Skip to content
This repository was archived by the owner on Oct 25, 2023. It is now read-only.

Commit 8a79c94

Browse files
tabdunabitabdunabi
authored
Update to version v1.0.10
Closes issues: #243 ### Added - Support for GovCloud deployment. Note: because of the absence of Amazon CloudFront in GovCloud, the deployment would need setting up a webserver outside of the deployment and copying the client app (UI) to the webserver resource for the front-end to work. ### Fixed - address AWS CodePipeline and hence deployment failure because of an incorrect option in the aws logs API call By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
2 parents e4c1062 + 6e35a85 commit 8a79c94

File tree

5 files changed

+1573
-1838
lines changed

5 files changed

+1573
-1838
lines changed

CHANGELOG.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8+
## [1.0.10] - 2023-03-06
9+
10+
### Added
11+
- Support for GovCloud deployment. Note: because of the absence of Amazon CloudFront in GovCloud, the deployment would need
12+
setting up a webserver outside of the deployment and copying the client app (UI) to the webserver resource for the front-end
13+
to work.
14+
15+
### Fixed
16+
- Bug fix - address AWS CodePipeline and hence deployment failure because of an incorrect option in the `aws logs` API call
17+
818
## [1.0.9] - 2023-02-13
919

1020
### Fixed

deployment/custom-deployment/bin/update-es-logs-and-client-stack-vars.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ replace="s/%%CLIENT_APP_BUCKET%%/$ClientAppBucketName/g"
1111
sed -i -e $replace ./lib/cdk-textract-client-stack.js
1212

1313
echo "==update Amazon Elasticsearch Cluster ($ElasticSearchCluster) with log streams to Log Groups: $ElasticSearchSearchLogGroup and $ElasticSearchIndexLogGroup"
14-
INDEX_LOG_ARN=$(aws logs describe-log-groups --region $AWS_REGION --log-group-name $ElasticSearchIndexLogGroup | jq -r '.logGroups[0].arn')
15-
SEARCH_LOG_ARN=$(aws logs describe-log-groups --region $AWS_REGION --log-group-name $ElasticSearchSearchLogGroup | jq -r '.logGroups[0].arn')
14+
INDEX_LOG_ARN=$(aws logs describe-log-groups --region $AWS_REGION --log-group-name-prefix $ElasticSearchIndexLogGroup | jq -r '.logGroups[0].arn')
15+
SEARCH_LOG_ARN=$(aws logs describe-log-groups --region $AWS_REGION --log-group-name-prefix $ElasticSearchSearchLogGroup | jq -r '.logGroups[0].arn')
1616

1717
echo "==adding permissions to ES service role first for creating log stream"
1818
aws logs put-resource-policy --region $AWS_REGION --policy-name es-to-log-stream --policy-document '{ "Version": "2012-10-17", "Statement": [ { "Sid": "ElasticSearchLogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "es.amazonaws.com" ] }, "Action":["logs:PutLogEvents", "logs:CreateLogStream", "logs:DeleteLogStream"], "Resource": "*" } ] }'

