Remove S3 deployment resources for Beta

PRX · Jan 16, 2025 · fc0480d · fc0480d
1 parent d2dc466
commit fc0480d
Show file tree

Hide file tree

Showing 5 changed files with 2 additions and 206 deletions.
diff --git a/spire/templates/apps-200A.yml b/spire/templates/apps-200A.yml
@@ -48,7 +48,6 @@ Parameters:
   S3SigningEndpointUrl: { Type: String }
   S3SigningAccessKeyId: { Type: String }
   DeploymentPackageBucketName: { Type: String }
-  S3StaticSiteDeployServiceToken: { Type: String }
   AuguryHostname: { Type: String }
   BetaHostname: { Type: String }
   CastleHostname: { Type: String }
@@ -107,14 +106,11 @@ Resources:
     Properties:
       Parameters:
         NestedChangeSetScrubbingResourcesState: !Ref NestedChangeSetScrubbingResourcesState
-        S3StaticSiteDeployServiceToken: !Ref S3StaticSiteDeployServiceToken
         RootStackName: !Ref RootStackName
         RootStackId: !Ref RootStackId
         CodeS3Bucket: !Ref DeploymentPackageBucketName
-        StaticSiteArchiveS3ObjectKey: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Beta/pkg/s3-object-key
         EnvironmentType: !Ref EnvironmentType
         EnvironmentTypeAbbreviation: !Ref EnvironmentTypeAbbreviation
-        StaticSiteCloudFrontOai: !Sub /prx/${EnvironmentTypeAbbreviation}/Spire/Beta/cloudfront-oai
         FeederHostname: !Ref FeederHostname
         ExchangeHostname: !Ref ExchangeHostname
         PlayHostname: !Ref PlayHostname
@@ -425,9 +421,6 @@ Resources:
       TimeoutInMinutes: 20
 
 Outputs:
-  BetaDeployBucketRegionalDomainName:
-    Value: !GetAtt BetaStack.Outputs.DeployBucketRegionalDomainName
-
   CastleTargetGroupFullName:
     Value: !GetAtt CastleStack.Outputs.TargetGroupFullName
   CastlePostgresInstanceId:

diff --git a/spire/templates/apps/beta.yml b/spire/templates/apps/beta.yml
@@ -1,4 +1,5 @@
 # stacks/apps/beta.yml
+# 200A
 AWSTemplateFormatVersion: "2010-09-09"
 Transform: AWS::Serverless-2016-10-31
 
@@ -8,14 +9,11 @@ Description: >-
 
 Parameters:
   NestedChangeSetScrubbingResourcesState: { Type: String }
-  S3StaticSiteDeployServiceToken: { Type: String }
   RootStackName: { Type: String }
   RootStackId: { Type: String }
   CodeS3Bucket: { Type: String }
-  StaticSiteArchiveS3ObjectKey: { Type: AWS::SSM::Parameter::Value<String> }
   EnvironmentType: { Type: String }
   EnvironmentTypeAbbreviation: { Type: String }
-  StaticSiteCloudFrontOai: { Type: AWS::SSM::Parameter::Value<String> }
   FeederHostname: { Type: String }
   ExchangeHostname: { Type: String }
   PlayHostname: { Type: String }
@@ -28,47 +26,6 @@ Conditions:
 Resources:
   NestedChangeSetScrubber: { Type: AWS::SNS::Topic, Condition: EnableNestedChangeSetScrubbingResources }
 
