From 51a72115bcadc2c2ca0233b60454ada7a2a726bc Mon Sep 17 00:00:00 2001 From: David Surey Date: Fri, 27 May 2022 16:41:49 +0200 Subject: [PATCH 1/5] bump to Version 4.0.0 due potentially breaking changes when randomizing the Database Name for Greenlight. Solving #112, #113 --- CHANGELOG.MD | 12 ++ README.md | 3 +- bbb-on-aws-param.json | 1 - bbb-on-aws-root.template.yaml | 36 +---- templates/bbb-on-aws-amifinder.template.yaml | 7 - .../bbb-on-aws-bbbappscalable.template.yaml | 9 -- .../bbb-on-aws-bbbappsingle.template.yaml | 13 -- templates/bbb-on-aws-bbbturn.template.yaml | 13 -- templates/bbb-on-aws-cachedb.template.yaml | 10 +- templates/bbb-on-aws-database.template.yaml | 139 +----------------- templates/bbb-on-aws-ecs.template.yaml | 9 -- .../bbb-on-aws-frontendapps.template.yaml | 48 +++--- templates/bbb-on-aws-network.template.yaml | 10 +- .../bbb-on-aws-securitygroups.template.yaml | 7 - templates/bbb-on-aws-ses.template.yaml | 9 +- templates/bbb-on-aws-storage.template.yaml | 7 - 16 files changed, 45 insertions(+), 288 deletions(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 2dbe94d..1900931 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -1,6 +1,18 @@ # Change Log + All notable changes to this project will be documented in this file. + +## [4.0.0] - 2021-11-11 + +### Fixed +- #112: switch parameters and variables to dynamic variables which should enable multi deployments at the same AWS Account. +- #113: Admin Password should now meet needed complexity + +### Changed +- Removed unused Parameters +- Randomized Database Naming utilizing the StackID of the database nested stack +- upgraded cfn-ses-provider to v0.8.2 ## [3.0.4] - 2021-11-11 ### Fixed diff --git a/README.md b/README.md index 4845130..de3d101 100644 --- a/README.md +++ b/README.md @@ -107,8 +107,7 @@ The deployment parameters are placed into the bbb-on-aws-param.json or to be set | BBBApplicationDesiredInstances| 1| The desired amount of Big Blue Button Application servers | As EC2 Autoscaling is currently not aware of ongoing video conferences, i recommend set min=max=desired and not use dynamic here (planned scale out/in) | | BBBTurnMaxInstances| 1| The maximum amount of Turn Servers to be deployed | at the current state leave it to 1. Multiple Turn servers will need additional configuration on the turnserver | BBBTurnMinInstances| 1| The minimum amount of Turn Servers to be deployed | at the current state leave it to 1. Multiple Turn servers will need additional configuration on the turnserver -| BBBTurnDesiredInstances| 1| The desired amount of Turn Servers to be deployed | at the current state leave it to 1. Multiple Turn servers will need additional configuration on the turnserver -| BBBDBName| frontendapp| Set a Database Name for Greenlight / Scalelite | +| BBBTurnDesiredInstances| 1| The desired amount of Turn Servers to be deployed | at the current state leave it to 1. Multiple Turn servers will need additional configuration on the turnserver | BBBDBEngineVersion| 10.7| Set the Postgres version to be used at the Amazon Aurora setup | please refer to the Amazon Aurora [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) for supported versions | BBBEnvironmentStage| dev | can be set to "dev","stage" or "prod" | currently stage or prod does change the Amazon Aurora Setup to a Multi-AZ Setup and adds a 2nd Nat-Gateway to the deployment. | BBBServerlessAuroraMinCapacity | The minimum capacity for the Amazon Aurora Serverless Cluster. | Value has to be >= 2 diff --git a/bbb-on-aws-param.json b/bbb-on-aws-param.json index 3cad614..a3dcf4b 100755 --- a/bbb-on-aws-param.json +++ b/bbb-on-aws-param.json @@ -26,7 +26,6 @@ "BBBTurnMaxInstances": 1, "BBBTurnMinInstances": 1, "BBBTurnDesiredInstances": 1, - "BBBDBName": "frontendapp", "BBBDBEngineVersion": "10.14", "BBBEnvironmentStage": "dev", "BBBEnvironmentName": "bbbonaws", diff --git a/bbb-on-aws-root.template.yaml b/bbb-on-aws-root.template.yaml index 68e1732..d622c79 100644 --- a/bbb-on-aws-root.template.yaml +++ b/bbb-on-aws-root.template.yaml @@ -93,13 +93,6 @@ Parameters: AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)" ConstraintDescription: must be a valid email address. Default: johndoe@example.com - BBBDBName: - Description: Database Name - Type: String - MinLength: '1' - MaxLength: '64' - AllowedPattern: "^[a-zA-Z]+[0-9a-zA-Z_]*$" - Default: frontendapp BBBDBEngineVersion: Description: Database engine version for Aurora PostgreSQL Type: String @@ -571,9 +564,6 @@ Resources: - - "https://s3.amazonaws.com/" - Fn::ImportValue: !Sub "${BBBStackBucketStack}-BBBStackBucket" - "/bbb-on-aws-amifinder.template.yaml" - Parameters: - BBBEnvironmentStage: - Ref: BBBEnvironmentStage Tags: - Key: Name Value: @@ -594,8 +584,6 @@ Resources: - "/bbb-on-aws-ses.template.yaml" Parameters: BBBHostedZone: !Ref BBBHostedZone - BBBEnvironmentStage: - Ref: BBBEnvironmentStage Tags: - Key: Name Value: @@ -632,8 +620,6 @@ Resources: Fn::Join: - "," - Ref: BBBPublicApplicationSubnets - BBBEnvironmentName: - Ref: BBBEnvironmentName BBBEnvironmentStage: Ref: BBBEnvironmentStage BBBEnvironmentType: @@ -664,8 +650,6 @@ Resources: - BBBNetworkStack - Outputs.BBBVPCs - Ref: BBBVPCs - BBBEnvironmentStage: - Ref: BBBEnvironmentStage BBBEnvironmentType: Ref: BBBEnvironmentType BBBECSInstanceType: @@ -705,8 +689,6 @@ Resources: Fn::GetAtt: - BBBSecurityGroupStack - Outputs.BBBSharedStorageSecurityGroup - BBBEnvironmentStage: - Ref: BBBEnvironmentStage Tags: - Key: Name Value: @@ -735,8 +717,6 @@ Resources: Ref: BBBServerlessAuroraMinCapacity BBBServerlessAuroraMaxCapacity: Ref: BBBServerlessAuroraMaxCapacity - BBBDBName: - Ref: BBBDBName BBBPrivateDBSubnets: Fn::If: - BBBNewVPC @@ -791,8 +771,6 @@ Resources: Fn::GetAtt: - BBBSecurityGroupStack - Outputs.BBBCACHEDBSecurityGroup - BBBEnvironmentStage: - Ref: BBBEnvironmentStage Tags: - Key: Name Value: @@ -824,8 +802,6 @@ Resources: - Fn::Join: - "," - Ref: BBBPrivateApplicationSubnets - BBBEnvironmentStage: - Ref: BBBEnvironmentStage BBBECSInstanceType: Ref: BBBECSInstanceType BBBECSTaskSecurityGroup: @@ -892,8 +868,6 @@ Resources: Fn::GetAtt: - "BBBAMIFinderStack" - Outputs.BBBTurnAMIParameter - BBBEnvironmentStage: - Ref: BBBEnvironmentStage BBBEnvironmentType: Ref: BBBEnvironmentType BBBTurnInstanceType: @@ -986,8 +960,6 @@ Resources: Fn::GetAtt: - "BBBAMIFinderStack" - Outputs.BBBApplicationAMIParameter - BBBEnvironmentStage: - Ref: BBBEnvironmentStage BBBApplicationInstanceType: Ref: BBBApplicationInstanceType BBBApplicationDataVolumeSize: @@ -1087,8 +1059,6 @@ Resources: Fn::GetAtt: - "BBBAMIFinderStack" - Outputs.BBBApplicationAMIParameter - BBBEnvironmentStage: - Ref: BBBEnvironmentStage BBBApplicationInstanceType: Ref: BBBApplicationInstanceType BBBApplicationDataVolumeSize: @@ -1133,7 +1103,9 @@ Resources: - Outputs.BBBVPCs - Ref: BBBVPCs BBBDBName: - Ref: BBBDBName + Fn::GetAtt: + - BBBDatabaseStack + - Outputs.BBBDBName BBBRDSDBSecret: Fn::GetAtt: - BBBDatabaseStack @@ -1142,8 +1114,6 @@ Resources: Fn::GetAtt: - BBBDatabaseStack - Outputs.BBBRDSDBConnectionSecret - BBBEnvironmentStage: - Ref: BBBEnvironmentStage BBBSESValidated: Ref: BBBSESValidated BBBECSCluster: diff --git a/templates/bbb-on-aws-amifinder.template.yaml b/templates/bbb-on-aws-amifinder.template.yaml index 57cb8e7..725ba0e 100644 --- a/templates/bbb-on-aws-amifinder.template.yaml +++ b/templates/bbb-on-aws-amifinder.template.yaml @@ -23,13 +23,6 @@ Parameters: AllowedValues: - xenial-16.04 - bionic-18.04 - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev Resources: BBBGetLatestAMILambdaRole: diff --git a/templates/bbb-on-aws-bbbappscalable.template.yaml b/templates/bbb-on-aws-bbbappscalable.template.yaml index 7fce6a3..33f4534 100644 --- a/templates/bbb-on-aws-bbbappscalable.template.yaml +++ b/templates/bbb-on-aws-bbbappscalable.template.yaml @@ -112,14 +112,6 @@ Parameters: Type: Number Description: Desired number of appserver instances Default: 1 - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - Default: stage - AllowedValues: - - stage - - prod - - dev BBBTurnSecret: Description: Secret string for the Turn server Type: String @@ -201,7 +193,6 @@ Resources: BBBApplicationEC2Role: Type: AWS::IAM::Role Properties: - RoleName: BBBApplicationEC2Role