Merge pull request #8 from eiathom/TailAware-adds-stack-create-script

[TailAware] Adds stack create script
eiathom · Feb 3, 2024 · ebb96fc · ebb96fc
2 parents 4751860 + c5e62b7
commit ebb96fc
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -55,14 +55,7 @@ aws configure
 cfn-lint --template stack/cloudformation/main.yaml --region eu-west-1
 
 # create the bucket for the stacks
-aws cloudformation create-stack \
-  --stack-name StackBucket \
-  --template-body file://stack/cloudformation/stackbucket.yaml \
-  --capabilities CAPABILITY_NAMED_IAM \
-  --parameters \
-    ParameterKey=AccountId,ParameterValue=123456789 \
-    ParameterKey=UserName,ParameterValue=some-name \
-  --on-failure DELETE
+STACK_NAME=StackBucket STACK_FILE_NAME=stackbucket.yaml ./scripts/create_stack.bash
 
 # close the environment when done
 deactivate

diff --git a/scripts/create_stack.bash b/scripts/create_stack.bash
@@ -0,0 +1,56 @@
+#!/bin/bash
+set -eo pipefail
+
+STACK_NAME=${STACK_NAME}
+STACK_FILE_NAME=${STACK_FILE_NAME}
+
+if [ -z "${STACK_NAME}" ]; then
+  echo "ERROR: 'STACK_NAME' is unset, exiting"
+  exit 1
+fi
+
+if [ -z "${STACK_FILE_NAME}" ]; then
+  echo "ERROR: 'STACK_FILE_NAME' is unset, exiting"
+  exit 1
+fi
+
+full_path_of_directory=$(git rev-parse --show-toplevel)
+stack_file_full_path=$(find ${full_path_of_directory} -type f -name "${STACK_FILE_NAME}")
+if [ -n "${stack_file_full_path}" ]; then
+    echo "Full path of '${STACK_FILE_NAME}' is '${stack_file_full_path}'"
+else
+    echo "ERROR: '${STACK_FILE_NAME}' file is not found, exiting"
+    exit 1
+fi
+
+aws_command=$(which aws)
+if [ $? -ne 0 ]; then
+  echo "Unable to determine AWS CLI command location; is it installed locally?"
+  exit 1
+fi
+
+# check if stack exists
+describe_stack_command_result=$(${aws_command} cloudformation describe-stacks --stack-name ${STACK_NAME} 2>&1)
+if [ $? -ne 0 ]; then
+  echo "Stack '${STACK_NAME}' does not exist, creating from stack file '${STACK_FILE_NAME}'..."
+  ${aws_command} cloudformation create-stack \
+    --stack-name "${STACK_NAME}" \
+    --template-body "file://${stack_file_full_path}" \
+    --capabilities CAPABILITY_NAMED_IAM \
+    --on-failure DELETE
+
+  echo "Waiting for stack to be created, please wait..."
+  ${aws_command} cloudformation wait stack-create-complete --stack-name ${STACK_NAME}
+
+  echo "Checking stack has been created successfully..."
+  describe_stack_command_result=$(${aws_command} cloudformation describe-stacks --stack-name ${STACK_NAME} 2>&1)
+  if [ $? -ne 0 ]; then
+    echo "ERROR: 'Could not determine if ${STACK_NAME}' has been created; check console"
+    exit 1
+  else
+    echo "Stack '${STACK_NAME}' created"
+  fi
+else
+  echo "Nothing to do, '${STACK_NAME}' already exists"
+  exit 0
+fi
diff --git a/stack/cloudformation/stackbucket.yaml b/stack/cloudformation/stackbucket.yaml
@@ -1,23 +1,11 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: Secure S3 Bucket accessible only by members of a specific IAM group
-
-Parameters:
-  AccountId:
-    Type: String
-    Description: AWS Account ID of the bucket owner group
-    Default: Default
-    NoEcho: true
-  UserName:
-    Type: String
-    Description: The name of the IAM user that should have access to the bucket
-    Default: Default
-    NoEcho: true
+Description: Secure S3 Bucket accessible only by members of a specific account
 
 Resources:
   StackBucket:
     Type: AWS::S3::Bucket
     Properties:
-      BucketName: !Sub "${AccountId}-${UserName}-stack-bucket"
+      BucketName: !Sub "${AWS::AccountId}-stack-bucket"
 
   BucketPolicy:
     Type: AWS::S3::BucketPolicy
@@ -29,7 +17,7 @@ Resources:
           - Sid: "AllowSpecificUserAccessOnly"
             Effect: "Allow"
             Principal:
-              AWS: !Sub "arn:aws:iam::${AccountId}:user/${UserName}"
+              AWS: !Sub "${AWS::AccountId}"
             Action:
               - "s3:GetObject"
               - "s3:PutObject"