1212# permissions and limitations under the License.
1313
1414AWSTemplateFormatVersion: '2010-09-09'
15- Description: '(SO0089) - customizations-for-aws-control-tower Solution. Version: v2.7.0 '
15+ Description: '(SO0089) - customizations-for-aws-control-tower Solution. Version: v2.7.1 '
1616
1717Parameters:
1818 PipelineApprovalStage:
@@ -311,7 +311,7 @@ Resources:
311311 BranchName: !Ref CodeCommitBranchName
312312 S3:
313313 Bucket: !Sub control-tower-cfct-assets-prod-${AWS::Region}
314- Key: !Sub customizations-for-aws-control-tower/v2.7.0 /custom-control-tower-configuration-${AWS::Region}.zip
314+ Key: !Sub customizations-for-aws-control-tower/v2.7.1 /custom-control-tower-configuration-${AWS::Region}.zip
315315
316316 # SSM Parameter to store the git repository name
317317 CustomControlTowerRepoNameParameter:
@@ -572,10 +572,10 @@ Resources:
572572 - {KMSKeyName: !FindInMap [KMS, Alias, Name]}
573573 Source:
574574 Type: CODEPIPELINE
575- BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1>/dev/null\n - export LC_ALL='en_US.UTF-8'\n - locale-gen en_US en_US.UTF-8\n - dpkg-reconfigure locales --frontend noninteractive\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod-${AWS_REGION}/customizations-for-aws-control-tower/v2.7.0/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES \n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n\n"
575+ BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.11\n ruby: 3.3\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1>/dev/null\n - export LC_ALL='en_US.UTF-8'\n - locale-gen en_US en_US.UTF-8\n - dpkg-reconfigure locales --frontend noninteractive\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod-${AWS_REGION}/customizations-for-aws-control-tower/v2.7.1/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES \n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n\n"
576576 Environment:
577577 ComputeType: BUILD_GENERAL1_SMALL
578- Image: "aws/codebuild/standard:5 .0"
578+ Image: "aws/codebuild/standard:7 .0"
579579 Type: LINUX_CONTAINER
580580 EnvironmentVariables:
581581 - Name: ARTIFACT_BUCKET
@@ -597,7 +597,7 @@ Resources:
597597 - Name: SOLUTION_ID
598598 Value: !FindInMap [ Solution, Metrics, SolutionID ]
599599 - Name: SOLUTION_VERSION
600- Value: v2.7.0
600+ Value: v2.7.1
601601 - Name: AWS_STS_REGIONAL_ENDPOINTS
602602 Value: "regional"
603603 Artifacts:
@@ -702,10 +702,10 @@ Resources:
702702 - {KMSKeyName: !FindInMap [KMS, Alias, Name]}
703703 Source:
704704 Type: CODEPIPELINE
705- BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null \n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod-${AWS_REGION}/customizations-for-aws-control-tower/v2.7.0/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
705+ BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.11\n ruby: 3.3\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null \n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod-${AWS_REGION}/customizations-for-aws-control-tower/v2.7.1/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
706706 Environment:
707707 ComputeType: BUILD_GENERAL1_SMALL
708- Image: "aws/codebuild/standard:5 .0"
708+ Image: "aws/codebuild/standard:7 .0"
709709 Type: LINUX_CONTAINER
710710 EnvironmentVariables:
711711 - Name: SM_ARN
@@ -723,7 +723,7 @@ Resources:
723723 - Name: SOLUTION_ID
724724 Value: !FindInMap [ Solution, Metrics, SolutionID ]
725725 - Name: SOLUTION_VERSION
726- Value: v2.7.0
726+ Value: v2.7.1
727727 - Name: AWS_STS_REGIONAL_ENDPOINTS
728728 Value: "regional"
729729 Artifacts:
@@ -880,10 +880,10 @@ Resources:
