Changes for v1.1.0

aws-solutions · Oct 23, 2024 · 70e6d17 · 70e6d17
1 parent 1c501fa
commit 70e6d17
Show file tree

Hide file tree

Showing 16 changed files with 651 additions and 465 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.0] - 2024-10
+
+### Changed
+
+- Replacing CodeCommit with S3 bucket as source code respository for network firewall configurations.
+
 ## [1.0.8] - 2024-09
 
 ### Changed

diff --git a/README.md b/README.md
@@ -1,5 +1,3 @@
-⚠️ __Important: This solution requires the use of AWS CodeCommit, which is no longer available to new customers. Existing customers of AWS CodeCommit can continue using and deploying this AWS Solution as normal.__ ⚠️
-
 **[Centralized Network Inspection on AWS](https://aws.amazon.com/solutions/implementations/centralized-network-inspection-on-aws)** | **[🚧 Feature request](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues/new?assignees=&labels=feature-request%2C+enhancement&template=feature_request.md&title=)** | **[🐛 Bug Report](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues/new?assignees=&labels=bug%2C+triage&template=bug_report.md&title=)**
 
 Note: If you want to use the solution without building from source, navigate to Solution Landing Page
@@ -18,26 +16,36 @@ Note: If you want to use the solution without building from source, navigate to
 - [License](#license)
 
 <a name="solution-overview"></a>
+
 # Solution Overview
+
 Solution for Centralized Network Inspection on AWS.
 
 <a name="architecture-diagram"></a>
+
 # Architecture Diagram
+
 ![Architecture Diagram](./source/architecture.png)
 
 <a name="prerequisites-for-customization"></a>
+
 ## Prerequisites for Customization
+
 * Node.js>16
 
 <a name="build"></a>
+
 ## Build
+
 Build the CDK code
+
 ```
 cd source/
 npm run build
 ```
 
 Build the Centralized Network Inspection Solution CodeBuild source code
+
 ```
 cd source/centralizedNetworkInspection
 tsc 
@@ -52,8 +60,10 @@ chmod +x ./build-s3-dist.sh
 ```
 
 <a name="unit-test"></a>
+
 ## Unit Test
-Run the unit tests 
+
+Run the unit tests
 
 ```
 cd <rootDir>/deployment
@@ -62,19 +72,21 @@ chmod +x ./run-unit-tests.sh
 ```
 
 <a name="deploy"></a>
+
 ## Deploy
+
 Follow the steps for deploying your custom version of the solution.
-* Create an S3 bucket with the bucket appended with the region in which the deployment is to be made. example, if the deployment is to be made in us-east-1 create a bucket name as [BUCKET_NAME]-us-east-1.
-* Create the distribution files using the script provided in the build section above.
-* Create the S3 Key in the bucket centralized-network-inspection/[VERSION_ID]/
-* Create the S3 Key in the bucket centralized-network-inspection/latest/
-* Copy the file ./deployment/regional-s3-assets/centralized-network-inspection.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/[VERSION_ID]/
-* Copy the file ./deployment/regional-s3-assets/centralized-network-inspection-configuration.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/latest/
+- Create an S3 bucket with the bucket appended with the region in which the deployment is to be made. example, if the deployment is to be made in us-east-1 create a bucket name as [BUCKET_NAME]-us-east-1.
+- Create the distribution files using the script provided in the build section above.
+- Create the S3 Key in the bucket centralized-network-inspection/[VERSION_ID]/
+- Create the S3 Key in the bucket centralized-network-inspection/latest/
+- Copy the file ./deployment/regional-s3-assets/centralized-network-inspection.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/[VERSION_ID]/
+- Copy the file ./deployment/regional-s3-assets/centralized-network-inspection-configuration.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/latest/
 
 Once the above steps are completed, use the file ./deployment/global-s3-assets/centralized-network-inspection-on-aws.template to create a stack in CloudFormation.
 
