Improve sample templates and documentation

This commit includes several improvements and updates to the ADF sample
templates and documentation:

- Update README files with additional details, prerequisites, and deployment
  instructions for various samples.
- Upgrade the sample-fargate-node-app to use a public container registry
  (public.ecr.aws) instead.
- Refactor the sample-ec2-with-codedeploy sample to use AWS Launch Templates,
  a newer and recommended approach instead of Launch Configurations.
- Update sample-ec2-with-codedeploy scripts to install newer versions of Amazon
  Linux 2023, Java, and other dependencies. Also fixed the scripts to be
  compatible to the recommended IMDSv2 authenticated APIs.
- Miscellaneous improvements and bug fixes across various sample templates.

These changes aim to improve the overall quality, maintainability, and
usability of the ADF sample templates, while also providing better
documentation and aligning with the latest AWS best practices.

samples/sample-cdk-app/README.md

@@ -1,6 +1,6 @@
 # Sample CDK Application to showcase ADF Pipelines
 
-This pipeline is expecting *(in the example case)* a AWS CodeCommit repository
+This pipeline is expecting *(in the example case)* an AWS CodeCommit repository
 on the account `111111111111` in your main deployment region named
 *sample-cdk-application*.
 

samples/sample-cdk-bootstrap/README.md

@@ -0,0 +1,23 @@
+# Sample CDK Bootstrap pipeline
+
+This pipeline is expecting *(in the example case)* an AWS CodeCommit repository
+on the account `111111111111` in your main deployment region named
+*sample-cdk-bootstrap*.
+
+## Deployment Map example
+
+```yaml
+  - name: sample-cdk-bootstrap
+    default_providers:
+      source:
+        provider: codecommit
+        properties:
+          account_id: 111111111111
+      build:
+        provider: codebuild
+        properties:
+          image: "STANDARD_7_0"
+    targets:
+      - /banking/testing
+      - /banking/production
+```

samples/sample-cdk-bootstrap/buildspec.yml

@@ -0,0 +1,22 @@
+# Copyright Amazon.com Inc. or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.12
+      nodejs: 20
+    commands:
+      - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet
+      - pip install -r adf-build/requirements.txt -q
+      - python adf-build/generate_params.py
+
+  build:
+    commands:
+      - npm install aws-cdk -g
+      - cdk bootstrap --show-template > template.yml
+
+artifacts:
+  files: '**/*'

samples/sample-cdk-bootstrap/params/global.yml

@@ -0,0 +1,62 @@
+# Copyright Amazon.com Inc. or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Parameters of the CDK Bootstrap stack:
+#  TrustedAccounts:
+#     Description: List of AWS accounts that are trusted to publish assets and deploy stacks to this environment
+#     Default: ""
+#     Type: CommaDelimitedList
+#   TrustedAccountsForLookup:
+#     Description: List of AWS accounts that are trusted to look up values in this environment
+#     Default: ""
+#     Type: CommaDelimitedList
+#   CloudFormationExecutionPolicies:
+#     Description: List of the ManagedPolicy ARN(s) to attach to the CloudFormation deployment role
+#     Default: ""
+#     Type: CommaDelimitedList
+#   FileAssetsBucketName:
+#     Description: The name of the S3 bucket used for file assets
+#     Default: ""
+#     Type: String
+#   FileAssetsBucketKmsKeyId:
+#     Description: Empty to create a new key (default), 'AWS_MANAGED_KEY' to use a managed S3 key, or the ID/ARN of an existing key.
+#     Default: ""
+#     Type: String
+#   ContainerAssetsRepositoryName:
+#     Description: A user-provided custom name to use for the container assets ECR repository
+#     Default: ""
+#     Type: String
+#   Qualifier:
+#     Description: An identifier to distinguish multiple bootstrap stacks in the same environment
+#     Default: hnb659fds
+#     Type: String
+#     AllowedPattern: "[A-Za-z0-9_-]{1,10}"
+#     ConstraintDescription: Qualifier must be an alphanumeric identifier of at most 10 characters
+#   PublicAccessBlockConfiguration:
+#     Description: Whether or not to enable S3 Staging Bucket Public Access Block Configuration
+#     Default: "true"
+#     Type: String
+#     AllowedValues:
+#       - "true"
+#       - "false"
+#   InputPermissionsBoundary:
+#     Description: Whether or not to use either the CDK supplied or custom permissions boundary
+#     Default: ""
+#     Type: String
+#   UseExamplePermissionsBoundary:
+#     Default: "false"
+#     AllowedValues:
+#       - "true"
+#       - "false"
+#     Type: String
+#   BootstrapVariant:
+#     Type: String
+#     Default: "AWS CDK: Default Resources"
+
+Parameters:
+  TrustedAccounts: 'resolve:/adf/deployment_account_id'
+  TrustedAccountsForLookup: 'resolve:/adf/deployment_account_id'
+
+Tags:
+  Repository: sample-codebuild-vpc-repo
+  App: Sample CodeBuild VPC application

