Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PYIC-7888 Fix template overrides #2853

Merged
merged 1 commit into from
Jan 8, 2025
Merged

PYIC-7888 Fix template overrides #2853

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
231 changes: 220 additions & 11 deletions deploy/template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,6 @@ Globals:
Environment:
Variables:
ENVIRONMENT: !Sub "${Environment}"
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
DT_CONNECTION_AUTH_TOKEN: !If
- UseDynatrace
- !Sub
Expand Down Expand Up @@ -67,13 +63,6 @@ Globals:
- UsePermissionsBoundary
- !Ref PermissionsBoundary
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
DeploymentPreference:
Type: !Ref LambdaDeploymentPreference
Role: !GetAtt CodeDeployServiceRole.Arn
Expand Down Expand Up @@ -673,6 +662,17 @@ Resources:
CLIENT_AUTH_JWT_IDS_TABLE_NAME: !Ref ClientAuthJwtIdsTable
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -849,6 +849,17 @@ Resources:
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -955,6 +966,17 @@ Resources:
CRI_OAUTH_SESSIONS_TABLE_NAME: !Ref CriOAuthSessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1054,6 +1076,17 @@ Resources:
CRI_OAUTH_SESSIONS_TABLE_NAME: !Ref CriOAuthSessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1171,6 +1204,17 @@ Resources:
CRI_OAUTH_SESSIONS_TABLE_NAME: !Ref CriOAuthSessionsTable
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1259,6 +1303,17 @@ Resources:
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1359,6 +1414,17 @@ Resources:
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1449,6 +1515,17 @@ Resources:
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1677,6 +1754,17 @@ Resources:
CRI_OAUTH_SESSIONS_TABLE_NAME: !Ref CriOAuthSessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1758,6 +1846,17 @@ Resources:
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1845,6 +1944,17 @@ Resources:
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -1938,6 +2048,17 @@ Resources:
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2027,6 +2148,17 @@ Resources:
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
POWERTOOLS_SERVICE_NAME: !Sub process-async-cri-credential-${Environment}
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2147,6 +2279,17 @@ Resources:
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2217,6 +2360,17 @@ Resources:
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2304,6 +2458,17 @@ Resources:
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2378,6 +2543,17 @@ Resources:
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2457,6 +2633,17 @@ Resources:
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2538,6 +2725,17 @@ Resources:
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
SQS_AUDIT_EVENT_QUEUE_URL: !ImportValue AuditEventQueueUrl
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down Expand Up @@ -2617,6 +2815,17 @@ Resources:
POWERTOOLS_SERVICE_NAME: !Sub check-reverification-identity-${Environment}
IPV_SESSIONS_TABLE_NAME: !Ref SessionsTable
CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
AWS_LAMBDA_EXEC_WRAPPER: !If
- UseDynatrace
- /opt/dynatrace
- !Ref AWS::NoValue
Layers:
- !If
- UseDynatrace
- !Sub
- '{{resolve:secretsmanager:${SecretArn}:SecretString:JAVA_LAYER}}' # pragma: allowlist secret or NODEJS_LAYER or PYTHON_LAYER
- SecretArn: !FindInMap [ EnvironmentConfiguration, !Ref AWS::AccountId, dynatraceSecretArn ]
- !Ref AWS::NoValue
VpcConfig:
SubnetIds:
- Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
Expand Down
Loading