conformence update

ssc-spc-ccoe-cei · Feb 20, 2025 · 23bdb7c · 23bdb7c
1 parent e922858
commit 23bdb7c
Show file tree

Hide file tree

Showing 18 changed files with 73 additions and 14 deletions.
diff --git a/arch/templates/AuditAccountAuditManager.yaml b/arch/templates/AuditAccountAuditManager.yaml
@@ -38,6 +38,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   #############################################
   # Part 1 - Import Custom Framework

diff --git a/arch/templates/AuditAccountPreRequisitesPart1.yaml b/arch/templates/AuditAccountPreRequisitesPart1.yaml
@@ -61,6 +61,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPart2.yaml b/arch/templates/AuditAccountPreRequisitesPart2.yaml
@@ -26,6 +26,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPart3.yaml b/arch/templates/AuditAccountPreRequisitesPart3.yaml
@@ -28,6 +28,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPart4.yaml b/arch/templates/AuditAccountPreRequisitesPart4.yaml
@@ -28,6 +28,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPart5.yaml b/arch/templates/AuditAccountPreRequisitesPart5.yaml
@@ -28,6 +28,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPart6.yaml b/arch/templates/AuditAccountPreRequisitesPart6.yaml
@@ -28,6 +28,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPart7.yaml b/arch/templates/AuditAccountPreRequisitesPart7.yaml
@@ -28,6 +28,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPart8.yaml b/arch/templates/AuditAccountPreRequisitesPart8.yaml
@@ -28,6 +28,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Type: AWS::Lambda::LayerVersion

diff --git a/arch/templates/AuditAccountPreRequisitesPartN.yaml b/arch/templates/AuditAccountPreRequisitesPartN.yaml
@@ -24,6 +24,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   #############################################
   # Configure Lambda Permissions

diff --git a/arch/templates/ConformancePack.yaml b/arch/templates/ConformancePack.yaml
@@ -8,9 +8,6 @@ Parameters:
   UpdateTriggerVersion:
     Type: String
     Default: "v1"
-  TemplateVersion:
-    Type: String
-    Default: !Sub "${AWS::StackName}-v3-${AWS::Timestamp}"
   GCLambdaExecutionRoleName:
     Type: String
   GCLambdaExecutionRoleName2:
@@ -115,15 +112,9 @@ Parameters:
   S3EmergencyAccountAlertsRuleNamesPath:
     Type: String
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
-  # Force Update
-  ForceUpdateFunction:
-    Type: AWS::SSM::Parameter
-    Properties:
-      Name: !Sub "/force-update/${AWS::StackName}/${TemplateVersion}"
-      Type: String
-      Value: !Ref TemplateVersion
-
   # GC01
   GC01CheckAttestationLetterConfigRule:
     Type: "AWS::Config::ConfigRule"

diff --git a/arch/templates/EvidenceCollectionComponents.yaml b/arch/templates/EvidenceCollectionComponents.yaml
@@ -37,6 +37,8 @@ Conditions:
     - !Ref AWS::AccountId
     - !Ref AuditAccountID
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   CloudGuardrailsCommonLayer:
     Condition: IsAuditAccount

diff --git a/arch/templates/OrgRoleGenerator.yaml b/arch/templates/OrgRoleGenerator.yaml
@@ -38,6 +38,8 @@ Parameters:
     Description:
       The python runtime to use for the compliance dashboard
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   LambdaCreateRole:
     Type: "AWS::IAM::Role"

diff --git a/arch/templates/config-aggregator.yaml b/arch/templates/config-aggregator.yaml
@@ -1,6 +1,8 @@
 AWSTemplateFormatVersion: 2010-09-09
 Description: Deploys the Government of Canada Guardrails Assessment Package Configuration Aggregator
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   ConfigurationAggregator:
       Type: 'AWS::Config::ConfigurationAggregator'
@@ -29,4 +31,4 @@ Resources:
                 - 'sts:AssumeRole'
         Tags:
           - Key: "Source"
-            Value: "ProServe Delivery Kit"
+            Value: "ProServe Delivery Kit"
diff --git a/arch/templates/main.yaml b/arch/templates/main.yaml
@@ -2,7 +2,7 @@ AWSTemplateFormatVersion: 2010-09-09
 Description: Deploys the Government of Canada Guardrails Assessment Package
 
 Metadata:
-  ForceUpdateTimeStamp: !Sub "${AWS::Timestamp}"
+  ForceUpdate: 1740069923
   AWS::CloudFormation::Interface:
     ParameterGroups:
       - Label:

diff --git a/arch/templates/root.yaml b/arch/templates/root.yaml
@@ -82,6 +82,8 @@ Parameters:
     Type: String
     Default: 2.0.0
 
+Metadata:
+  ForceUpdate: 1740069923
 Resources:
   GuardRailsStack:
     Type: AWS::CloudFormation::Stack

diff --git a/cloudshell.zip b/cloudshell.zip
diff --git a/makefile b/makefile
@@ -46,8 +46,48 @@ $(info --- Checking dependencies [DONE] ---)
 
 ## Make all, build and deploy
 all: configure mb build-code package-code setup-organizations deploy-stack backup-config
+
+# Define variables
+TIMESTAMP := $(shell date +%s)
+TEMPLATE_DIR := arch/templates
+YAML_FILES := $(shell find $(TEMPLATE_DIR) -type f -name "*.yaml")
+
+# Add force update metadata only to CloudFormation templates
+force-update-yaml:
+	@echo "Processing CloudFormation YAML templates in $(TEMPLATE_DIR)..."
+	@for file in $(YAML_FILES); do \
+	if grep -q "Resources:" $$file; then \
+	if grep -q "Metadata:" $$file; then \
+# Metadata exists, append ForceUpdate inside Metadata block
+	sed -i '/Metadata:/a\  ForceUpdate: '$(TIMESTAMP)'' $$file; \
+	echo "Updated Metadata in $$file"; \
+	else \
+# Metadata doesn't exist, insert it correctly
+	awk '/Resources:/ {print "Metadata:\n  ForceUpdate: '$(TIMESTAMP)'"}1' $$file > $$file.tmp && mv $$file.tmp $$file; \
+	echo "Added Metadata to $$file"; \
+	fi \
+	else \
+	echo "Skipping $$file (Not a CloudFormation template)"; \
+	fi \
+	done
+	@echo "CloudFormation YAML templates updated successfully."
+
+# Validate YAML syntax before packaging
+validate-yaml:
+	@echo "Validating YAML syntax..."
+	@for file in $(YAML_FILES); do \
+	yq eval . $$file > /dev/null || { echo "Error in $$file"; exit 1; }; \
+	done
+	@echo "All CloudFormation YAML files in $(TEMPLATE_DIR) are valid."
+
+# Main target to prepare YAMLs for forced update
+force-conformence: force-update-yaml validate-yaml
+	@echo "YAML files updated and validated successfully. Ready for packaging."
+
+
+
 ## Build a cloudshell package, build code and package for cloudshell
-build-cloudshell-package: build-code create-cloudshell-package
+build-cloudshell-package: force-conformence build-code create-cloudshell-package
 ## Build and package code
 build: build-code package-code
 ## Build and deploy code