deployment/document-understanding-solution.template

Lines changed: 43 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,7 @@ Resources:
170170
Name: !Sub ${CodeCommitRepository}-CDK
171171
Description: "CDK project to deploy custom components for document understanding"
172172
ServiceRole: !Sub ${CodeBuildRole.Arn}
173-
EncryptionKey: !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3
173+
EncryptionKey: !Sub arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3
174174
Source:
175175
Type: CODEPIPELINE
176176
BuildSpec: |
@@ -362,10 +362,12 @@ Resources:
362362
- !Join [
363363
"",
364364
[
365-
"arn:aws:logs:",
365+
"arn:",
366+
!Ref "AWS::Partition",
367+
":logs:",
366368
Ref: "AWS::Region",
367369
":",
368-
Ref: "AWS::AccountId",
370+
!Ref "AWS::AccountId",
369371
":log-group:/aws/lambda/",
370372
!Ref CICDHelper,
371373
":*",
@@ -387,47 +389,47 @@ Resources:
387389
Action:
388390
- "apigateway:Delete*"
389391
Resource:
390-
- !Sub "arn:aws:apigateway:${AWS::Region}::*"
392+
- !Sub "arn:${AWS::Partition}:apigateway:${AWS::Region}::*"
391393
- Effect: "Allow"
392394
Action:
393395
- "cloudformation:DeleteStack"
394396
- "cloudformation:Describe*"
395397
- "cloudformation:Delete*"
396398
Resource:
397-
- !Sub "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:*"
399+
- !Sub "arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:*"
398400
- Effect: "Allow"
399401
Action:
400402
- "cognito-idp:AdminDeleteUser"
401403
- "cognito-idp:DeleteUser"
402404
- "cognito-idp:DeleteUserPool"
403405
- "cognito-idp:DeleteUserPoolClient"
404406
Resource:
405-
- !Sub "arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:*"
407+
- !Sub "arn:${AWS::Partition}:cognito-idp:${AWS::Region}:${AWS::AccountId}:*"
406408
- Effect: "Allow"
407409
Action:
408410
- "cognito-identity:DeleteIdentityPool"
409411
- "cognito-identity:SetIdentityPoolRoles"
410412
Resource:
411-
- !Sub "arn:aws:cognito-identity:${AWS::Region}:${AWS::AccountId}:*"
413+
- !Sub "arn:${AWS::Partition}:cognito-identity:${AWS::Region}:${AWS::AccountId}:*"
412414
- Effect: "Allow"
413415
Action:
414416
- "dynamodb:DeleteTable"
415417
- "dynamodb:Describe*"
416418
Resource:
417-
- !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:*"
419+
- !Sub "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:*"
418420
- Effect: "Allow"
419421
Action:
420422
- "es:DeleteElasticsearchDomain"
421423
- "es:DescribeElasticsearchDomain"
422424
Resource:
423-
- !Sub "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/*"
425+
- !Sub "arn:${AWS::Partition}:es:${AWS::Region}:${AWS::AccountId}:domain/*"
424426
- Effect: "Allow"
425427
Action:
426428
- "iam:Delete*"
427429
- "iam:Describe*"
428430
- "iam:DetachRolePolicy"
429431
Resource:
430-
- !Sub "arn:aws:iam::${AWS::AccountId}:*"
432+
- !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:*"
431433
- Effect: "Allow"
432434
Action:
433435
- "lambda:GetEventSourceMapping"
@@ -437,7 +439,7 @@ Resources:
437439
- "lambda:DeleteLayerVersion"
438440
- "lambda:DeleteEventSourceMapping"
439441
Resource:
440-
- !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:*"
442+
- !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:*"
441443
- Effect: "Allow"
442444
Action:
443445
- "lambda:GetEventSourceMapping"
@@ -449,19 +451,19 @@ Resources:
449451
- "sns:GetTopicAttributes"
450452
- "sns:Unsubscribe"
451453
Resource:
452-
- !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:*"
454+
- !Sub "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:*"
453455
- Effect: "Allow"
454456
Action:
455457
- "sqs:SetQueueAttributes"
456458
- "sqs:DeleteQueue"
457459
Resource:
458-
- !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:*"
460+
- !Sub "arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:*"
459461
- Effect: "Allow"
460462
Action:
461463
- "s3:DeleteBucketPolicy"
462464
- "s3:DeleteBucket"
463465
Resource:
464-
- !Sub "arn:aws:s3:::*"
466+
- !Sub "arn:${AWS::Partition}:s3:::*"
465467
- Effect: "Allow"
466468
Action:
467469
- "cloudfront:Get*"
@@ -477,7 +479,9 @@ Resources:
477479
- !Join [
478480
"",
479481
[
480-
"arn:aws:s3:::",
482+
"arn:",
483+
!Ref "AWS::Partition",
484+
":s3:::",
481485
!FindInMap ["SourceCode", "Source", "S3Bucket"],
482486
"-",
483487
!Ref "AWS::Region",
@@ -510,7 +514,7 @@ Resources:
510514
"Statement": [
511515
{
512516
"Action": [ "s3:GetBucketVersioning" ],
513-
"Resource": [ "arn:aws:s3:::${ArtifactS3Bucket}" ],
517+
"Resource": [ "arn:${AWS::Partition}:s3:::${ArtifactS3Bucket}" ],
514518
"Effect": "Allow"
515519
},
516520
{
@@ -520,7 +524,7 @@ Resources:
520524
"S3:GetObjectVersion"
521525
],
522526
"Resource": [
523-
"arn:aws:s3:::${ArtifactS3Bucket}/*"
527+
"arn:${AWS::Partition}:s3:::${ArtifactS3Bucket}/*"