-  S3StaticDeployService:
-    Type: Custom::S3StaticDeploy
-    Properties:
-      ServiceToken: !Ref S3StaticSiteDeployServiceToken
-      Region: !Ref AWS::Region
-      StaticSiteArchiveS3Bucket: !Ref CodeS3Bucket
-      StaticSiteArchiveS3Object: !Ref StaticSiteArchiveS3ObjectKey
-      StaticSiteS3DeployBucket: !Ref BetaBucket
-
-  BetaBucket:
-    Type: AWS::S3::Bucket
-    DeletionPolicy: Retain
-    UpdateReplacePolicy: Retain
-    Properties:
-      PublicAccessBlockConfiguration:
-        BlockPublicAcls: true
-        BlockPublicPolicy: true
-        IgnorePublicAcls: true
-        RestrictPublicBuckets: true
-      Tags:
-        - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
-        - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
-        - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
-        - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
-        - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
-        - { Key: prx:ops:environment, Value: !Ref EnvironmentType }
-        - { Key: prx:dev:application, Value: Beta }
-  BucketPolicy:
-    Type: AWS::S3::BucketPolicy
-    Properties:
-      Bucket: !Ref BetaBucket
-      PolicyDocument:
-        Version: "2012-10-17"
-        Statement:
-          - Action: s3:GetObject
-            Effect: Allow
-            Principal:
-              AWS: !Ref StaticSiteCloudFrontOai
-            Resource: !Sub arn:${AWS::Partition}:s3:::${BetaBucket}/*
-            Sid: Grant read access to a CloudFront Origin Identity
-
   RedirectFunction:
     Type: AWS::Serverless::Function
     Properties:
@@ -137,7 +94,3 @@ Resources:
         - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
         - { Key: prx:ops:environment, Value: !Ref EnvironmentType }
         - { Key: prx:dev:application, Value: Beta }
-
-Outputs:
-  DeployBucketRegionalDomainName:
-    Value: !GetAtt BetaBucket.RegionalDomainName
diff --git a/spire/templates/custom-resources.yml b/spire/templates/custom-resources.yml
@@ -117,148 +117,6 @@ Resources:
         - { Key: prx:dev:application, Value: Infrastructure }
       Threshold: 0
       TreatMissingData: notBreaching
-  S3StaticSiteDeployFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      Architectures: [arm64]
-      Description: Deploys the contents of a zip archive to an S3 bucket
-      Handler: index.lambda_handler
-      InlineCode: |
-        import cfnresponse
-        import boto3
-        from botocore.client import Config
-        import io
-        import zipfile
-        import os
-        import traceback
-        import mimetypes
-        import re
-
-        s3 = boto3.client("s3", config=Config(signature_version="s3v4"))
-
-        mimetypes.init()
-        mimetypes.add_type("application/json", "json")
-        mimetypes.add_type("application/ttf", "ttf")
-        mimetypes.add_type("application/eot", "eot")
-        mimetypes.add_type("application/otf", "otf")
-        mimetypes.add_type("application/woff", "woff")
-
-
-        def lambda_handler(event, context):
-            try:
-                print(event)
-
-                if event["RequestType"] == "Create" or event["RequestType"] == "Update":
-                    props = event["ResourceProperties"]
-
-                    # The location of the built static site archive file in S3
-                    bucket = props["StaticSiteArchiveS3Bucket"]
-                    key = props["StaticSiteArchiveS3Object"]
-
-                    # Get the archive object
-                    s3_obj = s3.get_object(Bucket=bucket, Key=key)
-
-                    unzip_dir = f"/tmp/unzip-{event['RequestId']}"
-
-                    # Unzip the archive, to disk
-                    with zipfile.ZipFile(io.BytesIO(s3_obj["Body"].read()), "r") as zip:
-                        zip.extractall(unzip_dir)
-
-                    # The bucket to deploy the static to
-                    deploy_bucket = props["StaticSiteS3DeployBucket"]
-
-                    # Upload everything from the unzipped archive
-                    for root, dirs, files in os.walk(unzip_dir):
-                        for filename in files:
