feat(codepipeline): add ability to not reuse cross-region support Stacks (#18043)

This provides the change proposed in feature request #18018 by adding the new flag.

closes #18018 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: tobytipton

packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts

@@ -146,6 +146,13 @@ export interface PipelineProps {
    * @default - false (key rotation is disabled)
    */
   readonly enableKeyRotation?: boolean;
+
+  /**
+   * Reuse the same cross region support stack for all pipelines in the App.
+   *
+   * @default - true (Use the same support stack for all pipelines in App)
+   */
+  readonly reuseCrossRegionSupportStacks?: boolean;
 }
 
 abstract class PipelineBase extends Resource implements IPipeline {
@@ -342,6 +349,7 @@ export class Pipeline extends PipelineBase {
   private readonly _crossAccountSupport: { [account: string]: Stack } = {};
   private readonly crossAccountKeys: boolean;
   private readonly enableKeyRotation?: boolean;
+  private readonly reuseCrossRegionSupportStacks: boolean;
 
   constructor(scope: Construct, id: string, props: PipelineProps = {}) {
     super(scope, id, {
@@ -364,6 +372,8 @@ export class Pipeline extends PipelineBase {
       throw new Error("Setting 'enableKeyRotation' to true also requires 'crossAccountKeys' to be enabled");
     }
 
+    this.reuseCrossRegionSupportStacks = props.reuseCrossRegionSupportStacks ?? true;
+
     // If a bucket has been provided, use it - otherwise, create a bucket.
     let propsBucket = this.getArtifactBucketFromProps(props);
 
@@ -631,7 +641,7 @@ export class Pipeline extends PipelineBase {
     }
 
     const app = this.supportScope();
-    const supportStackId = `cross-region-stack-${pipelineAccount}:${actionRegion}`;
+    const supportStackId = `cross-region-stack-${this.reuseCrossRegionSupportStacks ? pipelineAccount : pipelineStack.stackName}:${actionRegion}`;
     let supportStack = app.node.tryFindChild(supportStackId) as CrossRegionSupportStack;
     if (!supportStack) {
       supportStack = new CrossRegionSupportStack(app, supportStackId, {

packages/@aws-cdk/aws-codepipeline/test/pipeline.test.ts

@@ -9,6 +9,10 @@ import * as codepipeline from '../lib';
 import { FakeBuildAction } from './fake-build-action';
 import { FakeSourceAction } from './fake-source-action';
 
+// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
+// eslint-disable-next-line no-duplicate-imports, import/order
+import { Construct } from 'constructs';
+
 /* eslint-disable quote-props */
 
 describe('', () => {
@@ -335,7 +339,61 @@ describe('', () => {
         expect(supportStackArtifact.cloudFormationExecutionRoleArn).toEqual(
           'arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-cfn-exec-role-123456789012-us-west-2');
 
+      });
+
+      test('generates the same support stack containing the replication Bucket without the need to bootstrap in that environment for multiple pipelines', () => {
+        const app = new cdk.App();
+
+        new ReusePipelineStack(app, 'PipelineStackA', {
+          env: { region: 'us-west-2', account: '123456789012' },
+        });
+        new ReusePipelineStack(app, 'PipelineStackB', {
+          env: { region: 'us-west-2', account: '123456789012' },
+        });
+
+        const assembly = app.synth();
+        // 2 Pipeline Stacks and 1 support stack for both pipeline stacks.
+        expect(assembly.stacks.length).toEqual(3);
+        assembly.getStackByName('PipelineStackA-support-eu-south-1');
+        expect(() => {
+          assembly.getStackByName('PipelineStackB-support-eu-south-1');
+        }).toThrowError(/Unable to find stack with stack name/);
+
+      });
+
+      test('generates the unique support stack containing the replication Bucket without the need to bootstrap in that environment for multiple pipelines', () => {
+        const app = new cdk.App();
+
+        new ReusePipelineStack(app, 'PipelineStackA', {
+          env: { region: 'us-west-2', account: '123456789012' },
+          reuseCrossRegionSupportStacks: false,
+        });
+        new ReusePipelineStack(app, 'PipelineStackB', {
+          env: { region: 'us-west-2', account: '123456789012' },
+          reuseCrossRegionSupportStacks: false,
+        });
+
+        const assembly = app.synth();
+        // 2 Pipeline Stacks and 1 support stack for each pipeline stack.
+        expect(assembly.stacks.length).toEqual(4);
+        const supportStackAArtifact = assembly.getStackByName('PipelineStackA-support-eu-south-1');
+        const supportStackBArtifact = assembly.getStackByName('PipelineStackB-support-eu-south-1');
+
+        const supportStackATemplate = supportStackAArtifact.template;
+        expect(supportStackATemplate).toHaveResourceLike('AWS::S3::Bucket', {
+          BucketName: 'pipelinestacka-support-eueplicationbucket8934e91f26961aa6cbfa',
+        });
+        expect(supportStackATemplate).toHaveResourceLike('AWS::KMS::Alias', {
+          AliasName: 'alias/pport-eutencryptionalias02f1cda3732942f6c529',
+        });
 
