Skip to content

Commit

Permalink
Merge pull request #20 from aws-solutions/release/v1.0.5
Browse files Browse the repository at this point in the history
release v1.0.5, rename to Centralized Network Inspection
  • Loading branch information
abewub authored May 22, 2024
2 parents 81751bb + 721683d commit e94d39f
Show file tree
Hide file tree
Showing 72 changed files with 1,372 additions and 1,379 deletions.
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ A clear and concise description of what you expected to happen.

- [ ] Version: [e.g. v1.0.0]

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0108) - Firewall Automation for Network Traffic on AWS. Version **v1.0.0**_".
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0108) - Centralized Network Inspection on AWS. Version **v1.0.0**_".

- [ ] Region: [e.g. us-east-1]
- [ ] Was the solution modified from the version published on this repository?
Expand Down
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,17 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.0.5] - 2024-05

### Changed

- Rename the solution to Centralized Network Inspection on AWS
- Bump up minor versions of dependencies

## [1.0.4] - 2023-11-10

### Changed

- Update NodeJS environment for CodeBuild from NodeJS16 to NodeJS18.

## [1.0.3] - 2023-10-27
Expand Down
6 changes: 3 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ information to effectively respond to your bug report or contribution.

We welcome you to use the GitHub issue tracker to report bugs or suggest features.

When filing an issue, please check [existing open](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues), or [recently closed](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
When filing an issue, please check [existing open](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues), or [recently closed](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:

* A reproducible test case or series of steps
Expand Down Expand Up @@ -41,7 +41,7 @@ GitHub provides additional document on [forking a repository](https://help.githu


## Finding contributions to work on
Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/labels/help%20wanted) issues is a great place to start.
Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/centralized-network-inspection-on-aws/labels/help%20wanted) issues is a great place to start.


## Code of Conduct
Expand All @@ -56,6 +56,6 @@ If you discover a potential security issue in this project we ask that you notif

## Licensing

See the [LICENSE](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
See the [LICENSE](https://github.com/aws-solutions/centralized-network-inspection-on-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.

We may ask you to sign a [Contributor License Agreement (CLA)](https://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
2 changes: 1 addition & 1 deletion NOTICE.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Firewall Automation for Network Traffic on AWS
Centralized Network Inspection on AWS

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except
Expand Down
36 changes: 18 additions & 18 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
**[Firewall Automation for Network Traffic on AWS](https://aws.amazon.com/solutions/implementations/firewall-automation-for-network-traffic-on-aws)** | **[🚧 Feature request](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues/new?assignees=&labels=feature-request%2C+enhancement&template=feature_request.md&title=)** | **[🐛 Bug Report](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues/new?assignees=&labels=bug%2C+triage&template=bug_report.md&title=)**
**[Centralized Network Inspection on AWS](https://aws.amazon.com/solutions/implementations/centralized-network-inspection-on-aws)** | **[🚧 Feature request](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues/new?assignees=&labels=feature-request%2C+enhancement&template=feature_request.md&title=)** | **[🐛 Bug Report](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues/new?assignees=&labels=bug%2C+triage&template=bug_report.md&title=)**

Note: If you want to use the solution without building from source, navigate to Solution Landing Page

Expand All @@ -17,7 +17,7 @@ Note: If you want to use the solution without building from source, navigate to

<a name="solution-overview"></a>
# Solution Overview
Solution for Firewall Automation for Network Traffic on AWS.
Solution for Centralized Network Inspection on AWS.

