[Code Review] Installation Script (#7)

* Added script to install FHIR Solution on OSX/Linux, tested on OSX and CentOS (on a Cloud9 instance). Minor known bug in IAM creation when run from a Cloud9 instance. Commit also includes two files required for the install script, CF-IAMUser.yaml and iam_policy.json.

* Added capability to detect if FHIR server is already running, and if it is, to ask the user if they want to redeploy the server.

* Updated README.md with documentation of new installation script.

* Added informational output when user reruns install script and chooses not to redeploy server.

* fixed major bug with installing depedencies on Ubuntu systems.

* aliased node for systems that install nodejs as 'nodejs'

* Working through errors installing dependencies on Ubuntu. This version successfully installs all dependencies except yarn (currently resolving)

* fixed bug with yarn, all dependencies now correctly installing on Ubuntu

* Attempted to fix the problem, still causing issues on systems that already have  installed.

* Fixed issue with yarn, now experiencing issues with node being outdated (Ubuntu installs node 8.x, 9.x is required).

* Fixed bugs with Ubuntu--all is now working properly (tested on Ubuntu 18.04). Will later add functionality for users to manually install dependencies but use install script for the rest.

* Fixed redeployment--no need to remove server if it already exists.

* Update scripts/CF-IAMUser.yaml

Updated wording on YAML file as per Robert's suggestion

Co-authored-by: Robert Smayda <[email protected]>

* resolved most issues brought up by Robert in PR CR

* minor fixes

* Update README.md

Co-authored-by: Bakha <[email protected]>

* Update README.md

Minor changes

* Added windows installation script. 

* Minor change, inaccurate path reference when deploying DynamoDB Backups

* Added documentation in README for Windows install, and added validation of AWS credentials to Unix install.

* minor grammatical changes

* Update .gitignore

Info_Output.yml has personal information generated during installation, and thus it's a good idea to ignore it for commits.

* Fixed some issues brought up by Robert

* Added a request for confirmation from user that installing dependencies is okay [Unix script]

* fixed minor bug in Install-Dependencies, and redirected error output to alternate stream in cases that fail on purpose.

* Update CF-IAMUser.yaml

* Update README.md

Fixed minor errors in README

* added y/n support for shell script, fixed issues with regions on both scripts

* fixed a minor bug where the linux script couldn't find the yaml file for backups, and changed jest testing mode to --silent

* Fixed bugs found while reviewing code with Robert. Added password text masking during input, checking for AWSPowerShell module on Windows, correctly changing directory on Windows, plus some other minor bug fixes.

* Update README.md

Co-authored-by: Robert Smayda <[email protected]>

* Update README.md

Co-authored-by: Robert Smayda <[email protected]>

* Update scripts/win_install.ps1

Co-authored-by: Robert Smayda <[email protected]>

* minor typos and fixess

* changed README to be more concise in manual IAM User Creation step, referencing iam_policy.json instead of writing out the whole policy in the README doc

* Update install.sh

fixed minor bug in get_valid_pass() introduced in previous commit

* Update README.md

Co-authored-by: Robert Smayda <[email protected]>

* fixed issue with Cognito IDP signup, changed relative paths to absolute paths

* Install script container (#16)

* Add container to perform isolated install

* Minor fix to add new line between password prompts

* remove vim

* Update README.md

Merged by Aidan Lakshman ([email protected])

Co-authored-by: Robert Smayda <[email protected]>
Co-authored-by: Bakha <[email protected]>
Co-authored-by: Bakha <[email protected]>