samples/sample-ec2-java-app-codedeploy/pom.xml

@@ -1,11 +1,11 @@
-<!-- Copyright Amazon.com Inc. or its affiliates. -->
-<!-- SPDX-License-Identifier: Apache-2.0 -->
-
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
+    <!-- Copyright Amazon.com Inc. or its affiliates. -->
+    <!-- SPDX-License-Identifier: Apache-2.0 -->
+
     <groupId>org.springframework</groupId>
     <artifactId>gs-spring-boot</artifactId>
     <version>0.1.0</version>

samples/sample-ec2-with-codedeploy/README.md

@@ -5,10 +5,6 @@ is aimed at showcasing how to deploy a basic Spring Boot application with
 [AWS CodeDeploy](https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html)
 via ADF.
 
-This stack assumes an Amazon EC2
-[Key Pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html)
-has been created in the target accounts.
-
 This stack is a generic stack for applications that run on Amazon EC2.
 This stack could be extended and used as a base for all line of business type
 applications that run Amazon EC2.

samples/sample-ec2-with-codedeploy/params/global.yml

@@ -6,8 +6,7 @@ Parameters:
   ApplicationName: "sample"
   InstanceMaxSize: "3"
   InstanceMinSize: "1"
-  ImageId: "resolve:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
+  ImageId: "resolve:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64"
   InstanceType: "t3.micro"
   CodeDeployAgentInstallScript: "upload:path:scripts/install-codedeploy.sh"
   JavaInstallScript: "upload:path:scripts/install-deps.sh"
-  KeyPair: "some_key_pair"

samples/sample-ec2-with-codedeploy/scripts/install-codedeploy.sh

@@ -7,10 +7,11 @@ set -xe
 
 ## Code Deploy Agent Bootstrap Script ##
 
-exec > >(tee /var/log/user-data.log | logger -t user-data -s 2> /dev/console) 2>&1
+exec > >(sudo tee /var/log/user-data.log | logger -t user-data -s 2> /dev/console) 2>&1
 AUTOUPDATE=false
 
 function installdep() {
+  echo "Installing dependencies..."
   if [ ${PLAT} = "ubuntu" ]; then
     apt-get -y update
     # Satisfying even Ubuntu older versions.
@@ -19,6 +20,7 @@ function installdep() {
     yum -y update
     yum install -y aws-cli ruby jq
   fi
+  echo "Done installing dependencies."
 }
 
 function platformize() {
@@ -36,39 +38,15 @@ function platformize() {
 }
 
 function execute() {
-  if [ ${PLAT} = "ubuntu" ]; then
-    cd /tmp/
-    wget https://aws-codedeploy-${REGION}.s3.${REGION}.amazonaws.com/latest/install
-    chmod +x ./install
-
-    if ./install auto; then
-      echo "Installation completed"
-      if ! ${AUTOUPDATE}; then
-        echo "Disabling Auto Update"
-        sed -i '/@reboot/d' /etc/cron.d/codedeploy-agent-update
-        chattr +i /etc/cron.d/codedeploy-agent-update
-        rm -f /tmp/install
-      fi
-      exit 0
-    else
-      echo "Installation script failed, please investigate"
-      rm -f /tmp/install
-      exit 1
-    fi
-
-  elif [ ${PLAT} = "amz" ]; then
+  if [[ "${PLAT}" = "ubuntu" ]] || [[ "${PLAT}" = "amz" ]]; then
+    echo "Downloading CodeDeploy Agent..."
     cd /tmp/
     wget https://aws-codedeploy-${REGION}.s3.${REGION}.amazonaws.com/latest/install
     chmod +x ./install
 