+        const supportStackBTemplate = supportStackBArtifact.template;
+        expect(supportStackBTemplate).toHaveResourceLike('AWS::S3::Bucket', {
+          BucketName: 'pipelinestackb-support-eueplicationbucketdf7c0e10245faa377228',
+        });
+        expect(supportStackBTemplate).toHaveResourceLike('AWS::KMS::Alias', {
+          AliasName: 'alias/pport-eutencryptionaliasdef3fd3fec63bc54980e',
+        });
       });
     });
 
@@ -466,3 +524,45 @@ describe('test with shared setup', () => {
     });
   });
 });
+
+
+interface ReusePipelineStackProps extends cdk.StackProps {
+  reuseCrossRegionSupportStacks?: boolean;
+}
+
+class ReusePipelineStack extends cdk.Stack {
+  public constructor(scope: Construct, id: string, props: ReusePipelineStackProps ) {
+    super(scope, id, props);
+    const sourceOutput = new codepipeline.Artifact();
+    const buildOutput = new codepipeline.Artifact();
+    new codepipeline.Pipeline(this, 'Pipeline', {
+      reuseCrossRegionSupportStacks: props.reuseCrossRegionSupportStacks,
+      stages: [
+        {
+          stageName: 'Source',
+          actions: [new FakeSourceAction({
+            actionName: 'Source',
+            output: sourceOutput,
+          })],
+        },
+        {
+          stageName: 'Build',
+          actions: [new FakeBuildAction({
+            actionName: 'Build',
+            input: sourceOutput,
+            region: 'eu-south-1',
+            output: buildOutput,
+          })],
+        },
+        {
+          stageName: 'Deploy',
+          actions: [new FakeBuildAction({
+            actionName: 'Deploy',
+            input: buildOutput,
+            region: 'eu-south-1',
+          })],
+        },
+      ],
+    });
+  }
+}

packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline.ts

@@ -197,6 +197,13 @@ export interface CodePipelineProps {
    * @default - a new underlying pipeline is created.
    */
   readonly codePipeline?: cp.Pipeline;
+
+  /**
+   * Reuse the same cross region support stack for all pipelines in the App.
+   *
+   * @default - true (Use the same support stack for all pipelines in App)
+   */
+  readonly reuseCrossRegionSupportStacks?: boolean;
 }
 
 /**
@@ -341,6 +348,7 @@ export class CodePipeline extends PipelineBase {
       this._pipeline = new cp.Pipeline(this, 'Pipeline', {
         pipelineName: this.props.pipelineName,
         crossAccountKeys: this.props.crossAccountKeys ?? false,
+        reuseCrossRegionSupportStacks: this.props.reuseCrossRegionSupportStacks,
         // This is necessary to make self-mutation work (deployments are guaranteed
         // to happen only after the builds of the latest pipeline definition).
         restartExecutionOnUpdate: true,