AssumeRolePolicyDocument: Statement: - Effect: Allow diff --git a/templates/bbb-on-aws-bbbappsingle.template.yaml b/templates/bbb-on-aws-bbbappsingle.template.yaml index 0d9e4f5..9252838 100644 --- a/templates/bbb-on-aws-bbbappsingle.template.yaml +++ b/templates/bbb-on-aws-bbbappsingle.template.yaml @@ -106,18 +106,6 @@ Parameters: Type: Number Description: Desired number of appserver instances Default: 1 - BBBEnvironmentName: - Description: An environment name that is prefixed to resource names - Type: String - Default: bbbonaws - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - Default: stage - AllowedValues: - - stage - - prod - - dev BBBTurnSecret: Description: Secret string for the Turn server Type: String @@ -184,7 +172,6 @@ Resources: BBBApplicationEC2Role: Type: AWS::IAM::Role Properties: - RoleName: BBBApplicationEC2Role AssumeRolePolicyDocument: Statement: - Effect: Allow diff --git a/templates/bbb-on-aws-bbbturn.template.yaml b/templates/bbb-on-aws-bbbturn.template.yaml index 562faf2..1e6f4d9 100644 --- a/templates/bbb-on-aws-bbbturn.template.yaml +++ b/templates/bbb-on-aws-bbbturn.template.yaml @@ -98,19 +98,6 @@ Parameters: Type: Number Description: Desired number of turn server instance Default: 1 - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev - BBBEnvironmentType: - Description: 'Defines the environment type. Allowed values: scalable, single' - Type: String - AllowedValues: - - scalable - - single BBBTurnSecurityGroup: Description: Security Group that should be assigned for the turn server Type: String diff --git a/templates/bbb-on-aws-cachedb.template.yaml b/templates/bbb-on-aws-cachedb.template.yaml index 85892ba..c78605f 100644 --- a/templates/bbb-on-aws-cachedb.template.yaml +++ b/templates/bbb-on-aws-cachedb.template.yaml @@ -44,20 +44,12 @@ Parameters: AllowedValues: - single-az - cross-az - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev Resources: - BBBCacheSubnetGroup: Type: AWS::ElastiCache::SubnetGroup Properties: - Description: !Sub CacheSubnetGroup-${BBBEnvironmentStage} + Description: !Sub CacheSubnetGroup-${AWS::StackID} SubnetIds: !Ref BBBPrivateDBSubnets BBBParametersGroup: diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index 621adff..593fccf 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -12,10 +12,6 @@ Parameters: BBBNotificationTopic: Description: Topic to be used for alarm notifications Type: String - BBBDBName: - Description: Database Name - Type: String - Default: frontendapp BBBDBPort: Description: TCP/IP Port for the Database Instance Type: Number @@ -119,7 +115,7 @@ Resources: Properties: MasterUsername: !Join [ '', [ '{{resolve:secretsmanager:', !Ref BBBRDSDBSecret, ':SecretString:username}}' ] ] MasterUserPassword: !Join [ '', [ '{{resolve:secretsmanager:', !Ref BBBRDSDBSecret, ':SecretString:password}}' ] ] - DatabaseName: !Join [ '_', [ !Ref BBBDBName, !Ref BBBEnvironmentStage ] ] + DatabaseName: !Join [ '_', [ 'APPDB', !Ref AWS::StackId ] ] Port: Ref: BBBDBPort Engine: aurora-postgresql @@ -219,136 +215,6 @@ Resources: Parameters: timezone: Europe/Berlin - BBBDBACPUUtilizationTooHighAlarm: - Type: 'AWS::CloudWatch::Alarm' - Condition: BBBProvisionedAurora - Properties: - AlarmActions: - - Ref: BBBNotificationTopic - AlarmDescription: 'Average database CPU utilization over last 10 minutes too high.' - ComparisonOperator: GreaterThanThreshold - Dimensions: - - Name: DBInstanceIdentifier - Value: - Ref: BBBRDSDBInstance1 - EvaluationPeriods: 1 - MetricName: CPUUtilization - Namespace: 'AWS/RDS' - OKActions: - - Ref: BBBNotificationTopic - Period: 600 - Statistic: Average - Threshold: 80 - - BBBDBBCPUUtilizationTooHighAlarm: - Type: 'AWS::CloudWatch::Alarm' - Condition: BBBProvisiondedProdAurora - Properties: - AlarmActions: - - Ref: BBBNotificationTopic - AlarmDescription: 'Average database CPU utilization over last 10 minutes too high.' - ComparisonOperator: GreaterThanThreshold - Dimensions: - - Name: DBInstanceIdentifier - Value: - Ref: BBBRDSDBInstance2 - EvaluationPeriods: 1 - MetricName: CPUUtilization - Namespace: 'AWS/RDS' - OKActions: - - Ref: BBBNotificationTopic - Period: 600 - Statistic: Average - Threshold: 80 - - - BBBDBACPUCreditBalanceTooLowAlarm: - Type: 'AWS::CloudWatch::Alarm' - Condition: BBBProvisionedAurora - Properties: - AlarmActions: - - Ref: BBBNotificationTopic - AlarmDescription: 'Average database CPU credit balance over last 10 minutes too low, expect a significant performance drop soon.' - ComparisonOperator: LessThanThreshold - Dimensions: - - Name: DBInstanceIdentifier - Value: - Ref: BBBRDSDBInstance1 - EvaluationPeriods: 1 - MetricName: CPUCreditBalance - Namespace: 'AWS/RDS' - OKActions: - - Ref: BBBNotificationTopic - Period: 600 - Statistic: Average - Threshold: 20 - - BBBDBBCPUCreditBalanceTooLowAlarm: - Type: 'AWS::CloudWatch::Alarm' - Condition: BBBProvisiondedProdAurora - Properties: - AlarmActions: - - Ref: BBBNotificationTopic - AlarmDescription: 'Average database CPU credit balance over last 10 minutes too low, expect a significant performance drop soon.' - ComparisonOperator: LessThanThreshold - Dimensions: - - Name: DBInstanceIdentifier - Value: - Ref: BBBRDSDBInstance2 - EvaluationPeriods: 1 - MetricName: CPUCreditBalance - Namespace: 'AWS/RDS' - OKActions: - - Ref: BBBNotificationTopic - Period: 600 - Statistic: Average - Threshold: 20 - - - BBBDBAFreeableMemoryTooLowAlarm: - Type: 'AWS::CloudWatch::Alarm' - Condition: BBBProvisionedAurora - Properties: - AlarmActions: - - Ref: BBBNotificationTopic - AlarmDescription: 'Average database freeable memory over last 10 minutes too low, performance may suffer.' - ComparisonOperator: LessThanThreshold - Dimensions: - - Name: DBInstanceIdentifier - Value: - Ref: BBBRDSDBInstance1 - EvaluationPeriods: 1 - MetricName: FreeableMemory - Namespace: 'AWS/RDS' - OKActions: - - Ref: BBBNotificationTopic - Period: 600 - Statistic: Average - Threshold: 64000000 # 64 Megabyte in Byte - - - BBBDBBFreeableMemoryTooLowAlarm: - Type: 'AWS::CloudWatch::Alarm' - Condition: BBBProvisiondedProdAurora - Properties: - AlarmActions: - - Ref: BBBNotificationTopic - AlarmDescription: 'Average database freeable memory over last 10 minutes too low, performance may suffer.' - ComparisonOperator: LessThanThreshold - Dimensions: - - Name: DBInstanceIdentifier - Value: - Ref: BBBRDSDBInstance2 - EvaluationPeriods: 1 - MetricName: FreeableMemory - Namespace: 'AWS/RDS' - OKActions: - - Ref: BBBNotificationTopic - Period: 600 - Statistic: Average - Threshold: 64000000 # 64 Megabyte in Byte - - DBClusterEventSubscription: Type: 'AWS::RDS::EventSubscription' Properties: @@ -363,6 +229,9 @@ Resources: SourceType: 'db-cluster' Outputs: + BBBDBName: + Value: + !Join [ '_', [ 'APPDB', !Ref AWS::StackId ] ] BBBDB: Description: The Big Blue Button Database Created Value: diff --git a/templates/bbb-on-aws-ecs.template.yaml b/templates/bbb-on-aws-ecs.template.yaml index 46e68a3..9c34cf8 100644 --- a/templates/bbb-on-aws-ecs.template.yaml +++ b/templates/bbb-on-aws-ecs.template.yaml @@ -89,13 +89,6 @@ Parameters: BBBPrivateApplicationSubnets: Description: Comma separated list of the private EC2 instance subnets Type: CommaDelimitedList - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev BBBECSTaskSecurityGroup: Description: Security Group that should be assigned for the EC2 Instances Type: String @@ -105,8 +98,6 @@ Parameters: Default: '/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id' Conditions: - BBBProdEnvironment: !Equals [!Ref BBBEnvironmentStage, prod] - BBBNonProdEnvironment: !Not [ Condition: BBBProdEnvironment] BBBECSFargate: !Equals [!Ref BBBECSInstanceType, fargate] BBBECSEC2: !Not [!Equals [!Ref BBBECSInstanceType, fargate]] diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index 3d48c63..6ee2250 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -33,13 +33,6 @@ Parameters: BBBVPCs: Description: Reference for the VPC Type: String - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev BBBDBName: Description: Database Name Type: String @@ -302,17 +295,17 @@ Resources: BBBAdministratorlogin: Type: AWS::SecretsManager::Secret Properties: - Description: 'This is the BBB base secret' + Description: 'This is the BBB Admin Login' GenerateSecretString: