Merge pull request #37 from aws-solutions/feature/v2.2.2

Update to version v2.2.2
aws-solutions · Jun 11, 2024 · e5e47da · e5e47da
2 parents d48df78 + 59a9577
commit e5e47da
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 26 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -31,4 +31,4 @@ To get the version of the solution, you can look at the description of the creat
 If applicable, add screenshots to help explain your problem (please **DO NOT include sensitive information**).
 
 **Additional context**
-Add any other context about the problem here.
+Add any other context about the problem here.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.2] - 2024-06-10
+
+### Fixed
+
+- Upgrade issue with Lambda Custom Resource Sagemaker layer copy to new blueprints bucket
+
+### Updated
+
+- requests updated to 2.32.3
+
+
 ## [2.2.1] - 2024-05-27
 
 ### Updated

diff --git a/source/infrastructure/lib/mlops_orchestrator_stack.py b/source/infrastructure/lib/mlops_orchestrator_stack.py
@@ -144,7 +144,7 @@ def __init__(
         # This is a logging bucket.
         access_logs_bucket.node.default_child.cfn_options.metadata = {
             "cfn_nag": suppress_s3_access_policy(),
-            "guard": suppress_cfnguard_rules(['S3_BUCKET_NO_PUBLIC_RW_ACL']),
+            "guard": suppress_cfnguard_rules(["S3_BUCKET_NO_PUBLIC_RW_ACL"]),
         }
 
         # Import user provide S3 bucket, if any. s3.Bucket.from_bucket_arn is used instead of
@@ -182,8 +182,8 @@ def __init__(
 
         # add cfn-guard suppressions
         assets_bucket.node.default_child.cfn_options.metadata = {
-            "guard": suppress_cfnguard_rules(['S3_BUCKET_NO_PUBLIC_RW_ACL']),
-        }  
+            "guard": suppress_cfnguard_rules(["S3_BUCKET_NO_PUBLIC_RW_ACL"]),
+        }
 
         # Create the resource if create_new_bucket condition is True
         Aspects.of(assets_bucket).add(ConditionalResources(create_new_bucket))
@@ -209,8 +209,8 @@ def __init__(
 
         # add cfn-guard suppressions
         blueprint_repository_bucket.node.default_child.cfn_options.metadata = {
-            "guard": suppress_cfnguard_rules(['S3_BUCKET_NO_PUBLIC_RW_ACL']),
-        }  
+            "guard": suppress_cfnguard_rules(["S3_BUCKET_NO_PUBLIC_RW_ACL"]),
+        }
 
         # add override for access logs bucket
         access_logs_bucket.add_to_resource_policy(
@@ -260,9 +260,9 @@ def __init__(
                 "MLOpsNotificationsTopic",
             )
         )
-        mlops_notifications_topic.node.default_child.cfn_options.metadata = (
-            { "cfn_nag": suppress_sns() }
-        )
+        mlops_notifications_topic.node.default_child.cfn_options.metadata = {
+            "cfn_nag": suppress_sns()
+        }
 
         mlops_notifications_topic.add_subscription(
             subscriptions.EmailSubscription(
@@ -316,6 +316,9 @@ def __init__(
             self,
             "CustomResourceCopyAssets",
             service_token=custom_resource_lambda_fn.function_arn,
+            properties={
+                "blueprint_bucket": blueprint_repository_bucket.bucket_name,
+            },
         )
         custom_resource.node.add_dependency(blueprint_repository_bucket)
         # IAM policies setup ###
@@ -354,7 +357,7 @@ def __init__(
                 "code": lambda_.Code.from_asset("../lambdas/pipeline_orchestration"),
                 "layers": [sm_layer],
                 "timeout": Duration.minutes(10),
-                "memory_size": 512
+                "memory_size": 512,
             },
             api_gateway_props={
                 "defaultMethodOptions": {
@@ -367,19 +370,19 @@ def __init__(
         )
 
         # add lambda suppressions
-        provisioner_apigw_lambda.lambda_function.node.default_child.cfn_options.metadata = (
-            { "cfn_nag": suppress_lambda_policies() }
-        )
+        provisioner_apigw_lambda.lambda_function.node.default_child.cfn_options.metadata = {
+            "cfn_nag": suppress_lambda_policies()
+        }
 
         # add API Gateway suppressions
-        provisioner_apigw_lambda.api_gateway.deployment_stage.node.default_child.cfn_options.metadata = (
-            { "guard": suppress_cfnguard_rules(["API_GW_CACHE_ENABLED_AND_ENCRYPTED"]) }
-        )
+        provisioner_apigw_lambda.api_gateway.deployment_stage.node.default_child.cfn_options.metadata = {
+            "guard": suppress_cfnguard_rules(["API_GW_CACHE_ENABLED_AND_ENCRYPTED"])
+        }
 
         # add CW role suppression
-        provisioner_apigw_lambda.api_gateway_cloud_watch_role.node.default_child.cfn_options.metadata = (
-            { "guard": suppress_cfnguard_rules(["IAM_NO_INLINE_POLICY_CHECK"]) }
-        )
+        provisioner_apigw_lambda.api_gateway_cloud_watch_role.node.default_child.cfn_options.metadata = {
+            "guard": suppress_cfnguard_rules(["IAM_NO_INLINE_POLICY_CHECK"])
+        }
 
         provision_resource = provisioner_apigw_lambda.api_gateway.root.add_resource(
             "provisionpipeline"
@@ -400,9 +403,9 @@ def __init__(
         )
 
         # add role suppressions
-        provisioner_apigw_lambda.lambda_function.role.node.default_child.cfn_options.metadata = (
-            { "guard": suppress_cfnguard_rules(['IAM_NO_INLINE_POLICY_CHECK']) }
-        )
+        provisioner_apigw_lambda.lambda_function.role.node.default_child.cfn_options.metadata = {
+            "guard": suppress_cfnguard_rules(["IAM_NO_INLINE_POLICY_CHECK"])
+        }
 
         # Environment variables setup
         provisioner_apigw_lambda.lambda_function.add_environment(
@@ -555,7 +558,7 @@ def __init__(
                     },
                 ]
             },
-            "guard": suppress_cfnguard_rules(['S3_BUCKET_NO_PUBLIC_RW_ACL'])
+            "guard": suppress_cfnguard_rules(["S3_BUCKET_NO_PUBLIC_RW_ACL"]),
         }
 
         # custom resource for operational metrics###

diff --git a/source/lambdas/custom_resource/index.py b/source/lambdas/custom_resource/index.py
@@ -69,6 +69,7 @@ def on_event(event, context):
 
 
 @helper.create
+@helper.update
 def custom_resource(event, _):
 
     try:
@@ -81,7 +82,6 @@ def custom_resource(event, _):
         raise e
 
 
-@helper.update
 @helper.delete
 def no_op(_, __):
     pass  # No action is required when stack is deleted
diff --git a/source/lambdas/solution_helper/requirements-test.txt b/source/lambdas/solution_helper/requirements-test.txt
@@ -1,3 +1,3 @@
 crhelper==2.0.6
 urllib3==1.26.18
-requests==2.32.0
+requests==2.32.3
diff --git a/source/lambdas/solution_helper/requirements.txt b/source/lambdas/solution_helper/requirements.txt
@@ -1,3 +1,3 @@
 crhelper==2.0.6
 urllib3==1.26.18
-requests==2.32.0
+requests==2.32.3