<a name="architecture-diagram"></a>
# Architecture Diagram
Expand All @@ -35,9 +35,9 @@ cd source/
npm run build
```

Build the Network Firewall Solution CodeBuild source code
Build the Centralized Network Inspection Solution CodeBuild source code
```
cd source/networkfirewallAutomation
cd source/centralizedNetworkInspection
tsc
```

Expand All @@ -46,7 +46,7 @@ Build the templates for custom deployments
```
cd deployments/
chmod +x ./build-s3-dist.sh
./build-s3-dist.sh [SOLUTION_DIST_BUCKET] network-firewall-automation [VERSION_ID]
./build-s3-dist.sh [SOLUTION_DIST_BUCKET] centralized-network-inspection [VERSION_ID]
```

<a name="unit-test"></a>
Expand All @@ -64,18 +64,18 @@ chmod +x ./run-unit-tests.sh
Follow the steps for deploying your custom version of the solution.
* Create an S3 bucket with the bucket appended with the region in which the deployment is to be made. example, if the deployment is to be made in us-east-1 create a bucket name as [BUCKET_NAME]-us-east-1.
* Create the distribution files using the script provided in the build section above.
* Create the S3 Key in the bucket network-firewall-automation/[VERSION_ID]/
* Create the S3 Key in the bucket network-firewall-automation/latest/
* Copy the file ./deployment/regional-s3-assets/network-firewall-automation.zip to the location s3://[BUCKET_NAME]-[REGION]/network-firewall-automation/[VERSION_ID]/
* Copy the file ./deployment/regional-s3-assets/network-firewall-configuration.zip to the location s3://[BUCKET_NAME]-[REGION]/network-firewall-automation/latest/
* Create the S3 Key in the bucket centralized-network-inspection/[VERSION_ID]/
* Create the S3 Key in the bucket centralized-network-inspection/latest/
* Copy the file ./deployment/regional-s3-assets/centralized-network-inspection.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/[VERSION_ID]/
* Copy the file ./deployment/regional-s3-assets/centralized-network-inspection-configuration.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/latest/

Once the above steps are completed, use the file ./deployment/global-s3-assets/firewall-automation-for-network-traffic-on-aws.template to create a stack in CloudFormation.
Once the above steps are completed, use the file ./deployment/global-s3-assets/centralized-network-inspection-on-aws.template to create a stack in CloudFormation.


<a name="file-structure"></a>
# File structure

firewall-automation-for-network-traffic-on-aws consists of:
centralized-network-inspection-on-aws consists of:

- CDK constructs to generate necessary resources
- Microservices used in the solution
Expand All @@ -87,14 +87,14 @@ File Structure
|build-s3-dist.sh/ [ Build script for create the distribution for the solution.]
|-source/
|-bin/
|-network-firewall-auto-solution.ts [ entry point for CDK app ]
|-centralized-network-inspection-solution.ts [ entry point for CDK app ]
|-test/ [ unit tests for CDK constructs ]
|-network-firewall-automation-solution.test.ts [CDK construct for the solution.]
|-centralized-network-inspection-solution.test.ts [CDK construct for the solution.]
|-__snapshots__
|-network-firewall-automation-solution.test.ts.snap [CDK construct template snapshot of unit testing.]
|-centralized-network-inspection-solution.test.ts.snap [CDK construct template snapshot of unit testing.]
|-lib/
|-network-firewall-automation-solution-stack.ts [ CDK construct for the solution. ]
|-networkFirewallAutomation
|-centralized-network-inspection.stack.ts [ CDK construct for the solution. ]
|-centralizedNetworkInspection
|-__tests__
|-firewall-test-configuration
|-firewalls
Expand Down Expand Up @@ -166,9 +166,9 @@ File Structure
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0

See [LICENSE](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/blob/master/LICENSE.txt)
See [LICENSE](https://github.com/aws-solutions/centralized-network-inspection-on-aws/blob/master/LICENSE.txt)

## Collection of operational metrics

This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/network-firewall-deployment-automations-for-aws-transit-gateway/collection-of-operational-metrics.html).
This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/centralized-network-inspection-on-aws/reference.html).

19 changes: 12 additions & 7 deletions deployment/build-s3-dist.sh
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,11 @@ for f in $template_dist_dir/*.template.json; do
mv -- "$f" "${f%.template.json}.template"
done

