v0.3.0
v0.3.0
New Functionality - SCPs
You can now use ADF to manage and automate the process of applying Service Control Policies throughout your Organization. Application of SCPs works in a similar way to bootstrapping base stacks in ADF. Place a scp.json file in the corresponding Organizational Unit folder in the bootstrap_repository and it will be automatically applied to that OU, if its removed it will be detached from the OU and deleted. To get started see the scp-example.json, also read the admin guide and SCP Documentation.
Description of changes:
-
SCPs functionality - Resolves #25
-
The master account can now be bootstrapped like any other account and can also have Deployment Pipelines target it. Resolves #19
-
Pyyaml has been updated to 5.1 stable in requirements.txt
-
Removed relative pathing for tests
-
Adding tests for account_bootstrap.py
-
Updated 'remove_base' in adfconfig.yml to also accept 'remove-base' - removing underscores in config options
-
Cleaned up unnecessary passing of boto3 library into class constructors
-
Updated code-commit-role on the master account to be titled adf-codecommit-role-base (avoid naming clash if default global.yml is applied)
-
Added BucketPolicy to the BootstrapTemplatesBucket to allow the Organization access to streamline master account bootstrap + pipeline capability.
-
CloudFormation no longer attempts to use template_body at all throughout ADF but uses template_url for all base and pipelines stacks - allowing much high limits on sizing. (previous it was just pipelines using template_url)
-
Organize Documentation to better suit admin vs user guide
-
General Code Cleanup (more to come)
-
The role that is assumed by the Deployment Account back to the master account to query Organizations has been renamed from "${CrossAccountAccessRole}-org-access-adf" to match the CrossAccountAccessRole that has been defined in the adfconfig.yml. CloudFormation will update this role on the next run of the UpdateBaseStacks pipeline.
-
The base stack created in the deployment region on the master account adf-global-base-adf-build is now updatable and will update on each run of the UpdateBaseStacks pipeline.
-
BUG FIX: Fixed a bug that caused 'organization_id' to be unavailable if performing fresh install
-
BUG FIX: Notification Emails were being sent when they shouldn't need to, defining the account had been bootstrapped into 'None'
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.