-
Notifications
You must be signed in to change notification settings - Fork 358
/
deploy.yml
174 lines (172 loc) · 6.08 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
AWSTemplateFormatVersion: "2010-09-09"
Description: A template to deploy the Bedrock-Claude Chat application with customizable parameters.
Parameters:
AllowSelfRegister:
Type: String
Default: "true"
EnableLambdaSnapStart:
Type: String
Default: "false"
Ipv4Ranges:
Type: String
Default: '["0.0.0.0/1","128.0.0.0/1"]' # Set default values based on current config
Ipv6Ranges:
Type: String
Default: '["0000:0000:0000:0000:0000:0000:0000:0000/1","8000:0000:0000:0000:0000:0000:0000:0000/1"]' # Set default values based on current config
DisableIpv6:
Type: String
Default: "false"
AllowedSignUpEmailDomains:
Type: String
Default: "[]"
BedrockRegion:
Type: String
Default: "us-east-1"
Version:
Type: String
Default: "v2"
Resources:
ProjectRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Version: "2012-10-17"
ManagedPolicyArns:
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- :iam::aws:policy/AdministratorAccess
ProjectRoleDefaultPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource:
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- ":logs:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- :log-group:/aws/codebuild/
- Ref: Project
- :*
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- ":logs:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- :log-group:/aws/codebuild/
- Ref: Project
- Action:
- codebuild:BatchPutCodeCoverages
- codebuild:BatchPutTestCases
- codebuild:CreateReport
- codebuild:CreateReportGroup
- codebuild:UpdateReport
Effect: Allow
Resource:
Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- ":codebuild:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- :report-group/
- Ref: Project
- -*
Version: "2012-10-17"
PolicyName: ProjectRoleDefaultPolicy
Roles:
- Ref: ProjectRole
Project:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: NO_ARTIFACTS
Cache:
Type: NO_CACHE
EncryptionKey: alias/aws/s3
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/standard:7.0
ImagePullCredentialsType: CODEBUILD
PrivilegedMode: true
Type: LINUX_CONTAINER
EnvironmentVariables:
- Name: ALLOW_SELF_REGISTER
Value: !Ref AllowSelfRegister
- Name: ENABLE_LAMBDA_SNAPSTART
Value: !Ref EnableLambdaSnapStart
- Name: IPV4_RANGES
Value: !Ref Ipv4Ranges
- Name: IPV6_RANGES
Value: !Ref Ipv6Ranges
- Name: DISABLE_IPV6
Value: !Ref DisableIpv6
- Name: ALLOWED_SIGN_UP_EMAIL_DOMAINS
Value: !Ref AllowedSignUpEmailDomains
- Name: BEDROCK_REGION
Value: !Ref BedrockRegion
- Name: VERSION
Value: !Ref Version
ServiceRole:
Fn::GetAtt:
- ProjectRole
- Arn
Source:
BuildSpec: |-
{
"version": 0.2,
"phases": {
"install": {
"runtime-versions": {
"nodejs": "18"
},
"commands": [
"npm i -g aws-cdk"
],
"on-failure": "ABORT"
},
"build": {
"commands": [
"echo 'Build phase...'",
"git clone --branch $VERSION https://github.com/aws-samples/bedrock-claude-chat.git",
"cd bedrock-claude-chat",
"if [ \"$ALLOW_SELF_REGISTER\" = \"false\" ]; then sed -i 's/\"selfSignUpEnabled\": true/\"selfSignUpEnabled\": false/' cdk/cdk.json; fi",
"if [ \"$ENABLE_LAMBDA_SNAPSTART\" = \"false\" ]; then sed -i 's/\"enableLambdaSnapStart\": true/\"enableLambdaSnapStart\": false/' cdk/cdk.json; fi",
"if [ ! -z \"$IPV4_RANGES\" ]; then jq --arg ipv4 \"$IPV4_RANGES\" '.context.allowedIpV4AddressRanges = ($ipv4 | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
"if [ \"$DISABLE_IPV6\" = \"true\" ]; then jq '.context.allowedIpV6AddressRanges = []' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; elif [ ! -z \"$IPV6_RANGES\" ]; then jq --arg ipv6 \"$IPV6_RANGES\" '.context.allowedIpV6AddressRanges = ($ipv6 | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
"if [ ! -z \"$ALLOWED_SIGN_UP_EMAIL_DOMAINS\" ]; then jq --arg domains \"$ALLOWED_SIGN_UP_EMAIL_DOMAINS\" '.context.allowedSignUpEmailDomains = ($domains | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
"sed -i \"s/\\\"bedrockRegion\\\": \\\"[^\\\"]*\\\"/\\\"bedrockRegion\\\": \\\"${BEDROCK_REGION}\\\"/\" cdk/cdk.json",
"cd cdk",
"npm ci",
"cdk bootstrap",
"cdk deploy --require-approval never --all"
]
}
}
}
Type: NO_SOURCE
Outputs:
ProjectName:
Value:
Ref: Project