Merge pull request #103 from aws-samples/feat/tracking

lusoal · web-flow · commit a2a1f7df18d1 · 2025-09-11T16:39:42.000-05:00
feat: Adding Tracking Stack
diff --git a/gitops/control-plane/production/workflows/tenant-deployment-workflow-template.yaml b/gitops/control-plane/production/workflows/tenant-deployment-workflow-template.yaml
@@ -13,11 +13,15 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./01-tenant-clone-repo.sh {{workflow.parameters.REPO_URL}} {{workflow.parameters.GIT_BRANCH}} {{workflow.parameters.GIT_USERNAME}} {{workflow.parameters.GIT_TOKEN}} && cp -r eks-saas-gitops /mnt/vol/eks-saas-gitops'] 
+        args: ['./01-tenant-clone-repo.sh "$REPO_URL" "$GIT_BRANCH" "$GIT_USERNAME" "$GIT_TOKEN" && cp -r eks-saas-gitops /mnt/vol/eks-saas-gitops'] 
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: REPO_URL
+            value: "{{workflow.parameters.REPO_URL}}"
+          - name: GIT_BRANCH
+            value: "{{workflow.parameters.GIT_BRANCH}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
           - name: GIT_TOKEN
@@ -26,13 +30,21 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./03-tenant-deployment.sh {{workflow.parameters.RELEASE_VERSION}} {{workflow.parameters.TENANT_TIER}} {{workflow.parameters.GIT_USER_EMAIL}} {{workflow.parameters.GIT_USERNAME}} {{workflow.parameters.GIT_BRANCH}} {{workflow.parameters.GIT_TOKEN}}'] 
+        args: ['./03-tenant-deployment.sh "$RELEASE_VERSION" "$TENANT_TIER" "$GIT_USER_EMAIL" "$GIT_USERNAME" "$GIT_BRANCH" "$GIT_TOKEN"'] 
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: RELEASE_VERSION
+            value: "{{workflow.parameters.RELEASE_VERSION}}"
+          - name: TENANT_TIER
+            value: "{{workflow.parameters.TENANT_TIER}}"
+          - name: GIT_USER_EMAIL
+            value: "{{workflow.parameters.GIT_USER_EMAIL}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
+          - name: GIT_BRANCH
+            value: "{{workflow.parameters.GIT_BRANCH}}"
           - name: GIT_TOKEN
             value: "{{workflow.parameters.GIT_TOKEN}}"
   volumeClaimTemplates:
diff --git a/gitops/control-plane/production/workflows/tenant-offboarding-workflow-template.yaml b/gitops/control-plane/production/workflows/tenant-offboarding-workflow-template.yaml
@@ -10,11 +10,13 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./00-validate-tenant.sh {{workflow.parameters.TENANT_ID}}']
+        args: ['./00-validate-tenant.sh "$TENANT_ID"']
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: TENANT_ID
+            value: "{{workflow.parameters.TENANT_ID}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
           - name: GIT_TOKEN
@@ -23,11 +25,15 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./01-tenant-clone-repo.sh {{workflow.parameters.REPO_URL}} {{workflow.parameters.GIT_BRANCH}} {{workflow.parameters.GIT_USERNAME}} {{workflow.parameters.GIT_TOKEN}} && cp -r eks-saas-gitops /mnt/vol/eks-saas-gitops']
+        args: ['./01-tenant-clone-repo.sh "$REPO_URL" "$GIT_BRANCH" "$GIT_USERNAME" "$GIT_TOKEN" && cp -r eks-saas-gitops /mnt/vol/eks-saas-gitops']
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: REPO_URL
+            value: "{{workflow.parameters.REPO_URL}}"
+          - name: GIT_BRANCH
+            value: "{{workflow.parameters.GIT_BRANCH}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
           - name: GIT_TOKEN
@@ -36,13 +42,21 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./04-tenant-offboarding.sh {{workflow.parameters.TENANT_ID}} {{workflow.parameters.TENANT_TIER}} {{workflow.parameters.GIT_USER_EMAIL}} {{workflow.parameters.GIT_USERNAME}} {{workflow.parameters.GIT_BRANCH}} {{workflow.parameters.GIT_TOKEN}}']
