Issue 6

cloudformation/ds_admin_detective.yaml

@@ -17,7 +17,6 @@ Resources:
             Principal:
               Service: lambda.amazonaws.com
             Action: 'sts:AssumeRole'
-      RoleName: !Sub '${StackSetName}-SageMaker-DetectiveControl-Role'
       Policies:
         - PolicyName: LambdaInlineForSageMaker
           PolicyDocument:

cloudformation/ds_admin_principals.yaml

@@ -67,6 +67,7 @@ Resources:
                 Effect: Allow
                 Action:
                   - 'cloudformation:CreateStack'
+                  - 'cloudformation:CreateChangeSet'
                   - 'cloudformation:DeleteStack'
                   - 'cloudformation:DescribeStacks'
                   - 'cloudformation:DescribeStackEvents'
@@ -130,6 +131,7 @@ Resources:
                   - 'kms:UpdateAlias'
                   - 'kms:UpdateCustomKeyStore'
                   - 'kms:UpdateKeyDescription'
+                  - 'lambda:InvokeFunction'
                   - 'resource-groups:CreateGroup'
                   - 'resource-groups:DeleteGroup'
                   - 'resource-groups:Tag'

cloudformation/ds_administration.yaml

@@ -73,6 +73,11 @@ Resources:
       ProductId: !Ref DSEnvironmentProduct
       RoleArn: !GetAtt DataSciencePrincipals.Outputs.SCLaunchRoleArn
 
+  CfnPyPlateMacro:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: pyplate_macro.yaml
+
   DataSciencePrincipals:
     Type: AWS::CloudFormation::Stack
     Properties:

cloudformation/ds_env_backing_store.yaml

@@ -5,10 +5,14 @@
 Description: Data Science Environment S3 data storage
 
 Parameters:
+  NaturalProjectName:
+    Type: String
+    Description: Natural name of the project team.
+
   ProjectName:
     Type: String
-    AllowedPattern: '[A-Za-z0-9\-]*'
-    Description: Please specify your project name.  Used as a suffix for project resource names.
+    AllowedPattern: '[a-z0-9\-]*'
+    Description: Project team name with no spaces or uppercase letters.
 
   EnvType:
     Description: System Environment
@@ -93,7 +97,7 @@ Resources:
                     !Sub "ds-s3-endpoint-${ProjectName}-${EnvType}-id"
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -116,7 +120,7 @@ Resources:
   DataBucket:
     Type: 'AWS::S3::Bucket'
     Properties:
-      BucketName:
+      BucketName: 
         !Join
           - ''
           -
@@ -146,7 +150,7 @@ Resources:
               KMSMasterKeyID: !Ref KMSCMK
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -204,7 +208,7 @@ Resources:
               KMSMasterKeyID: !Ref KMSCMK
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -240,6 +244,6 @@ Resources:
           Key: '< S3_CFN_STAGING_PATH >/project_template.zip'
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType

cloudformation/ds_env_catalog.yaml

@@ -2,10 +2,14 @@ Description: |
   Template to create a service catalog product to launch a notebook
 
 Parameters:
+  NaturalProjectName:
+    Type: String
+    Description: Natural name of the project team.
+
   ProjectName:
     Type: String
-    AllowedPattern: '[A-Za-z0-9\-]*'
-    Description: Please specify your project name.  Used as a suffix for project resource names.
+    AllowedPattern: '[a-z0-9\-]*'
+    Description: Project team name with no spaces or uppercase letters.
 