+    echo "Installing CodeDeploy Agent..."
     if ./install auto; then
       echo "Installation completed"
-      if ! ${AUTOUPDATE}; then
-        echo "Disabling auto update"
-        sed -i '/@reboot/d' /etc/cron.d/codedeploy-agent-update
-        chattr +i /etc/cron.d/codedeploy-agent-update
-        rm -f /tmp/install
-      fi
       exit 0
     else
       echo "Installation script failed, please investigate"
@@ -83,5 +61,6 @@ function execute() {
 
 platformize
 installdep
-REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r ".region")
+export TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+export REGION=$(curl -H "X-aws-ec2-metadata-token: ${TOKEN}" -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r ".region")
 execute

samples/sample-ec2-with-codedeploy/scripts/install-deps.sh

@@ -1,24 +1,23 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Copyright Amazon.com Inc. or its affiliates.
 # SPDX-License-Identifier: Apache-2.0
 
+set -xe
+
 # install apache httpd
 sudo yum install httpd -y
 
 # install sdk
 curl -s "https://get.sdkman.io" | bash
 source "$HOME/.sdkman/bin/sdkman-init.sh"
 
-# install Java 8
-sudo yum install java-1.8.0 -y
-# remove Java 1.7
-sudo yum remove java-1.7.0-openjdk -y
+# install Java
+sudo yum install -y java-17-amazon-corretto-headless
 
 # install Maven
-sudo wget http://repos.fedorapeople.org/repos/dchen/apache-maven/epel-apache-maven.repo -O /etc/yum.repos.d/epel-apache-maven.repo
-sudo sed -i s/\$releasever/7/g /etc/yum.repos.d/epel-apache-maven.repo
-sudo yum install -y apache-maven
+yum -y update
+sudo yum install -y maven
 
 # sdk version
 java -version
@@ -30,7 +29,7 @@ sdk install springboot
 # create a springboot user to run the app as a service
 sudo useradd springboot
 # springboot login shell disabled
-sudo chsh -s /sbin/nologin springboot
+sudo usermod --shell /sbin/nologin springboot
 
 # forward port 80 to 8080
 echo "
@@ -42,8 +41,8 @@ echo "
 " | sudo tee -a /etc/httpd/conf/httpd.conf > /dev/null
 
 # start the httpd service now and stop it until userdata
-sudo service httpd start
-sudo service httpd stop
+sudo systemctl start httpd
+sudo systemctl stop httpd
 
 # ensure httpd stays on
-sudo chkconfig httpd on
+sudo systemctl enable httpd

samples/sample-ec2-with-codedeploy/template.yml

@@ -52,10 +52,6 @@ Parameters:
     ConstraintDescription: "Must be one of the values from the list."
     Description: "Instance type for the EC2 instances."
 
-  KeyPair:
-    Description: "Amazon EC2 Key Pair"
-    Type: "AWS::EC2::KeyPair::KeyName"
-
 Resources:
   AutoScalingGroup:
     Type: "AWS::AutoScaling::AutoScalingGroup"
@@ -71,7 +67,9 @@ Resources:
       AvailabilityZones: !GetAZs ""
       MinSize: !Ref "InstanceMinSize"
       MaxSize: !Ref "InstanceMaxSize"
-      LaunchConfigurationName: !Ref "LaunchConfiguration"
+      LaunchTemplate:
+        LaunchTemplateId: !GetAtt LaunchTemplate.LaunchTemplateId
+        Version: !GetAtt LaunchTemplate.LatestVersionNumber
       MetricsCollection:
         - Granularity: "1Minute"
       TerminationPolicies:
@@ -108,32 +106,40 @@ Resources:
       AutoScalingGroups:
         - !Ref "AutoScalingGroup"
 