Author: 3 people

.dockerignore

@@ -0,0 +1,2 @@
+node_modules
+

.gitignore

@@ -6,6 +6,7 @@
 # Ignore any zip files
 *.zip
 
+Info_Output.yml
 dist
 .build
 .idea

README.md

@@ -0,0 +1,21 @@
+FROM node:14.4
+
+RUN apt-get update && apt-get install -yq less
+
+# Required dependencies
+RUN curl -fsSL --compressed  "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o /tmp/awscliv2.zip && unzip -q /tmp/awscliv2.zip -d /tmp && /tmp/aws/install && npm install serverless -g
+
+WORKDIR /home/node
+
+# git checkout current repository
+# RUN git clone https://github.com/awslabs/aws-fhir-solution.git aws-fhir-solution
+# Temporary use local copy
+RUN mkdir aws-fhir-solution
+COPY ./ ./aws-fhir-solution/
+RUN chown -R node:node .
+
+USER node
+ENV DOCKER=true
+
+ENTRYPOINT [ "aws-fhir-solution/scripts/install.sh" ]
+# CMD [ "aws-fhir-solution/scripts/install.sh" ]

docker/Dockerfile

@@ -11,7 +11,7 @@
     "lint-fix": "eslint --fix . --ext .ts,.tsx",
     "build": "tsc",
     "watch": "tsc -w",
-    "test": "jest",
+    "test": "jest --silent",
     "test-coverage": "jest --coverage",
     "release": "yarn run build && yarn run lint && yarn run test",
     "clean": "rm -rf build/* node_modules/* dist/* .serverless/* .nyc_output/*",

package.json

@@ -0,0 +1,60 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Metadata:
+  License: Apache-2.0
+Description: 'AWS CloudFormation to create an IAM User with the required permissions to create the FHIR Solution'
+Resources:
+  FHIRUser:
+    Type: AWS::IAM::User
+    Properties:
+      Policies:
+      - PolicyName: FHIR_policy
+        PolicyDocument: #Note: this is the same as iam_policy.json
+          Version: 2012-10-17
+          Statement:
+            - Effect: Allow
+              Action:
+                -  'cloudwatch:*'
+                -  'dynamodb:*'
+                -  'events:*'
+                -  'iam:*'
+                -  'lambda:*'
+                -  'logs:*'
+                -  's3:*'
+                -  'xray:PutTelemetryRecords'
+                -  'xray:PutTraceSegments'
+                -  'tag:GetResources'
+                -  'logs:*'
+                -  'cognito-identity:*'
+                -  'cognito-idp:*'
+                -  'cognito-sync:*'
+                -  'es:*'
+                -  'cloudformation:*'
+                -  'kms:*'
+                -  'states:*'
+                -  'backup:*'
+                -  'backup-storage:MountCapsule'
+              Resource: '*'
+            - Effect: Allow
+              Action:
+                -  'apigateway:*'
+              Resource:  'arn:aws:apigateway:*::/*'
+
+  CFNKeys:
+    Type: AWS::IAM::AccessKey
+    Properties:
+      UserName: !Ref 'FHIRUser'
+
+
+Outputs:
+  IAMUserARN:
+    Value: !GetAtt 'FHIRUser.Arn'
+    Description: IAM User ARN
+  AccessKey:
+    Value: !Ref 'CFNKeys'
+    Description: AWSAccessKeyId of new user
+  SecretKey:
+    Value: !GetAtt [CFNKeys, SecretAccessKey]
+    Description: AWSSecretAccessKey of new user
+  MyStacksRegion:
+    Value: !Ref 'AWS::Region'
+    Description: The Deployed AWS Region

scripts/CF-IAMUser.yaml

@@ -0,0 +1,36 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "cloudwatch:*",
+          "dynamodb:*",
+          "events:*",
+          "iam:*",
+          "lambda:*",
+          "logs:*",
+          "s3:*",
+          "xray:PutTelemetryRecords",
+          "xray:PutTraceSegments",
+          "tag:GetResources",
+          "logs:*",
+          "cognito-identity:*",
+          "cognito-idp:*",
+          "cognito-sync:*",
+          "es:*",
+          "cloudformation:*",
+          "kms:*",
+          "states:*",
+          "backup:*",
+          "backup-storage:MountCapsule"
+        ],
+        "Resource": "*"
+      },
+      {
+        "Effect": "Allow",
+        "Action": ["apigateway:*"],
+        "Resource": "arn:aws:apigateway:*::/*"
+      }
+    ]
+}