# Replace references to version
replace="s/%%VERSION%%/$DIST_VERSION/g"
echo "sed -i $replace $template_dist_dir/*.template"
sed -i -e $replace $template_dist_dir/*.template

echo "------------------------------------------------------------------------------"
echo "[Packing] Source code artifacts"
echo "------------------------------------------------------------------------------"
Expand All @@ -98,9 +103,9 @@ echo "find $staging_dist_dir -iname "package-lock.json" -type f -exec rm -f "{}"
find $staging_dist_dir -iname "package-lock.json" -type f -exec rm -f "{}" \; 2> /dev/null

echo "------------------------------------------------------------------------------"
echo "Package Firewall Automation for Network Traffic on AWS node project for Code Build/Deploy stage "
echo "Package Centralized Network Inspection on AWS node project for Code Build/Deploy stage "
echo "------------------------------------------------------------------------------"
cd $source_dir/networkFirewallAutomation/
cd $source_dir/centralizedNetworkInspection/
npm install
npm run build
npm run zip
Expand All @@ -109,23 +114,23 @@ if [ "$?" = "1" ]; then
exit 1
fi
echo "Copy package zip to dist directory"
echo "cp ./dist/network-firewall-automation.zip $build_dist_dir/network-firewall-automation.zip"
cp ./dist/network-firewall-automation.zip $build_dist_dir/network-firewall-automation.zip
echo "cp ./dist/centralized-network-inspection.zip $build_dist_dir/centralized-network-inspection.zip"
cp ./dist/centralized-network-inspection.zip $build_dist_dir/centralized-network-inspection.zip

# build regional rule groups zip files for each region
echo "Copying network firewall configurations to deployment folder"
cd $template_dir
cp -pr $source_dir/networkFirewallAutomation/config/* ./
cp -pr $source_dir/centralizedNetworkInspection/config/* ./
echo -e "\n Creating a zip file with network firewall configurations"
echo -e "\n Building network firewall configuration"
zip -Xr "$build_dist_dir"/network-firewall-configuration.zip ./firewalls ./ruleGroups ./firewallPolicies ./examples
zip -Xr "$build_dist_dir"/centralized-network-inspection-configuration.zip ./firewalls ./ruleGroups ./firewallPolicies ./examples

echo "------------------------------------------------------------------------------"
echo "[Cleanup] Remove temporary files"
echo "------------------------------------------------------------------------------"

# cleanup generated files
cd $source_dir/networkFirewallAutomation/
cd $source_dir/centralizedNetworkInspection/
npm run cleanup:tsc
npm run cleanup:dist

Expand Down
2 changes: 1 addition & 1 deletion deployment/run-unit-tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ source_dir="$(cd $PWD/../source; pwd -P)"
coverage_reports_top_path=$source_dir/test/coverage-reports

#Run the npm install for the lambda projects
run_javascript_test $source_dir/networkFirewallAutomation networkFirewallAutomation
run_javascript_test $source_dir/centralizedNetworkInspection centralizedNetworkInspection

run_cdk_project_test $source_dir

Expand Down
6 changes: 3 additions & 3 deletions solution-manifest.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
id: SO0108 # Solution Id
name: firewall-automation-for-network-traffic-on-aws # trademarked name
version: v1.0.4 # current version of the solution. Used to verify template headers
name: centralized-network-inspection-on-aws # trademarked name
version: v1.0.5 # current version of the solution. Used to verify template headers
cloudformation_templates: # This list should match with AWS CloudFormation templates section of IG
- template: firewall-automation-for-network-traffic-on-aws.template
- template: centralized-network-inspection-on-aws.template
main_template: true
build_environment:
build_image: 'aws/codebuild/standard:7.0' # Options include: 'aws/codebuild/standard:5.0','aws/codebuild/standard:6.0','aws/codebuild/standard:7.0','aws/codebuild/amazonlinux2-x86_64-standard:4.0','aws/codebuild/amazonlinux2-x86_64-standard:5.0'
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@

import { App, DefaultStackSynthesizer } from 'aws-cdk-lib';
import {
NetworkFirewallAutomationStack,
NetworkFirewallAutomationStackProps
} from '../lib/network-firewall-automation-solution-stack';
CentralizedNetworkInspectionStack,
CentralizedNetworkInspectionStackProps
} from '../lib/centralized-network-inspection.stack';

const SOLUTION_VERSION = process.env['DIST_VERSION'];
const SOLUTION_NAME = process.env['SOLUTION_NAME'];