-  LaunchConfiguration:
-    Type: "AWS::AutoScaling::LaunchConfiguration"
+  LaunchTemplate:
+    Type: "AWS::EC2::LaunchTemplate"
     Properties:
-      AssociatePublicIpAddress: false
-      IamInstanceProfile: !ImportValue "GlobalInstanceProfileArn"
-      ImageId: !Ref "ImageId"
-      InstanceType: !Ref "InstanceType"
-      KeyName: !Ref "KeyPair"
-      SecurityGroups:
-        - !Ref "PrivateSecurityGroup"
-      UserData:
-        "Fn::Base64": !Sub |
-          #!/bin/bash
-          BUCKET_NAME=$(echo ${CodeDeployAgentInstallScript} | sed 's/^.*adf-global-base/adf-global-base/' |sed 's/\/.*//')
-          KEY=$(echo ${CodeDeployAgentInstallScript} | sed 's/^.*adf-upload/adf-upload/')
-          aws s3api get-object --bucket $BUCKET_NAME --key $KEY /tmp/code_deploy_install.sh
+      LaunchTemplateName: !Sub ${AWS::StackName}-launch-template
+      LaunchTemplateData:
+        IamInstanceProfile:
+          Arn: !ImportValue IamInstanceProfile
+        ImageId: !Ref "ImageId"
+        InstanceType: !Ref "InstanceType"
+        MetadataOptions:
+          HttpEndpoint: enabled
+          HttpPutResponseHopLimit: 2
+          HttpTokens: required
+        NetworkInterfaces:
+          - AssociatePublicIpAddress: false
+            DeviceIndex: 0
+            Groups:
+              - !Ref "PrivateSecurityGroup"
+        UserData:
+          "Fn::Base64": !Sub |
+            #!/bin/bash
+            BUCKET_NAME=$(echo "${CodeDeployAgentInstallScript}" | sed 's/^.*adf-global-base/adf-global-base/' | sed 's/\/.*//')
+            KEY=$(echo "${CodeDeployAgentInstallScript}" | sed 's/^.*adf-upload/adf-upload/')
+            aws s3api get-object --bucket "${!BUCKET_NAME}" --key "${!KEY}" /tmp/code_deploy_install.sh
 
-          BUCKET_NAME=$(echo ${JavaInstallScript} | sed 's/^.*adf-global-base/adf-global-base/' |sed 's/\/.*//')
-          KEY=$(echo ${JavaInstallScript} | sed 's/^.*adf-upload/adf-upload/')
-          aws s3api get-object --bucket $BUCKET_NAME --key $KEY /tmp/java_install.sh
+            BUCKET_NAME=$(echo "${JavaInstallScript}" | sed 's/^.*adf-global-base/adf-global-base/' |sed 's/\/.*//')
+            KEY=$(echo "${JavaInstallScript}" | sed 's/^.*adf-upload/adf-upload/')
+            aws s3api get-object --bucket "${!BUCKET_NAME}" --key "${!KEY}" /tmp/java_install.sh
 
-          chmod +x /tmp/java_install.sh
-          chmod +x /tmp/code_deploy_install.sh
-          /tmp/code_deploy_install.sh
-          /tmp/java_install.sh
-          /opt/aws/bin/cfn-signal -e 0 --stack ${AWS::StackName} --resource AutoScalingGroup --region ${AWS::Region}
+            chmod +x /tmp/java_install.sh
+            chmod +x /tmp/code_deploy_install.sh
+            /tmp/code_deploy_install.sh
+            /tmp/java_install.sh
+            /opt/aws/bin/cfn-signal -e 0 --stack "${AWS::StackName}" --resource AutoScalingGroup --region "${AWS::Region}"
 
   PrivateSecurityGroup:
     Type: AWS::EC2::SecurityGroup

samples/sample-ecs-cluster/README.md

@@ -1,5 +1,10 @@
 # Sample ECS Cluster to showcase ADF Pipelines
 
+## Prerequisites
+
+Please make sure you deploy the `sample-vpc` example before you deploy
+this sample. The VPC should be deployed to the same target accounts and region.
+
 ## Deployment Map example
 
 ```yaml

samples/sample-ecs-cluster/template.yml

@@ -170,11 +170,11 @@ Outputs:
     Export:
       Name: 'ClusterName'
 
-  LoadBalancerExternalUrl:
+  ECSLoadBalancerExternalUrl:
     Description: The url of the external load balancer
     Value: !Sub http://${PublicLoadBalancer.DNSName}
     Export:
-      Name: 'LoadBalancerExternalUrl'
+      Name: 'ECSLoadBalancerExternalUrl'
 
   ECSRole:
     Description: The ARN of the ECS role

samples/sample-fargate-node-app/Dockerfile

@@ -1,7 +1,7 @@
 # Copyright Amazon.com Inc. or its affiliates.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM node:current-alpine
+FROM public.ecr.aws/docker/library/node:current-alpine
 WORKDIR /app
 COPY . .
 RUN npm install