SecretStringTemplate: !Sub "{\"username\":\"${BBBOperatorEMail}\"}" GenerateStringKey: 'password' PasswordLength: 16 - ExcludePunctuation: true + ExcludePunctuation: false + ExcludeCharacters: " ' \ \" " BBBScaleliteExecutionRole: Type: AWS::IAM::Role Properties: - RoleName: BBBScaleliteExecutionRole AssumeRolePolicyDocument: Statement: - Effect: Allow @@ -348,7 +341,6 @@ Resources: BBBGreenlightTaskExecutionRole: Type: AWS::IAM::Role Properties: - RoleName: BBBGreenlightExecutionRole AssumeRolePolicyDocument: Statement: - Effect: Allow @@ -649,7 +641,7 @@ Resources: - Name: DB_ADAPTER Value: postgresql - Name: DB_NAME - Value: !Join [ '_', [ !Ref BBBDBName, !Ref BBBEnvironmentStage ] ] + Value: !Join [ '_', [ !Ref BBBDBName, !Ref AWS:Region ] ] - Name: BIGBLUEBUTTON_ENDPOINT Value: !Join [ "", [ "https://", !Sub "scalelite.${BBBDomainName}", "/bigbluebutton/api" ] ] - Name: ALLOW_GREENLIGHT_ACCOUNTS @@ -747,28 +739,28 @@ Resources: - - FARGATE - !Ref "AWS::NoValue" Volumes: - - Name: !Join [ "", [ scalelite-recordings-volume-spool, !Ref BBBEnvironmentStage ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPspool IAM: ENABLED - - Name: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPpublished IAM: ENABLED - - Name: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPunpublished IAM: ENABLED - - Name: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED @@ -785,13 +777,13 @@ Resources: - !Ref BBBScaleliteImporterImage MountPoints: - ContainerPath: /var/bigbluebutton/spool - SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/published - SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/unpublished - SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite - SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] LogConfiguration: LogDriver: awslogs Options: @@ -882,13 +874,13 @@ Resources: - !Ref "AWS::NoValue" MountPoints: - ContainerPath: /var/bigbluebutton/spool - SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/published - SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/unpublished - SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite - SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] LogConfiguration: LogDriver: awslogs Options: @@ -929,13 +921,13 @@ Resources: - !Ref BBBScaleliteApiImage MountPoints: - ContainerPath: /var/bigbluebutton/spool - SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/published - SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/unpublished - SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite - SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref BBBEnvironmentStage ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] LogConfiguration: LogDriver: awslogs Options: diff --git a/templates/bbb-on-aws-network.template.yaml b/templates/bbb-on-aws-network.template.yaml index 714ca41..4f1cc5f 100644 --- a/templates/bbb-on-aws-network.template.yaml +++ b/templates/bbb-on-aws-network.template.yaml @@ -35,10 +35,6 @@ Parameters: - scalable - single Type: String - BBBEnvironmentName: - Description: An environment name that is prefixed to resource names - Type: String - Default: bbbonaws BBBEnvironmentStage: Type: String Description: Select the appropriate environment @@ -137,7 +133,7 @@ Resources: MapPublicIpOnLaunch: false Tags: - Key: Name - Value: !Sub ${BBBEnvironmentName} Private Subnet (AZ1) + Value: !Sub ${AWS:Region} Private Subnet (AZ1) BBBPrivateApplicationSubnet2: Type: AWS::EC2::Subnet @@ -152,7 +148,7 @@ Resources: MapPublicIpOnLaunch: false Tags: - Key: Name - Value: !Sub ${BBBEnvironmentName} Private Subnet (AZ2) + Value: !Sub ${AWS:Region} Private Subnet (AZ2) BBBPrivateApplicationSubnet3: Type: AWS::EC2::Subnet @@ -270,7 +266,7 @@ Resources: VpcId: !Ref BBBVPC Tags: - Key: Name - Value: !Sub ${BBBEnvironmentName} Private Routes (AZ1) + Value: !Sub ${AWS:Region} Private Routes (AZ1) BBBDefaultPrivateRoute1: Type: AWS::EC2::Route diff --git a/templates/bbb-on-aws-securitygroups.template.yaml b/templates/bbb-on-aws-securitygroups.template.yaml index 35c0a2b..7f3af7f 100644 --- a/templates/bbb-on-aws-securitygroups.template.yaml +++ b/templates/bbb-on-aws-securitygroups.template.yaml @@ -18,13 +18,6 @@ Parameters: - scalable - single Type: String - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev BBBECSInstanceType: Description: Set the ECS Cluster Type to either EC2 based or Fargate based deployments Type: String diff --git a/templates/bbb-on-aws-ses.template.yaml b/templates/bbb-on-aws-ses.template.yaml index ac77531..308e1a1 100644 --- a/templates/bbb-on-aws-ses.template.yaml +++ b/templates/bbb-on-aws-ses.template.yaml @@ -12,13 +12,6 @@ Parameters: BBBHostedZone: Description: Hosted zone in which the DNS entries for SES should be created Type: String - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev Resources: BBBSESProviderLambdaRole: @@ -82,7 +75,7 @@ Resources: Code: Code: S3Bucket: !Sub "binxio-public-${AWS::Region}" - S3Key: lambdas/cfn-ses-provider-0.7.1.zip + S3Key: lambdas/cfn-ses-provider-0.8.2.zip Handler: ses.handler MemorySize: 128 Role: !GetAtt 'BBBSESProviderLambdaRole.Arn' diff --git a/templates/bbb-on-aws-storage.template.yaml b/templates/bbb-on-aws-storage.template.yaml index cba0f50..0f5a87b 100644 --- a/templates/bbb-on-aws-storage.template.yaml +++ b/templates/bbb-on-aws-storage.template.yaml @@ -23,13 +23,6 @@ Parameters: - 2 - 3 Default: 3 - BBBEnvironmentStage: - Type: String - Description: Select the appropriate environment - AllowedValues: - - stage - - prod - - dev Conditions: BBBBuild2AZs: !Not [ !Equals [ !Ref BBBNumberOfAZs, 1 ]] From 891e16832c78f7191339205544e499a72d5c0ca2 Mon Sep 17 00:00:00 2001 From: David Surey Date: Sat, 28 May 2022 09:44:07 +0200 Subject: [PATCH 2/5] some more fixes, version changes and code-cleanup --- CHANGELOG.MD | 4 ++- bbb-on-aws-root.template.yaml | 4 +-- templates/bbb-on-aws-cachedb.template.yaml | 2 +- templates/bbb-on-aws-database.template.yaml | 13 +++++-- .../bbb-on-aws-frontendapps.template.yaml | 34 +++++++++---------- templates/bbb-on-aws-network.template.yaml | 6 ++-- 6 files changed, 36 insertions(+), 27 deletions(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 1900931..9909f5c 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -11,8 +11,10 @@ All notable changes to this project will be documented in this file. ### Changed - Removed unused Parameters -- Randomized Database Naming utilizing the StackID of the database nested stack +- Randomized Database Naming - upgraded cfn-ses-provider to v0.8.2 +- remove of any CW alarms as this should be customized per environment +- pushed BBB Version to 2.4 ## [3.0.4] - 2021-11-11 ### Fixed diff --git a/bbb-on-aws-root.template.yaml b/bbb-on-aws-root.template.yaml index d622c79..941e3ba 100644 --- a/bbb-on-aws-root.template.yaml +++ b/bbb-on-aws-root.template.yaml @@ -5,7 +5,7 @@ Description: > Disclaimber: Not for Production Use. Demo and Testing purposes only. - Last Modified: 2nd April 2020 + Last Modified: 27th May 2022 Authors: David Surey , Bastian Klein Parameters: @@ -868,8 +868,6 @@ Resources: Fn::GetAtt: - "BBBAMIFinderStack" - Outputs.BBBTurnAMIParameter - BBBEnvironmentType: - Ref: BBBEnvironmentType BBBTurnInstanceType: Ref: BBBTurnInstanceType BBBTurnMaxInstances: diff --git a/templates/bbb-on-aws-cachedb.template.yaml b/templates/bbb-on-aws-cachedb.template.yaml index c78605f..129273c 100644 --- a/templates/bbb-on-aws-cachedb.template.yaml +++ b/templates/bbb-on-aws-cachedb.template.yaml @@ -49,7 +49,7 @@ Resources: BBBCacheSubnetGroup: Type: AWS::ElastiCache::SubnetGroup Properties: - Description: !Sub CacheSubnetGroup-${AWS::StackID} + Description: !Sub CacheSubnetGroup-${AWS::StackName} SubnetIds: !Ref BBBPrivateDBSubnets BBBParametersGroup: diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index 593fccf..375e80c 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -110,12 +110,21 @@ Resources: BBBDBUser: !Join [ '', [ '{{resolve:secretsmanager:', !Ref BBBRDSDBSecret, ':SecretString:username}}' ] ] BBBDBPassword: !Join [ '', [ '{{resolve:secretsmanager:', !Ref BBBRDSDBSecret, ':SecretString:password}}' ] ] + BBBDatabaseName: + Type: AWS::SecretsManager::Secret + Properties: + Description: 'This is the BBB DBName as secret' + GenerateSecretString: + GenerateStringKey: 'DBBame' + PasswordLength: 24 + ExcludePunctuation: true + BBBRDSCluster: Type: AWS::RDS::DBCluster Properties: MasterUsername: !Join [ '', [ '{{resolve:secretsmanager:', !Ref BBBRDSDBSecret, ':SecretString:username}}' ] ] MasterUserPassword: !Join [ '', [ '{{resolve:secretsmanager:', !Ref BBBRDSDBSecret, ':SecretString:password}}' ] ] - DatabaseName: !Join [ '_', [ 'APPDB', !Ref AWS::StackId ] ] + DatabaseName: !Join [ '', [ '{{resolve:secretsmanager:', !Ref BBBDatabaseName, ':SecretString:DBName}}' ] ] Port: Ref: BBBDBPort Engine: aurora-postgresql @@ -231,7 +240,7 @@ Resources: Outputs: BBBDBName: Value: - !Join [ '_', [ 'APPDB', !Ref AWS::StackId ] ] + !Join [ '_', [ 'APPDB', !Ref AWS::StackName ] ] BBBDB: Description: The Big Blue Button Database Created Value: diff --git a/templates/bbb-on-aws-frontendapps.template.yaml b/templates/bbb-on-aws-frontendapps.template.yaml index 6ee2250..f963d6b 100644 --- a/templates/bbb-on-aws-frontendapps.template.yaml +++ b/templates/bbb-on-aws-frontendapps.template.yaml @@ -641,7 +641,7 @@ Resources: - Name: DB_ADAPTER Value: postgresql - Name: DB_NAME - Value: !Join [ '_', [ !Ref BBBDBName, !Ref AWS:Region ] ] + Value: !Ref BBBDBName - Name: BIGBLUEBUTTON_ENDPOINT Value: !Join [ "", [ "https://", !Sub "scalelite.${BBBDomainName}", "/bigbluebutton/api" ] ] - Name: ALLOW_GREENLIGHT_ACCOUNTS @@ -739,28 +739,28 @@ Resources: - - FARGATE - !Ref "AWS::NoValue" Volumes: - - Name: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPspool IAM: ENABLED - - Name: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPpublished IAM: ENABLED - - Name: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED AuthorizationConfig: AccessPointId: !Ref BBBSharedStorageAPunpublished IAM: ENABLED - - Name: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] + - Name: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] EFSVolumeConfiguration: FilesystemId: !Ref BBBSharedStorageFS TransitEncryption: ENABLED @@ -777,13 +777,13 @@ Resources: - !Ref BBBScaleliteImporterImage MountPoints: - ContainerPath: /var/bigbluebutton/spool - SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/published - SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/unpublished - SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite - SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] LogConfiguration: LogDriver: awslogs Options: @@ -874,13 +874,13 @@ Resources: - !Ref "AWS::NoValue" MountPoints: - ContainerPath: /var/bigbluebutton/spool - SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/published - SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/unpublished - SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite - SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] LogConfiguration: LogDriver: awslogs Options: @@ -921,13 +921,13 @@ Resources: - !Ref BBBScaleliteApiImage MountPoints: - ContainerPath: /var/bigbluebutton/spool - SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-spool, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/published - SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-published, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/unpublished - SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-unpublished, !Ref AWS::StackName ] ] - ContainerPath: /var/bigbluebutton/recording/scalelite - SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS:Region ] ] + SourceVolume: !Join [ "", [ scalelite-recordings-volume-recordings, !Ref AWS::StackName ] ] LogConfiguration: LogDriver: awslogs Options: diff --git a/templates/bbb-on-aws-network.template.yaml b/templates/bbb-on-aws-network.template.yaml index 4f1cc5f..bfdc2db 100644 --- a/templates/bbb-on-aws-network.template.yaml +++ b/templates/bbb-on-aws-network.template.yaml @@ -133,7 +133,7 @@ Resources: MapPublicIpOnLaunch: false Tags: - Key: Name - Value: !Sub ${AWS:Region} Private Subnet (AZ1) + Value: !Sub ${AWS::Region} Private Subnet (AZ1) BBBPrivateApplicationSubnet2: Type: AWS::EC2::Subnet @@ -148,7 +148,7 @@ Resources: MapPublicIpOnLaunch: false Tags: - Key: Name - Value: !Sub ${AWS:Region} Private Subnet (AZ2) + Value: !Sub ${AWS::Region} Private Subnet (AZ2) BBBPrivateApplicationSubnet3: Type: AWS::EC2::Subnet @@ -266,7 +266,7 @@ Resources: VpcId: !Ref BBBVPC Tags: - Key: Name - Value: !Sub ${AWS:Region} Private Routes (AZ1) + Value: !Sub ${AWS::Region} Private Routes (AZ1) BBBDefaultPrivateRoute1: Type: AWS::EC2::Route From e6471d61a0bc03e5aea746dbb12724b6c1d2889a Mon Sep 17 00:00:00 2001 From: David Surey Date: Sat, 28 May 2022 11:45:27 +0200 Subject: [PATCH 3/5] DBName fully random, no relation to stack due syntax --- scripts/route53-handler.service | 2 +- scripts/scalelite-handler.service | 2 +- templates/bbb-on-aws-database.template.yaml | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/route53-handler.service b/scripts/route53-handler.service index f154b1f..48ffd15 100644 --- a/scripts/route53-handler.service +++ b/scripts/route53-handler.service @@ -10,4 +10,4 @@ ExecStart=/usr/local/bin/route53-handler.sh -h INSTANCE_PLACEHOLDER -m create -z ExecStop=/usr/local/bin/route53-handler.sh -h INSTANCE_PLACEHOLDER -m delete -z ZONE_PLACEHOLDER [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=network.target network-online.target \ No newline at end of file diff --git a/scripts/scalelite-handler.service b/scripts/scalelite-handler.service index 08ed6af..e3cd71f 100644 --- a/scripts/scalelite-handler.service +++ b/scripts/scalelite-handler.service @@ -10,4 +10,4 @@ ExecStart=/usr/local/bin/scalelite-handler.sh -p 'SECRET_PLACEHOLDER' -s 'SERVER ExecStop=/usr/local/bin/scalelite-handler.sh -p 'SECRET_PLACEHOLDER' -s 'SERVER_PLACEHOLDER' -m delete -r AWSREGION_PLACEHOLDER -c ECSCLUSTER_PLACEHOLDER -n ECSMODE_PLACEHOLDER -u TASKSUBNETS_PLACEHOLDER -g TASKSGS_PLACEHOLDER [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target network.target network-online.target \ No newline at end of file diff --git a/templates/bbb-on-aws-database.template.yaml b/templates/bbb-on-aws-database.template.yaml index 375e80c..67f247e 100755 --- a/templates/bbb-on-aws-database.template.yaml +++ b/templates/bbb-on-aws-database.template.yaml @@ -113,10 +113,11 @@ Resources: BBBDatabaseName: Type: AWS::SecretsManager::Secret Properties: - Description: 'This is the BBB DBName as secret' + Description: 'This is the BBB DBName as secret' GenerateSecretString: - GenerateStringKey: 'DBBame' - PasswordLength: 24 + SecretStringTemplate: '{"database": "BBBDB"}' + GenerateStringKey: 'DBName' + PasswordLength: 16 ExcludePunctuation: true BBBRDSCluster: From a2612c7b31990fca272381b01d53a7296e2afcf5 Mon Sep 17 00:00:00 2001 From: David Surey Date: Sat, 28 May 2022 12:39:28 +0200 Subject: [PATCH 4/5] changelog fixes --- CHANGELOG.MD | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 9909f5c..3e778a4 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -7,14 +7,19 @@ All notable changes to this project will be documented in this file. ### Fixed - #112: switch parameters and variables to dynamic variables which should enable multi deployments at the same AWS Account. -- #113: Admin Password should now meet needed complexity ### Changed - Removed unused Parameters - Randomized Database Naming - upgraded cfn-ses-provider to v0.8.2 - remove of any CW alarms as this should be customized per environment -- pushed BBB Version to 2.4 + +## [3.0.6] - 2022-05-28 + +### Fixed +- #113: Admin Password adds punktuation so greenlight bootstrapping does work again +- BBB Version pushed to 2.4 (2.3 seems broken atm) + ## [3.0.4] - 2021-11-11 ### Fixed From 5fa1c8571038f4fc1b9817509f0052fe7e0c19a4 Mon Sep 17 00:00:00 2001 From: David Surey Date: Sat, 28 May 2022 12:40:14 +0200 Subject: [PATCH 5/5] changelog --- CHANGELOG.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.MD b/CHANGELOG.MD index 3e778a4..6544b3b 100644 --- a/CHANGELOG.MD +++ b/CHANGELOG.MD @@ -14,7 +14,7 @@ All notable changes to this project will be documented in this file. - upgraded cfn-ses-provider to v0.8.2 - remove of any CW alarms as this should be customized per environment -## [3.0.6] - 2022-05-28 +## [3.0.7] - 2022-05-28 ### Fixed - #113: Admin Password adds punktuation so greenlight bootstrapping does work again