Expand All @@ -19,7 +19,7 @@ const SOLUTION_PROVIDER = 'AWS Solution Development';

const app = new App();

let NetworkFirewallAutomationStackProperties: NetworkFirewallAutomationStackProps = {
let centralizedNetworkInspectionStackProps: CentralizedNetworkInspectionStackProps = {
synthesizer: new DefaultStackSynthesizer({
generateBootstrapVersionRule: false
}),
Expand All @@ -32,8 +32,8 @@ let NetworkFirewallAutomationStackProperties: NetworkFirewallAutomationStackProp
description: `(${SOLUTION_ID}) - The AWS CloudFormation template for deployment of the ${SOLUTION_NAME}, Version: ${SOLUTION_VERSION}`
};

new NetworkFirewallAutomationStack(
new CentralizedNetworkInspectionStack(
app,
'firewall-automation-for-network-traffic-on-aws',
NetworkFirewallAutomationStackProperties
'centralized-network-inspection-on-aws',
centralizedNetworkInspectionStackProps
);
2 changes: 1 addition & 1 deletion source/cdk.json
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"app": "npx ts-node bin/network-firewall-auto-solution.ts"
"app": "npx ts-node bin/centralized-network-inspection-solution.ts"
}
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ jest.mock(
LogType: 'ALERT',
LogDestinationType: 'CloudWatchLogs',
LogDestination: {
logGroup: 'network-firewall-automation-solution',
logGroup: 'centralized-network-inspection-solution',
prefix: 'alerts',
},
},
Expand Down Expand Up @@ -643,7 +643,7 @@ test('Update logging configuration', async () => {
{
LogType: 'ALERT',
LogDestination: {
bucketName: 'network-firewall-automation-solution',
bucketName: 'centralized-network-inspection-solution',
prefix: 'alerts',
},
LogDestinationType: 'S3',
Expand All @@ -655,7 +655,7 @@ test('Update logging configuration', async () => {
LogDestinationConfigs: [
{
LogType: 'ALERT',
LogDestination: { bucketName: 'network-firewall-automation-solution', prefix: 'alerts' },
LogDestination: { bucketName: 'centralized-network-inspection-solution', prefix: 'alerts' },
LogDestinationType: 'S3',
},
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ jest.mock(
__esModule: true,
SSM: jest.fn().mockReturnValue({
getParameter: jest.fn().mockImplementation(data => {
expect(data).toStrictEqual({ Name: 'network-firewall-solution-uuid-asds' });
if ('network-firewall-solution-uuid-asds' === data['Name']) {
expect(data).toStrictEqual({ Name: 'centralized-network-inspection-solution-uuid-asds' });
if ('centralized-network-inspection-solution-uuid-asds' === data['Name']) {
return {
promise: jest.fn().mockReturnValue({
Parameter: {
Expand Down Expand Up @@ -62,7 +62,7 @@ jest.mock(

test('test sending the metrics when the uuid is already in the parameter store.', async () => {
process.env.STACK_ID = 'asds';
process.env.SEND_ANONYMOUS_METRICS = 'Yes';
process.env.SEND_ANONYMIZED_METRICS = 'Yes';
await MetricsManager.sendMetrics({
numberOfFirewalls: 1,
numberOfPolicies: 1,
Expand Down
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

/**
* @description
* Firewall Automation for Network Traffic on AWS
* Centralized Network Inspection on AWS
* @author aws-solutions
*/

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ const config = {
'**/*.ts',
'!**/*.d.ts',
'!**/*.spec.ts',
'!./bin/network-firewall-auto-solution.ts',
'!./bin/centralized-network-inspection-solution.ts',
'!./build.ts',
'!./index.ts',
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ export class MetricsManager {
static async sendMetrics(data: NetworkFirewallMetrics) {
const ssmParameterForUUID = process.env.SSM_PARAM_FOR_UUID
? process.env.SSM_PARAM_FOR_UUID
: 'network-firewall-solution-uuid';
: 'centralized-network-inspection-solution-uuid';
const stackId = process.env.STACK_ID ? process.env.STACK_ID.slice(process.env.STACK_ID.length - 36) : '';
const sendAnonymousMetrics = process.env.SEND_ANONYMOUS_METRICS ? process.env.SEND_ANONYMOUS_METRICS : 'No';
const sendAnonymizedMetrics = process.env.SEND_ANONYMIZED_METRICS ? process.env.SEND_ANONYMIZED_METRICS : 'No';
let uuid = '';
Logger.log(LOG_LEVEL.DEBUG, `ssm parameter uuid key prefix ${ssmParameterForUUID}`)
const ssmUUIDKey = `${ssmParameterForUUID}-${stackId}`;
Logger.log(LOG_LEVEL.DEBUG, `ssm parameter uuid key ${ssmUUIDKey}`)
try {
if (sendAnonymousMetrics.toUpperCase() === 'YES') {
if (sendAnonymizedMetrics.toUpperCase() === 'YES') {
let ssmInstance = new SSM({
customUserAgent: process.env.CUSTOM_SDK_USER_AGENT,
});
Expand Down
Loading

0 comments on commit e94d39f

Please sign in to comment.