880880 - {KMSKeyName: !FindInMap [KMS, Alias, Name]}
881881 Source:
882882 Type: CODEPIPELINE
883- BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.8\n ruby: 2.6\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod-${AWS_REGION}/customizations-for-aws-control-tower/v2.7.0/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
883+ BuildSpec: "version: 0.2\nphases:\n install:\n runtime-versions:\n python: 3.11\n ruby: 3.3\n commands:\n - export current=$(pwd)\n - if [ -f manifest.yaml ];then export current=$(pwd);else if [ -f custom-control-tower-configuration/manifest.yaml ]; then export current=$(pwd)/custom-control-tower-configuration; else echo 'manifest.yaml does not exist at the root level of custom-control-tower-configuration.zip or inside custom-control-tower-configuration folder, please check the ZIP file'; exit 1; fi; fi;\n - apt-get -q update 1> /dev/null\n - apt-get -q install zip wget python3-pip libyaml-dev -y 1> /dev/null\n pre_build:\n commands:\n - cd $current\n - echo 'Download CustomControlTower Scripts'\n - aws s3 cp --quiet s3://control-tower-cfct-assets-prod-${AWS_REGION}/customizations-for-aws-control-tower/v2.7.1/custom-control-tower-scripts.zip $current\n - unzip -q -o $current/custom-control-tower-scripts.zip -d $current\n - cp codebuild_scripts/* .\n - bash install_stage_dependencies.sh $STAGE_NAME\n build:\n commands:\n - echo 'Starting build $(date) in $(pwd)'\n - echo 'bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES'\n - bash execute_stage_scripts.sh $STAGE_NAME $LOG_LEVEL $WAIT_TIME $SM_ARN $ARTIFACT_BUCKET $KMS_KEY_ALIAS_NAME $BOOL_VALUES $NONE_TYPE_VALUES\n - echo 'Running build scripts completed $(date)'\n post_build:\n commands:\n - echo 'Starting post build $(date) in $(pwd)'\n - echo 'build completed on $(date)'\n\nartifacts:\n files:\n - '**/*'\n"
884884 Environment:
885885 ComputeType: BUILD_GENERAL1_SMALL
886- Image: "aws/codebuild/standard:5 .0"
886+ Image: "aws/codebuild/standard:7 .0"
887887 Type: LINUX_CONTAINER
888888 EnvironmentVariables:
889889 - Name: SM_ARN
@@ -905,7 +905,7 @@ Resources:
905905 - Name: SOLUTION_ID
906906 Value: !FindInMap [Solution, Metrics, SolutionID]
907907 - Name: SOLUTION_VERSION
908- Value: v2.7.0
908+ Value: v2.7.1
909909 - Name: METRICS_URL
910910 Value: !FindInMap [Solution, Metrics, MetricsURL]
911911 - Name: CONTROL_TOWER_BASELINE_CONFIG_STACKSET
@@ -1031,16 +1031,16 @@ Resources:
10311031 Variables:
10321032 LOG_LEVEL: !FindInMap [LambdaFunction, Logging, Level]
10331033 SOLUTION_ID: !FindInMap [Solution, Metrics, SolutionID]
1034- SOLUTION_VERSION: v2.7.0
1034+ SOLUTION_VERSION: v2.7.1
10351035 Code:
10361036 S3Bucket: !Sub "control-tower-cfct-assets-prod-${AWS::Region}"
1037- S3Key: customizations-for-aws-control-tower/v2.7.0 /custom-control-tower-config-deployer.zip
1037+ S3Key: customizations-for-aws-control-tower/v2.7.1 /custom-control-tower-config-deployer.zip
10381038 FunctionName: CustomControlTowerDeploymentLambda
10391039 Description: Custom Control Tower Deployment Lambda
10401040 Handler: config_deployer.lambda_handler
10411041 MemorySize: 512
10421042 Role: !GetAtt 'CustomControlTowerDeploymentLambdaRole.Arn'
1043- Runtime: python3.8
1043+ Runtime: python3.11
10441044 Timeout: 300
10451045 TracingConfig:
10461046 Mode: Active
@@ -1053,7 +1053,7 @@ Resources:
10531053 DestinationBucketName: !Ref CustomControlTowerPipelineS3Bucket
10541054 DestinationS3Key: !If [IsBuildCustomControlTowerCondition, !FindInMap [BucketConfiguration, CustomControlTowerPipelineS3TriggerKey, Name], !FindInMap [BucketConfiguration, CustomControlTowerPipelineS3NonTriggerKey, Name]]