-
-                            local_path = os.path.join(root, filename)
-                            s3_key = os.path.relpath(local_path, unzip_dir)
-
-                            print(f"Uploading {s3_key} to {deploy_bucket}")
-                            mime_type = (
-                                mimetypes.guess_type(filename)[0] or "application/octet-stream"
-                            )
-                            extras = {"ContentType": mime_type}
-                            if re.search(r"\.html$", filename):
-                                extras["CacheControl"] = "max-age=300"
-                            s3.upload_file(local_path, deploy_bucket, s3_key, ExtraArgs=extras)
-
-                cfnresponse.send(event, context, cfnresponse.SUCCESS, {})
-
-            except Exception as e:
-                print("Function failed due to exception.")
-                print(e)
-                traceback.print_exc()
-                cfnresponse.send(event, context, cfnresponse.FAILED, {})
-      MemorySize: 256
-      Policies:
-        - Version: "2012-10-17"
-          Statement:
-            - Action: s3:PutObject
-              Effect: Allow
-              Resource: "*"
-            - Action:
-                - s3:GetObject
-                - s3:GetObjectVersion
-              Effect: Allow
-              Resource:
-                - !Join ["", ["arn:aws:s3:::", "Fn::ImportValue": !Sub "${StorageStackName}-InfrastructureApplicationCodeBucket", "/*"]]
-      Runtime: python3.8
-      Tags:
-        prx:meta:tagging-version: "2021-04-07"
-        prx:cloudformation:stack-name: !Ref AWS::StackName
-        prx:cloudformation:stack-id: !Ref AWS::StackId
-        prx:cloudformation:root-stack-name: !Ref RootStackName
-        prx:cloudformation:root-stack-id: !Ref RootStackId
-        prx:ops:environment: !Ref EnvironmentType
-        prx:dev:application: Infrastructure
-      Timeout: 60
-  S3StaticSiteDeployFunctionLogGroup:
-    Type: AWS::Logs::LogGroup
-    DeletionPolicy: Delete
-    UpdateReplacePolicy: Delete
-    Properties:
-      LogGroupName: !Sub /aws/lambda/${S3StaticSiteDeployFunction}
-      RetentionInDays: 14
-      Tags:
-        - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
-        - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
-        - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
-        - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
-        - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
-        - { Key: prx:ops:environment, Value: !Ref EnvironmentType }
-        - { Key: prx:dev:application, Value: Infrastructure }
-  S3StaticSiteDeployFunctionErrorAlarm:
-    Type: AWS::CloudWatch::Alarm
-    Properties:
-      AlarmName: !Sub ERROR [Infrastructure] S3 Deploy <${EnvironmentTypeAbbreviation}> FUNCTION ERRORS (${RootStackName})
-      AlarmDescription: !Sub |-
-        ${EnvironmentType} stack custom resource function for static S3
-        website deployment is failing. This could mean that a stack update is
-        stalled, waiting for an HTTP callback from the function.
-
-        Be careful rolling back the stack; if the function fails again during
-        rollback it may become even more stuck. Making the callback request
-        manually may be possible, by looking at the function logs.
-      ComparisonOperator: GreaterThanThreshold
-      Dimensions:
-        - Name: FunctionName
-          Value: !Ref S3StaticSiteDeployFunction
-      EvaluationPeriods: 1
-      MetricName: Errors
-      Namespace: AWS/Lambda
-      Period: 60
-      Statistic: Sum
-      Tags:
-        - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
-        - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
-        - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
-        - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
-        - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
-        - { Key: prx:ops:environment, Value: !Ref EnvironmentType }
-        - { Key: prx:dev:application, Value: Infrastructure }
-      Threshold: 0
-      TreatMissingData: notBreaching
 
