAM_VPC01_SUBNET_APP_C_ID), + self._value_from_lookup(SSM_PARAM_VPC01_SUBNET_APP_A_ID), + self._value_from_lookup(SSM_PARAM_VPC01_SUBNET_APP_B_ID), + self._value_from_lookup(SSM_PARAM_VPC01_SUBNET_APP_C_ID), ] self.app_subnets = [ec2.Subnet.from_subnet_id(self, id, id) for id in self.app_subnet_ids] - self.vpc_id = StringParameter.value_from_lookup(self, SSM_PARAM_VPC01_ID) + self.vpc_id = self._value_from_lookup(SSM_PARAM_VPC01_ID) self.app_vpc = ec2.Vpc.from_vpc_attributes( self, "AppVpc", @@ -56,5 +58,10 @@ def __init__(self, scope: Construct, app_name: str) -> None: self.int_users_sg = ec2.SecurityGroup.from_security_group_id( self, "InternalUsersSG", - StringParameter.value_from_lookup(self, SSM_PARAM_VPC01_SG_INT_USERS_ID), + self._value_from_lookup(SSM_PARAM_VPC01_SG_INT_USERS_ID), ) + + def _value_from_lookup(self, param_name: str) -> str: + if CDK_LOCAL_SYNC is True: + return f'mock-{param_name.replace("/", "-")}' + return StringParameter.value_from_lookup(self, param_name) diff --git a/Bedrock/cdk/phoenix/phoenix.py b/Bedrock/cdk/phoenix/lib/phoenix.py similarity index 99% rename from Bedrock/cdk/phoenix/phoenix.py rename to Bedrock/cdk/phoenix/lib/phoenix.py index c63b34c9..392570ad 100644 --- a/Bedrock/cdk/phoenix/phoenix.py +++ b/Bedrock/cdk/phoenix/lib/phoenix.py @@ -11,8 +11,8 @@ from aws_cdk import aws_iam as iam from aws_cdk import aws_route53 as r53 from aws_cdk import aws_route53_targets as r53_targets -from base_infra import BaseInfra from constructs import Construct +from lib.base_infra import BaseInfra class AlbFargate(Stack): diff --git a/CHANGELOG.md b/CHANGELOG.md index 82d22ee6..d7583681 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,16 +2,15 @@ All notable changes to this project will be documented in this file. - ## 2024-09-23 ### Added - * Added [Bedrock/cdk/phoenix/](Bedrock/cdk/phoenix/) - cdk for deploying Arize Phoenix. + * Added [Bedrock/cdk/phoenix/](Bedrock/cdk/phoenix/) cdk and workflow for deploying Arize Phoenix. ## 2024-09-20 ### Added - * Added [Bedrock/cdk/guardrail/](Bedrock/cdk/guardrail/) - cdk for deploying Bedrock Guardrail. + * Added [Bedrock/cdk/guardrail/](Bedrock/cdk/guardrail/) cdk and workflow for deploying Bedrock Guardrail. ## 2024-05-23