+        args: ['./04-tenant-offboarding.sh "$TENANT_ID" "$TENANT_TIER" "$GIT_USER_EMAIL" "$GIT_USERNAME" "$GIT_BRANCH" "$GIT_TOKEN"']
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: TENANT_ID
+            value: "{{workflow.parameters.TENANT_ID}}"
+          - name: TENANT_TIER
+            value: "{{workflow.parameters.TENANT_TIER}}"
+          - name: GIT_USER_EMAIL
+            value: "{{workflow.parameters.GIT_USER_EMAIL}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
+          - name: GIT_BRANCH
+            value: "{{workflow.parameters.GIT_BRANCH}}"
           - name: GIT_TOKEN
             value: "{{workflow.parameters.GIT_TOKEN}}"
   volumeClaimTemplates:
diff --git a/gitops/control-plane/production/workflows/tenant-onboarding-workflow-template.yaml b/gitops/control-plane/production/workflows/tenant-onboarding-workflow-template.yaml
@@ -10,11 +10,13 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./00-validate-tenant.sh {{workflow.parameters.TENANT_ID}}']
+        args: ['./00-validate-tenant.sh "$TENANT_ID"']
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: TENANT_ID
+            value: "{{workflow.parameters.TENANT_ID}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
           - name: GIT_TOKEN
@@ -23,11 +25,15 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./01-tenant-clone-repo.sh {{workflow.parameters.REPO_URL}} {{workflow.parameters.GIT_BRANCH}} {{workflow.parameters.GIT_USERNAME}} {{workflow.parameters.GIT_TOKEN}} && cp -r eks-saas-gitops /mnt/vol/eks-saas-gitops']
+        args: ['./01-tenant-clone-repo.sh "$REPO_URL" "$GIT_BRANCH" "$GIT_USERNAME" "$GIT_TOKEN" && cp -r eks-saas-gitops /mnt/vol/eks-saas-gitops']
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: REPO_URL
+            value: "{{workflow.parameters.REPO_URL}}"
+          - name: GIT_BRANCH
+            value: "{{workflow.parameters.GIT_BRANCH}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
           - name: GIT_TOKEN
@@ -36,13 +42,23 @@ spec:
       container:
         image: "${ecr_argoworkflow_container}:0.1"
         command: ["/bin/sh","-c"]
-        args: ['./02-tenant-onboarding.sh {{workflow.parameters.TENANT_ID}} {{workflow.parameters.RELEASE_VERSION}} {{workflow.parameters.TENANT_TIER}} {{workflow.parameters.GIT_USER_EMAIL}} {{workflow.parameters.GIT_USERNAME}} {{workflow.parameters.GIT_BRANCH}} {{workflow.parameters.GIT_TOKEN}}']
+        args: ['./02-tenant-onboarding.sh "$TENANT_ID" "$RELEASE_VERSION" "$TENANT_TIER" "$GIT_USER_EMAIL" "$GIT_USERNAME" "$GIT_BRANCH" "$GIT_TOKEN"']
         volumeMounts:
         - name: workdir
           mountPath: /mnt/vol
         env:
+          - name: TENANT_ID
+            value: "{{workflow.parameters.TENANT_ID}}"
+          - name: RELEASE_VERSION
+            value: "{{workflow.parameters.RELEASE_VERSION}}"
+          - name: TENANT_TIER
+            value: "{{workflow.parameters.TENANT_TIER}}"
+          - name: GIT_USER_EMAIL
+            value: "{{workflow.parameters.GIT_USER_EMAIL}}"
           - name: GIT_USERNAME
             value: "{{workflow.parameters.GIT_USERNAME}}"
+          - name: GIT_BRANCH
+            value: "{{workflow.parameters.GIT_BRANCH}}"
           - name: GIT_TOKEN
             value: "{{workflow.parameters.GIT_TOKEN}}"
   volumeClaimTemplates:
diff --git a/helpers/vs-code-ec2.yaml b/helpers/vs-code-ec2.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
 