10551055 SourceBucketName: !Sub control-tower-cfct-assets-prod-${AWS::Region}
1056- SourceS3Key: customizations-for-aws-control-tower/v2.7.0 /custom-control-tower-configuration.zip
1056+ SourceS3Key: customizations-for-aws-control-tower/v2.7.1 /custom-control-tower-configuration.zip
10571057 KMSConfig:
10581058 KMSKeyAlias: !Sub
10591059 - alias/${KMSKeyName}
@@ -1301,20 +1301,20 @@ Resources:
13011301 ADMINISTRATION_ROLE_ARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/service-role/AWSControlTowerStackSetRole
13021302 EXECUTION_ROLE_NAME: !FindInMap [AWSControlTower, ExecutionRole, Name]
13031303 SOLUTION_ID: !FindInMap [Solution, Metrics, SolutionID]
1304- SOLUTION_VERSION: v2.7.0
1304+ SOLUTION_VERSION: v2.7.1
13051305 METRICS_URL: !FindInMap [Solution, Metrics, MetricsURL]
13061306 MAX_CONCURRENT_PERCENT: !Ref MaxConcurrentPercentage
13071307 FAILED_TOLERANCE_PERCENT: !Ref FailureTolerancePercentage
13081308 REGION_CONCURRENCY_TYPE: !Ref RegionConcurrencyType
13091309 Code:
13101310 S3Bucket: !Sub "control-tower-cfct-assets-prod-${AWS::Region}"
1311- S3Key: customizations-for-aws-control-tower/v2.7.0 /custom-control-tower-state-machine.zip
1311+ S3Key: customizations-for-aws-control-tower/v2.7.1 /custom-control-tower-state-machine.zip
13121312 FunctionName: CustomControlTowerStateMachineLambda
13131313 Description: Custom Control Tower State Machine Handler
13141314 Handler: state_machine_router.lambda_handler
13151315 MemorySize: 1024
13161316 Role: !GetAtt 'CustomControlTowerStateMachineLambdaRole.Arn'
1317- Runtime: python3.8
1317+ Runtime: python3.11
13181318 Timeout: 300
13191319 TracingConfig:
13201320 Mode: Active
@@ -2900,22 +2900,24 @@ Resources:
29002900 LOG_LEVEL: !FindInMap [LambdaFunction, Logging, Level]
29012901 CODE_PIPELINE_NAME: !Ref CustomControlTowerCodePipeline
29022902 SOLUTION_ID: !FindInMap [ Solution, Metrics, SolutionID ]
2903- SOLUTION_VERSION: v2.7.0
2903+ SOLUTION_VERSION: v2.7.1
29042904 Code:
29052905 S3Bucket: !Sub "control-tower-cfct-assets-prod-${AWS::Region}"
2906- S3Key: customizations-for-aws-control-tower/v2.7.0 /custom-control-tower-lifecycle-event-handler.zip
2906+ S3Key: customizations-for-aws-control-tower/v2.7.1 /custom-control-tower-lifecycle-event-handler.zip
29072907 Description: Custom Control Tower Lifecyle event Lambda to handle lifecycle events
29082908 Handler: lifecycle_event_handler.lambda_handler
29092909 MemorySize: 512
29102910 Role: !GetAtt 'CustomControlTowerLELambdaRole.Arn'
2911- Runtime: python3.8
2911+ Runtime: python3.11
29122912 Timeout: 30
29132913 TracingConfig:
29142914 Mode: Active
29152915
29162916 # FIFO SQS Dead Letter Queue for storing Lifecycle Events (LE) that can't be processed (consumed) successfully
29172917 CustomControlTowerLEFIFODLQueue:
29182918 Type: "AWS::SQS::Queue"
2919+ DeletionPolicy: Retain
2920+ UpdateReplacePolicy: Retain
29192921 DependsOn: CustomControlTowerDeploymentLambda
29202922 Metadata:
29212923 cfn_nag:
@@ -2936,6 +2938,8 @@ Resources:
29362938 # FIFO SQS Queue for storing Lifecycle Events (LE)
29372939 CustomControlTowerLEFIFOQueue:
29382940 Type: "AWS::SQS::Queue"
2941+ DeletionPolicy: Retain
2942+ UpdateReplacePolicy: Retain
29392943 DependsOn: CustomControlTowerDeploymentLambda
29402944 Metadata:
29412945 cfn_nag:
@@ -3196,6 +3200,6 @@ Outputs:
31963200 Value: !Ref CustomControlTowerPipelineS3Bucket
31973201 CustomControlTowerSolutionVersion:
31983202 Description: Version Number
3199- Value: "v2.7.0 "
3203+ Value: "v2.7.1 "
32003204 Export:
32013205 Name: Custom-Control-Tower-Version
0 commit comments