   EnvType:
     Description: System Environment
@@ -29,15 +33,15 @@ Resources:
       ProviderName: !Sub '${ProjectName} Administration'
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
   DSUserNotebookProduct:
     Type: AWS::ServiceCatalog::CloudFormationProduct
     Properties:
-      Description: !Sub 'SageMaker ${EnvType} notebook for the ${ProjectName} project'
-      Name: !Sub '${ProjectName} SageMaker ${EnvType} notebook'
+      Description: !Sub 'SageMaker ${EnvType} notebook for the ${NaturalProjectName} project'
+      Name: !Sub '${NaturalProjectName} SageMaker ${EnvType} notebook'
       Owner: 'Data Science CoE'
       ProvisioningArtifactParameters:
         - Name: 'DS User Notebook v1'
@@ -152,10 +156,10 @@ Resources:
         - 'arn:aws:iam::aws:policy/AWSCloudFormationFullAccess'
         - 'arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess'
         - 'arn:aws:iam::aws:policy/AmazonSageMakerFullAccess'
-        - 'arn:aws:iam::aws:policy/AWSLambdaFullAccess'
+        - 'arn:aws:iam::aws:policy/AWSLambda_FullAccess'
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 

cloudformation/ds_env_network.yaml

@@ -2,10 +2,14 @@ Description: |
   Create a secure VPC designed to host a data science project team.
 
 Parameters:
+  NaturalProjectName:
+    Type: String
+    Description: Natural name of the project team.
+
   ProjectName:
     Type: String
-    AllowedPattern: '[A-Za-z0-9\-]*'
-    Description: Please specify your project name.  Used as a suffix for project resource names.
+    AllowedPattern: '[a-z0-9\-]*'
+    Description: Project team name with no spaces or uppercase letters.
 
   EnvType:
     Description: System Environment
@@ -93,7 +97,7 @@ Resources:
         - Key: Name
           Value: !Sub "ds-vpc-${ProjectName}-${EnvType}"
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -113,7 +117,7 @@ Resources:
       AvailabilityZone: !Sub  "${AWS::Region}a"
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -133,7 +137,7 @@ Resources:
       AvailabilityZone: !Sub  "${AWS::Region}b"
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -153,7 +157,7 @@ Resources:
       AvailabilityZone: !Sub  "${AWS::Region}c"
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -177,7 +181,7 @@ Resources:
       VpcId: !Ref SageMakerVPC
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -217,7 +221,7 @@ Resources:
           SourceSecurityGroupId: !GetAtt SageMakerSecurityGroup.GroupId
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -228,7 +232,7 @@ Resources:
       VpcId: !Ref SageMakerVPC
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -252,7 +256,7 @@ Resources:
           SourceSecurityGroupId: !GetAtt SageMakerSecurityGroup.GroupId
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 

cloudformation/ds_env_principals.yaml

@@ -2,10 +2,14 @@ Description: |
   Template to create IAM principals for operation within the data science environment.
 
 Parameters:
+  NaturalProjectName:
+    Type: String
+    Description: Natural name of the project team.
+
   ProjectName:
     Type: String
-    AllowedPattern: '[A-Za-z0-9\-]*'
-    Description: Please specify your project name.  Used as a suffix for project resource names.
+    AllowedPattern: '[a-z0-9\-]*'
+    Description: Project team name with no spaces or uppercase letters.
 
   EnvType:
     Description: System Environment
@@ -67,7 +71,7 @@ Resources:
         - 'arn:aws:iam::aws:policy/AWSCodeCommitFullAccess'
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 
@@ -176,7 +180,7 @@ Resources:
         - 'arn:aws:iam::aws:policy/AWSCodeCommitReadOnly'
       Tags:
         - Key: ProjectName
-          Value: !Ref ProjectName
+          Value: !Ref NaturalProjectName
         - Key: EnvironmentType
           Value: !Ref EnvType
 

cloudformation/ds_env_sagemaker.yaml

@@ -5,10 +5,14 @@
 Description: SageMaker specific resources for Data Science Environment
 
 Parameters:
+  NaturalProjectName:
+    Type: String
+    Description: Natural name of the project team.
+
   ProjectName:
     Type: String
-    AllowedPattern: '[A-Za-z0-9\-]*'
-    Description: Please specify your Team Name.  Used as a suffix for team resource names
+    AllowedPattern: '[a-z0-9\-]*'
+    Description: Project team name with no spaces or uppercase letters.
 
   EnvType:
     Description: >-