-
 <a name="file-structure"></a>
+
 # File structure
 
 centralized-network-inspection-on-aws consists of:
@@ -90,7 +102,7 @@ File Structure
 |-source/
   |-bin/
     |-centralized-network-inspection-solution.ts  [ entry point for CDK app ]
-  |-test/                  [ unit tests for CDK constructs ] 
+  |-test/                  [ unit tests for CDK constructs ]
     |-centralized-network-inspection-solution.test.ts [CDK construct for the solution.]
     |-__snapshots__
       |-centralized-network-inspection-solution.test.ts.snap [CDK construct template snapshot of unit testing.]
@@ -168,9 +180,8 @@ File Structure
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 SPDX-License-Identifier: Apache-2.0
 
-See [LICENSE](https://github.com/aws-solutions/centralized-network-inspection-on-aws/blob/master/LICENSE.txt) 
+See [LICENSE](https://github.com/aws-solutions/centralized-network-inspection-on-aws/blob/master/LICENSE.txt)
 
 ## Collection of operational metrics
 
 This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/centralized-network-inspection-on-aws/reference.html).
-
diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh
@@ -62,7 +62,7 @@ npm ci
 cd "$source_dir"
 echo "npm run cdk -- synth --output=$staging_dist_dir"
 npm run build
-npm run cdk -- synth --output=$staging_dist_dir
+npm run cdk -- synth --quiet --asset-metadata false --path-metadata --output=$staging_dist_dir
 
 # Remove unnecessary output files
 echo "cd $staging_dist_dir"
@@ -137,6 +137,11 @@ npm run cleanup:dist
 cd $source_dir/
 npm run cleanup:tsc
 
+# custom lambda for copying configuration file into s3.
+echo "[Package] Generate public assets for custom resource lambda"
+cd "$template_dir"/cdk-solution-helper/asset-packager && npm ci
+npx ts-node ./index "$staging_dist_dir" "$build_dist_dir"
+
 # Delete the temporary /staging folder
 echo "rm -rf $staging_dist_dir"
 rm -rf $staging_dist_dir

diff --git a/solution-manifest.yaml b/solution-manifest.yaml
@@ -1,7 +1,7 @@
 ---
 id: SO0108 # Solution Id
 name: centralized-network-inspection-on-aws # trademarked name
-version: v1.0.8 # current version of the solution. Used to verify template headers
+version: v1.1.0 # current version of the solution. Used to verify template headers
 cloudformation_templates: # This list should match with AWS CloudFormation templates section of IG
   - template: centralized-network-inspection-on-aws.template
     main_template: true

diff --git a/source/architecture.png b/source/architecture.png
diff --git a/source/bin/centralized-network-inspection-solution.ts b/source/bin/centralized-network-inspection-solution.ts
@@ -19,10 +19,20 @@ const SOLUTION_PROVIDER = 'AWS Solution Development';
 
 const app = new App();
 
+let synthesizer = new DefaultStackSynthesizer({
+  generateBootstrapVersionRule: false,
+});
+
+if (SOLUTION_BUCKET && SOLUTION_NAME && SOLUTION_VERSION) {
+  synthesizer = new DefaultStackSynthesizer({
+    generateBootstrapVersionRule: false,
+    fileAssetsBucketName: `${SOLUTION_BUCKET}-\${AWS::Region}`,
+    bucketPrefix: `${SOLUTION_NAME}/${SOLUTION_VERSION}/`,
+  });
+}
+
 let centralizedNetworkInspectionStackProps: CentralizedNetworkInspectionStackProps = {
-  synthesizer: new DefaultStackSynthesizer({
-    generateBootstrapVersionRule: false
-  }),
+  synthesizer: synthesizer,
   solutionId: SOLUTION_ID,
   solutionTradeMarkName: SOLUTION_TMN,
   solutionProvider: SOLUTION_PROVIDER,