-Description: This stack creates an EC2 instance with VS Code server environment for Guidance for Building SaaS Applications on Amazon EKS using GitOps (PLACEHOLDER).
+Description: This stack creates an EC2 instance with VS Code server environment for the Solution Guidace on Building SaaS applications on Amazon EKS using GitOps"
 
 Parameters:
   EnvironmentName:
@@ -183,7 +183,7 @@ Resources:
                 - export TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds:60")
                 - export AWS_REGION=$(curl -H "X-aws-ec2-metadata-token:${TOKEN}" -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/\(.*\)[a-z]/\1/') && echo "export AWS_REGION=${AWS_REGION}" >> /home/ec2-user/.bashrc
                 - export ALLOWED_IP="{{allowedIp}}"
-                - "git clone https://github.com/aws-samples/eks-saas-gitops.git /home/ec2-user/environment/eks-saas-gitops"
+                - "git clone https://github.com/aws-samples/eks-saas-gitops.git /home/ec2-user/environment/eks-saas-gitops; echo 'solution=true' > /home/ec2-user/environment/eks-saas-gitops/terraform/workshop/terraform.tfvars"
                 - "chown -R ec2-user:ec2-user /home/ec2-user/environment"
                 - "sudo -u ec2-user nohup /usr/bin/code-server --port 8080 --host 0.0.0.0 > /dev/null 2>&1 &"
                 - "export WAIT_HANDLE_URL=$(aws ssm get-parameter --name '/eks-saas-gitops/waitcondition-url' --query 'Parameter.Value' --output text --region $AWS_REGION)"
diff --git a/tenant-microservices/payments/requirements.txt b/tenant-microservices/payments/requirements.txt
@@ -4,4 +4,4 @@ Flask==3.0.0
 itsdangerous==2.1.2
 Jinja2==3.1.3
 MarkupSafe==2.1.3
-Werkzeug==3.0.1
+Werkzeug==3.0.6
diff --git a/tenant-microservices/producer/requirements.txt b/tenant-microservices/producer/requirements.txt
@@ -4,6 +4,6 @@ Flask==3.0.0
 itsdangerous==2.1.2
 Jinja2==3.1.3
 MarkupSafe==2.1.3
-Werkzeug==3.0.1
+Werkzeug==3.0.6
 boto3~=1.28.59
 botocore~=1.31.59
diff --git a/terraform/install.sh b/terraform/install.sh
@@ -138,6 +138,15 @@ apply_flux() {
     echo "Flux and GitOps infrastructure applied successfully."
 }
 
+# Apply remaining Terraform resources
+apply_remaining_resources() {
+    echo "Applying remaining Terraform resources..."
+    terraform apply --auto-approve
+
+    echo "All Terraform resources created successfully."
+}
+
+
 # Print the setup information
 print_setup_info() {
     echo "=============================="
@@ -196,6 +205,7 @@ main() {
     create_gitea_repositories  # Create Gitea repositories
     echo "Proceeding with Flux setup..."
     apply_flux
+    apply_remaining_resources
     echo "=============================="
     echo "Flux Setup Complete!"
     echo "=============================="
diff --git a/terraform/modules/gitea/main.tf b/terraform/modules/gitea/main.tf
@@ -169,10 +169,10 @@ resource "aws_iam_role_policy" "ecr_access" {
   })
 }
 
-resource "aws_iam_role_policy_attachment" "ssm_instance_connect" {
-  role       = aws_iam_role.gitea.name
-  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-}
+# resource "aws_iam_role_policy_attachment" "ssm_instance_connect" {
+#   role       = aws_iam_role.gitea.name
+#   policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+# }
 
 resource "aws_iam_instance_profile" "gitea" {
   name = "${var.name}-profile"
diff --git a/terraform/workshop/main.tf b/terraform/workshop/main.tf
@@ -10,6 +10,32 @@ locals {
   }
 }
 
+################################################################################
+# Adding guidance solution ID via AWS CloudFormation resource
+################################################################################
+resource "random_bytes" "this" {
+  count  = var.solution ? 1 : 0
+  length = 2
+}
+
+resource "aws_cloudformation_stack" "guidance_deployment_metrics" {
+  count = var.solution ? 1 : 0
+
+  name          = "tracking-stack-${random_bytes.this[0].hex}"
+  on_failure    = "DO_NOTHING"
+  template_body = <<STACK
+    {
+        "AWSTemplateFormatVersion": "2010-09-09",
+        "Description": "(S09620) This is a CFN stack for Solution Guidance on Building SaaS applications on Amazon EKS using GitOps.",
+        "Resources": {
+            "EmptyResource": {
+                "Type": "AWS::CloudFormation::WaitConditionHandle"
+            }
+        }
+    }
+    STACK
+}
+
 ################################################################################
 # VPC and Roles
 ################################################################################
diff --git a/terraform/workshop/providers.tf b/terraform/workshop/providers.tf
@@ -8,6 +8,8 @@ provider "gitea" {
   insecure = true
 }
 
+provider "random" {}
+
 provider "aws" {
   region = var.aws_region
 }
diff --git a/terraform/workshop/variables.tf b/terraform/workshop/variables.tf
@@ -71,3 +71,9 @@ variable "allowed_ip" {
   type        = string
   default     = ""
 }
+
+variable "solution" {
+  description = "Define if the stack is set to deploy on a Solution Guidance"
+  type        = bool
+  default     = false
+}
diff --git a/terraform/workshop/versions.tf b/terraform/workshop/versions.tf
@@ -18,7 +18,7 @@ terraform {
     }
     random = {
       source  = "hashicorp/random"
-      version = "= 3.5"
+      version = "= 3.7.2"
     }
   }
   required_version = ">= 1.0"

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,8 @@ provider "gitea" {`
`8`	`8`	`insecure = true`
`9`	`9`	`}`
`10`	`10`
	`11`	`+provider "random" {}`
	`12`	`+`
`11`	`13`	`provider "aws" {`
`12`	`14`	`region = var.aws_region`
`13`	`15`	`}`