   AvailabilityZoneSelectorFunction:
     Type: AWS::Serverless::Function
@@ -839,9 +697,6 @@ Outputs:
   AmazonSesSmtpCredentialsGeneratorServiceToken:
     Description: Service token for the SES SMTP credentials generator
     Value: !GetAtt AmazonSesSmtpCredentialsGeneratorFunction.Arn
-  S3StaticSiteDeployServiceToken:
-    Description: Service token for the S3 static site deployer
-    Value: !GetAtt S3StaticSiteDeployFunction.Arn
   AvailabilityZoneSelectorServiceToken:
     Description: Service token for the availability zone selector
     Value: !GetAtt AvailabilityZoneSelectorFunction.Arn

diff --git a/spire/templates/dashboards.yml b/spire/templates/dashboards.yml
@@ -38,8 +38,6 @@ Parameters:
   AuguryTargetGroupFullName: { Type: String }
   WfmtTargetGroupFullName: { Type: String }
 
-  BetaDeployBucketRegionalDomainName: { Type: String }
-
   CastlePostgresInstanceId: { Type: String }
   CastleTargetGroupFullName: { Type: String }
 
@@ -115,7 +113,7 @@ Resources:
                     "width": 18,
                     "height": 9,
                     "properties": {
-                        "markdown": "\n# Details\n\n- Environment: **${EnvironmentType}**\n- Root stack: **[${RootStackName}](https://${AWS::Region}.console.aws.amazon.com/cloudformation/home?region=${AWS::Region}#/stacks/stackinfo?stackId=${RootStackId})**\n- Infrastructure repository Git commit: **[${InfrastructureGitCommit}](https://github.com/PRX/Infrastructure/commit/${InfrastructureGitCommit})**\n- Shared VPC ID: **[${SharedVpcId}](https://console.aws.amazon.com/vpcconsole/home?region=${AWS::Region}#VpcDetails:VpcId=${SharedVpcId})**\n- Shared VPC CIDR block: **${SharedVpcCidrBlock}**\n- Shared ALB: **[${SharedAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${SharedAlbArn};tab=listeners)**\n- Dovetail ALB: **[${DovetailAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${DovetailAlbArn};tab=listeners)**\n- Exchange FTP NLB: **[${ExchangeFtpServerNlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${ExchangeFtpServerNlbArn};tab=listeners)**\n- Exchange FTP public IP: **[${ExchangeFtpServerPublicIp}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#ElasticIpDetails:AllocationId=${ExchangeFtpServerPublicIpAllocationId})**\n---\n- Beta bucket: **${BetaDeployBucketRegionalDomainName}**\n---\n- Proxy API: **[${ProxyApiDefaultEndpoint}](${ProxyApiDefaultEndpoint})**"
+                        "markdown": "\n# Details\n\n- Environment: **${EnvironmentType}**\n- Root stack: **[${RootStackName}](https://${AWS::Region}.console.aws.amazon.com/cloudformation/home?region=${AWS::Region}#/stacks/stackinfo?stackId=${RootStackId})**\n- Infrastructure repository Git commit: **[${InfrastructureGitCommit}](https://github.com/PRX/Infrastructure/commit/${InfrastructureGitCommit})**\n- Shared VPC ID: **[${SharedVpcId}](https://console.aws.amazon.com/vpcconsole/home?region=${AWS::Region}#VpcDetails:VpcId=${SharedVpcId})**\n- Shared VPC CIDR block: **${SharedVpcCidrBlock}**\n- Shared ALB: **[${SharedAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${SharedAlbArn};tab=listeners)**\n- Dovetail ALB: **[${DovetailAlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${DovetailAlbArn};tab=listeners)**\n- Exchange FTP NLB: **[${ExchangeFtpServerNlbName}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#LoadBalancer:loadBalancerArn=${ExchangeFtpServerNlbArn};tab=listeners)**\n- Exchange FTP public IP: **[${ExchangeFtpServerPublicIp}](https://${AWS::Region}.console.aws.amazon.com/ec2/home?region=${AWS::Region}#ElasticIpDetails:AllocationId=${ExchangeFtpServerPublicIpAllocationId})**\n---\n- Proxy API: **[${ProxyApiDefaultEndpoint}](${ProxyApiDefaultEndpoint})**"
                     }
                 },
                 {

diff --git a/spire/templates/root.yml b/spire/templates/root.yml
@@ -782,7 +782,6 @@ Resources:
         S3SigningUserName: !GetAtt Apps100AStack.Outputs.S3SigningUserName
         S3SigningEndpointUrl: !GetAtt Apps100AStack.Outputs.S3SigningEndpointUrl
         S3SigningAccessKeyId: !GetAtt Apps100AStack.Outputs.S3SigningAccessKeyId
-        S3StaticSiteDeployServiceToken: !GetAtt CustomResourcesStack.Outputs.S3StaticSiteDeployServiceToken
         DeploymentPackageBucketName: !GetAtt Constants2.Outputs.DeploymentPackageBucketName
         AuguryHostname: !GetAtt Constants2.Outputs.AuguryHostname
         BetaHostname: !GetAtt Constants2.Outputs.BetaHostname
@@ -1056,8 +1055,6 @@ Resources:
 
         WfmtTargetGroupFullName: !GetAtt Apps400AStack.Outputs.WfmtTargetGroupFullName
 
-        BetaDeployBucketRegionalDomainName: !GetAtt Apps200AStack.Outputs.BetaDeployBucketRegionalDomainName
-
         CastlePostgresInstanceId: !GetAtt Apps200AStack.Outputs.CastlePostgresInstanceId
         CastleTargetGroupFullName: !GetAtt Apps200AStack.Outputs.CastleTargetGroupFullName