diff --git a/...pection/__tests__/firewall-test-configuration/firewalls/firewall.example-fw-policy-2.json b/...pection/__tests__/firewall-test-configuration/firewalls/firewall.example-fw-policy-2.json
@@ -0,0 +1,12 @@
+{
+  "FirewallName": "VpcFirewall-1",
+  "FirewallPolicyArn": "__tests__/firewall-test-configuration/firewallPolicies/firewall-policy-2.json",
+  "Description": "Network Firewall created by AWS Solutions",
+  "DeleteProtection": true,
+  "FirewallPolicyChangeProtection": true,
+  "SubnetChangeProtection": true,
+  "Tags": [{
+    "Key": "env",
+    "Value": "mock-test"
+  }]
+}
diff --git a/...edNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall.example.json b/...edNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall.example.json
@@ -4,5 +4,9 @@
   "Description": "Network Firewall created by AWS Solutions",
   "DeleteProtection": true,
   "FirewallPolicyChangeProtection": true,
-  "SubnetChangeProtection": true
+  "SubnetChangeProtection": true,
+  "Tags": [{
+    "Key": "env",
+    "Value": "mock-test"
+  }]
 }
diff --git a/source/centralizedNetworkInspection/__tests__/network-firewall-manager.spec.ts b/source/centralizedNetworkInspection/__tests__/network-firewall-manager.spec.ts
@@ -270,12 +270,12 @@ jest.mock(
           };
         }),
         describeFirewallPolicy: jest.fn().mockImplementation(data => {
-          if (data && data === 'Firewall-Policy-2') {
+          if (data && data === 'Firewall-Policy-2-5081d0136786') {
             return Promise.resolve({
               UpdateToken: 'aaa',
               FirewallPolicyResponse: {
                 FirewallPolicyName: 'Firewall-Policy-2',
-                FirewallPolicyArn: 'arn:aws',
+                FirewallPolicyArn: 'arn:aws:network-firewall:us-east-1:1234:firewall-policy/Firewall-Policy-2',
                 FirewallPolicyId: 100,
               },
             });
@@ -393,6 +393,10 @@ jest.mock(
         updateFirewallDescription: jest.fn().mockImplementation(data => {
           expect(data['Description']).toBe('Network Firewall created by AWS Solutions');
         }),
+        tagResource: jest.fn().mockImplementation(data => {
+          expect(data['Tags'][0]['Key']).toBe('env');
+          expect(data['Tags'][0]['Value']).toBe('mock-test');
+        })
       }),
     };
   },
@@ -534,7 +538,7 @@ test('test the method firewallExist.', async () => {
 test('firewall policy already exists', async () => {
   const fileHandler = new ConfigReader();
   let firewallObject = fileHandler.convertFileToObject(
-    '__tests__/firewall-test-configuration/firewalls/firewall.example.json'
+    '__tests__/firewall-test-configuration/firewalls/firewall.example-fw-policy-2.json'
   );
   const managerInstance = new NetworkFirewallManager(
     {
@@ -553,7 +557,7 @@ test('firewall policy already exists', async () => {
   const response = await managerInstance.firewallPolicyOperations(
     '__tests__/firewall-test-configuration/firewallPolicies/firewall-policy-2.json'
   );
-  expect(response).toBe('arn:aws:network-firewall:us-east-1:1234:firewall-policy/Firewall-Policy-1');
+  expect(response).toBe('arn:aws:network-firewall:us-east-1:1234:firewall-policy/Firewall-Policy-2');
 });
 
 test('test the logging configuration object creation from environment variables', async () => {
@@ -781,7 +785,7 @@ test('Update firewall properties', async () => {
         DeleteProtection: false,
         Description: '',
         FirewallName: 'VpcFirewall-1',
-        FirewallArn: '',
+        FirewallArn: 'arn:aws:network-firewall:us-east-1:1234:firewall/VpcFirewall-1',
         FirewallPolicyChangeProtection: false,
         SubnetChangeProtection: false,
       },

diff --git a/source/centralizedNetworkInspection/package-lock.json b/source/centralizedNetworkInspection/package-lock.json
diff --git a/source/centralizedNetworkInspection/package.json b/source/centralizedNetworkInspection/package.json
@@ -1,6 +1,6 @@
 {
   "name": "centralized-network-inspection",
-  "version": "1.0.8",
+  "version": "1.1.0",
   "description": "Centralized Network Inspection on AWS",
   "main": "index.js",
   "types": "index.d.ts",