Feature/691 support cdk json override

README.md

@@ -98,7 +98,37 @@ You can specify the following parameters during deployment to enhance security a
 - **--disable-ipv6**: Disable connections over IPv6. (default: enabled)
 - **--allowed-signup-email-domains**: Comma-separated list of allowed email domains for sign-up. (default: no domain restriction)
 - **--bedrock-region**: Define the region where bedrock is available. (default: us-east-1)
+- **--repo-url**: The custom repo of Bedrock Claude Chat to deploy, if forked or custom source control. (default: https://github.com/aws-samples/bedrock-claude-chat.git)
 - **--version**: The version of Bedrock Claude Chat to deploy. (default: latest version in development)
+- **--cdk-json-override**: You can override any CDK context values during deployment using the override JSON block. This allows you to modify the configuration without editing the cdk.json file directly.
+
+Example usage:
+
+```bash
+./bin.sh --cdk-json-override '{
+  "context": {
+    "selfSignUpEnabled": false,
+    "enableLambdaSnapStart": true,
+    "allowedIpV4AddressRanges": ["192.168.1.0/24"],
+    "allowedSignUpEmailDomains": ["example.com"]
+  }
+}'
+```
+
+The override JSON must follow the same structure as cdk.json. You can override any context values including:
+
+- `selfSignUpEnabled`
+- `enableLambdaSnapStart` 
+- `allowedIpV4AddressRanges`
+- `allowedIpV6AddressRanges`
+- `allowedSignUpEmailDomains`
+- `bedrockRegion`
+- `enableRagReplicas`
+- `enableBedrockCrossRegionInference`
+- And other context values defined in cdk.json
+
+> [!Note]
+> The override values will be merged with the existing cdk.json configuration during the deployment time in the AWS code build. Values specified in the override will take precedence over the values in cdk.json.
 
 #### Example command with parameters:
 

bin.sh

@@ -41,6 +41,8 @@ IPV6_RANGES=""
 DISABLE_IPV6="false"
 ALLOWED_SIGN_UP_EMAIL_DOMAINS=""
 BEDROCK_REGION="us-east-1"
+CDK_JSON_OVERRIDE="{}"
+REPO_URL="https://github.com/aws-samples/bedrock-claude-chat.git"
 VERSION="v2"
 
 # Parse command-line arguments for customization
@@ -53,6 +55,8 @@ while [[ "$#" -gt 0 ]]; do
         --ipv6-ranges) IPV6_RANGES="$2"; shift ;;
         --bedrock-region) BEDROCK_REGION="$2"; shift ;;
         --allowed-signup-email-domains) ALLOWED_SIGN_UP_EMAIL_DOMAINS="$2"; shift ;;
+        --cdk-json-override) CDK_JSON_OVERRIDE="$2"; shift ;;
+        --repo-url) REPO_URL="$2"; shift ;;
         --version) VERSION="$2"; shift ;;
         *) echo "Unknown parameter: $1"; exit 1 ;;
     esac
@@ -82,6 +86,8 @@ aws cloudformation deploy \
     Ipv6Ranges="$IPV6_RANGES" \
     AllowedSignUpEmailDomains="$ALLOWED_SIGN_UP_EMAIL_DOMAINS" \
     BedrockRegion="$BEDROCK_REGION" \
+    CdkJsonOverride="$CDK_JSON_OVERRIDE" \
+    RepoUrl="$REPO_URL" \
     Version="$VERSION"
 
 echo "Waiting for the stack creation to complete..."

deploy.yml

@@ -23,6 +23,12 @@ Parameters:
   BedrockRegion:
     Type: String
     Default: "us-east-1"
+  CdkJsonOverride:
+    Type: String
+    Default: "{}"
+  RepoUrl:
+    Type: String
+    Default: "https://github.com/aws-samples/bedrock-claude-chat.git"
   Version:
     Type: String
     Default: "v2"
@@ -128,6 +134,10 @@ Resources:
             Value: !Ref AllowedSignUpEmailDomains
           - Name: BEDROCK_REGION
             Value: !Ref BedrockRegion
+          - Name: CDK_JSON_OVERRIDE
+            Value: !Ref CdkJsonOverride
+          - Name: REPO_URL
+            Value: !Ref RepoUrl
           - Name: VERSION
             Value: !Ref Version
       ServiceRole:
@@ -148,15 +158,17 @@ Resources:
               "build": {
                 "commands": [
                   "echo 'Build phase...'",
-                  "git clone --branch $VERSION https://github.com/aws-samples/bedrock-claude-chat.git",
+                  "git clone --branch $VERSION $REPO_URL bedrock-claude-chat",
                   "cd bedrock-claude-chat",
                   "if [ \"$ALLOW_SELF_REGISTER\" = \"false\" ]; then sed -i 's/\"selfSignUpEnabled\": true/\"selfSignUpEnabled\": false/' cdk/cdk.json; fi",
                   "if [ \"$ENABLE_LAMBDA_SNAPSTART\" = \"false\" ]; then sed -i 's/\"enableLambdaSnapStart\": true/\"enableLambdaSnapStart\": false/' cdk/cdk.json; fi",
                   "if [ ! -z \"$IPV4_RANGES\" ]; then jq --arg ipv4 \"$IPV4_RANGES\" '.context.allowedIpV4AddressRanges = ($ipv4 | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
                   "if [ \"$DISABLE_IPV6\" = \"true\" ]; then jq '.context.allowedIpV6AddressRanges = []' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; elif [ ! -z \"$IPV6_RANGES\" ]; then jq --arg ipv6 \"$IPV6_RANGES\" '.context.allowedIpV6AddressRanges = ($ipv6 | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
                   "if [ ! -z \"$ALLOWED_SIGN_UP_EMAIL_DOMAINS\" ]; then jq --arg domains \"$ALLOWED_SIGN_UP_EMAIL_DOMAINS\" '.context.allowedSignUpEmailDomains = ($domains | split(\",\"))' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json; fi",
                   "sed -i \"s/\\\"bedrockRegion\\\": \\\"[^\\\"]*\\\"/\\\"bedrockRegion\\\": \\\"${BEDROCK_REGION}\\\"/\" cdk/cdk.json",
+                  "echo \"$CDK_JSON_OVERRIDE\" | jq '.' && jq --argjson override \"$CDK_JSON_OVERRIDE\" '. * $override' cdk/cdk.json > temp.json && mv temp.json cdk/cdk.json",
                   "cd cdk",
+                  "cat cdk.json",
                   "npm ci",
                   "npx cdk bootstrap",
                   "npx cdk deploy --require-approval never --all"