524528
],
525529
"Effect": "Allow"
526530
},
@@ -532,7 +536,7 @@ Resources:
532536
"codecommit:List*",
533537
"codecommit:GitPull"
534538
],
535-
"Resource": "arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:${CodeCommitRepository}",
539+
"Resource": "arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${CodeCommitRepository}",
536540
"Effect": "Allow"
537541
},
538542
{
@@ -541,7 +545,7 @@ Resources:
541545
"codebuild:StartBuild"
542546
],
543547
"Resource": [
544-
"arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${CodeBuildCDK}"
548+
"arn:${AWS::Partition}:codebuild:${AWS::Region}:${AWS::AccountId}:project/${CodeBuildCDK}"
545549
],
546550
"Effect": "Allow"
547551
}
@@ -571,7 +575,7 @@ Resources:
571575
"Statement": [
572576
{
573577
"Effect": "Allow",
574-
"Resource": [ "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ],
578+
"Resource": [ "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*" ],
575579
"Action": [
576580
"logs:CreateLogGroup",
577581
"logs:CreateLogStream",
@@ -585,7 +589,7 @@ Resources:
585589
{
586590
"Effect": "Allow",
587591
"Resource": [
588-
"arn:aws:s3:::*"
592+
"arn:${AWS::Partition}:s3:::*"
589593
],
590594
"Action": [
591595
"s3:DeleteBucket",
@@ -623,7 +627,7 @@ Resources:
623627
},
624628
{
625629
"Effect": "Allow",
626-
"Resource": "arn:aws:apigateway:${AWS::Region}::*",
630+
"Resource": "arn:${AWS::Partition}:apigateway:${AWS::Region}::*",
627631
"Action": [
628632
"apigateway:Post",
629633
"apigateway:Get*",
@@ -645,7 +649,7 @@ Resources:
645649
},
646650
{
647651
"Effect": "Allow",
648-
"Resource": "arn:aws:cloudfront::${AWS::AccountId}:distribution/*",
652+
"Resource": "arn:${AWS::Partition}:cloudfront::${AWS::AccountId}:distribution/*",
649653
"Action": [
650654
"cloudfront:CreateDistribution",
651655
"cloudfront:DeleteDistribution",
@@ -656,7 +660,7 @@ Resources:
656660
},
657661
{
658662
"Effect": "Allow",
659-
"Resource": "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:*",
663+
"Resource": "arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:*",
660664
"Action": [
661665
"cloudformation:GetTemplate",
662666
"cloudformation:DescribeStacks",
@@ -691,7 +695,7 @@ Resources:
691695
},
692696
{
693697
"Effect": "Allow",
694-
"Resource": "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:*",
698+
"Resource": "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:*",
695699
"Action": [
696700
"dynamodb:CreateTable",
697701
"dynamodb:DeleteTable",
@@ -741,7 +745,7 @@ Resources:
741745
},
742746
{
743747
"Effect": "Allow",
744-
"Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/*",
748+
"Resource": "arn:${AWS::Partition}:es:${AWS::Region}:${AWS::AccountId}:domain/*",
745749
"Action": [
746750
"es:Describe*",
747751
"es:CreateElasticsearchDomain",
@@ -754,7 +758,7 @@ Resources:
754758
},
755759
{
756760
"Effect": "Allow",
757-
"Resource": "arn:aws:iam::${AWS::AccountId}:*",
761+
"Resource": "arn:${AWS::Partition}:iam::${AWS::AccountId}:*",
758762
"Action": [
759763
"iam:PassRole",
760764
"iam:CreateRole",
@@ -808,7 +812,7 @@ Resources:
808812
},
809813
{
810814
"Effect": "Allow",
811-
"Resource": "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:*",
815+
"Resource": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:*",
812816
"Action": [
813817
"sns:AddPermission",
814818
"sns:CreateTopic",
@@ -834,7 +838,7 @@ Resources:
834838
"sqs:ListQueues",
835839
"sqs:SetQueueAttributes"
836840
],
837-
"Resource": "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:*",
841+
"Resource": "arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:*",
838842
"Effect": "Allow"
839843
},
840844
{
@@ -847,7 +851,7 @@ Resources:
847851
"states:TagResource",
848852
"states:UntagResource"
849853
],
850-
"Resource": "arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:*",
854+
"Resource": "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:*",
851855
"Effect": "Allow"
852856
}
853857
]
@@ -875,7 +879,9 @@ Resources:
875879
!Join [
876880
"",
877881
[
878-
"arn:aws:codepipeline:",
882+
"arn:",
883+
!Ref "AWS::Partition",
884+
":codepipeline:",
879885
!Ref "AWS::Region",
880886
":",
881887
!Ref "AWS::AccountId",
@@ -898,7 +904,9 @@ Resources:
898904
- !Join [
899905
"",
900906
[
901-
"arn:aws:codecommit:",
907+
"arn:",
908+
!Ref "AWS::Partition",
909+
":codecommit:",
902910
!Ref "AWS::Region",
903911
":",
904912
!Ref "AWS::AccountId",
@@ -919,7 +927,9 @@ Resources:
919927
!Join [
920928
"",
921929
[
922-
"arn:aws:codepipeline:",
930+
"arn:",
931+
!Ref "AWS::Partition",
932+
":codepipeline:",
923933
!Ref "AWS::Region",
924934
":",
925935
!Ref "AWS::AccountId",

source/lambda/pdfgenerator/searchable-pdf-1.0.jar

-3.25 KB
Binary file not shown.

0 commit comments

Comments
 (0)