packages/@aws-cdk/pipelines/test/codepipeline/codepipeline.test.ts

@@ -0,0 +1,128 @@
+import * as ccommit from '@aws-cdk/aws-codecommit';
+import * as sqs from '@aws-cdk/aws-sqs';
+import * as cdk from '@aws-cdk/core';
+import { Construct } from 'constructs';
+import * as cdkp from '../../lib';
+import { PIPELINE_ENV, TestApp } from '../testhelpers';
+
+let app: TestApp;
+
+beforeEach(() => {
+  app = new TestApp();
+});
+
+afterEach(() => {
+  app.cleanup();
+});
+
+const testStageEnv: Required<cdk.Environment> = {
+  account: '123456789012',
+  region: 'us-east-1',
+};
+
+describe('CodePipeline support stack reuse', () => {
+  test('CodePipeline generates the same support stack containing the replication Bucket without the need to bootstrap in that environment for multiple pipelines', () => {
+    new ReuseCodePipelineStack(app, 'PipelineStackA', {
+      env: PIPELINE_ENV,
+    });
+    new ReuseCodePipelineStack(app, 'PipelineStackB', {
+      env: PIPELINE_ENV,
+    });
+    const assembly = app.synth();
+    // 2 Pipeline Stacks and 1 support stack for both pipeline stacks.
+    expect(assembly.stacks.length).toEqual(3);
+    assembly.getStackByName(`PipelineStackA-support-${testStageEnv.region}`);
+    expect(() => {
+      assembly.getStackByName(`PipelineStackB-support-${testStageEnv.region}`);
+    }).toThrowError(/Unable to find stack with stack name/);
+  });
+
+  test('CodePipeline generates the unique support stack containing the replication Bucket without the need to bootstrap in that environment for multiple pipelines', () => {
+    new ReuseCodePipelineStack(app, 'PipelineStackA', {
+      env: PIPELINE_ENV,
+      reuseCrossRegionSupportStacks: false,
+    });
+    new ReuseCodePipelineStack(app, 'PipelineStackB', {
+      env: PIPELINE_ENV,
+      reuseCrossRegionSupportStacks: false,
+    });
+    const assembly = app.synth();
+    // 2 Pipeline Stacks and 1 support stack for each pipeline stack.
+    expect(assembly.stacks.length).toEqual(4);
+    const supportStackAArtifact = assembly.getStackByName(`PipelineStackA-support-${testStageEnv.region}`);
+    const supportStackBArtifact = assembly.getStackByName(`PipelineStackB-support-${testStageEnv.region}`);
+
+    const supportStackATemplate = supportStackAArtifact.template;
+    expect(supportStackATemplate).toHaveResourceLike('AWS::S3::Bucket', {
+      BucketName: 'pipelinestacka-support-useplicationbucket80db3753a0ebbf052279',
+    });
+    expect(supportStackATemplate).toHaveResourceLike('AWS::KMS::Alias', {
+      AliasName: 'alias/pport-ustencryptionalias5cad45754e1ff088476b',
+    });
+
+    const supportStackBTemplate = supportStackBArtifact.template;
+    expect(supportStackBTemplate).toHaveResourceLike('AWS::S3::Bucket', {
+      BucketName: 'pipelinestackb-support-useplicationbucket1d556ec7f959b336abf8',
+    });
+    expect(supportStackBTemplate).toHaveResourceLike('AWS::KMS::Alias', {
+      AliasName: 'alias/pport-ustencryptionalias668c7ffd0de17c9867b0',
+    });
+  });
+});
+
+interface ReuseCodePipelineStackProps extends cdk.StackProps {
+  reuseCrossRegionSupportStacks?: boolean;
+}
+class ReuseCodePipelineStack extends cdk.Stack {
+  public constructor(scope: Construct, id: string, props: ReuseCodePipelineStackProps ) {
+    super(scope, id, props);
+    const repo = new ccommit.Repository(this, 'Repo', {
+      repositoryName: 'MyRepo',
+    });
+
+    const cdkInput = cdkp.CodePipelineSource.codeCommit(
+      repo,
+      'main',
+    );
+
+    const synthStep = new cdkp.ShellStep('Synth', {
+      input: cdkInput,
+      installCommands: ['npm ci'],
+      commands: [
+        'npm run build',
+        'npx cdk synth',
+      ],
+    });
+
+    const pipeline = new cdkp.CodePipeline(this, 'Pipeline', {
+      synth: synthStep,
+      selfMutation: true,
+      crossAccountKeys: true,
+      reuseCrossRegionSupportStacks: props.reuseCrossRegionSupportStacks,
+    });
+
+    const stage = new ReuseStage(
+      this,
+      `SampleStage-${testStageEnv.account}-${testStageEnv.region}`,
+      {
+        env: testStageEnv,
+      },
+    );
+    pipeline.addStage(stage);
+
+  }
+}
+
+class ReuseStage extends cdk.Stage {
+  public constructor(scope: Construct, id: string, props: cdk.StageProps) {
+    super(scope, id, props);
+    new ReuseStack(this, 'SampleStack', {});
+  }
+}
+
+class ReuseStack extends cdk.Stack {
+  public constructor(scope: Construct, id: string, props: cdk.StackProps) {
+    super(scope, id, props);
+    new sqs.Queue(this, 'Queue');
+  }
+}