AMI tag check added for all operations and commands which handles AMI.

src/main/java/com/nike/cerberus/ConfigConstants.java

@@ -107,4 +107,14 @@ public class ConfigConstants {
             JDBC_URL_KEY,
             JDBC_USERNAME_KEY,
             JDBC_PASSWORD_KEY);
+
+    public static final String CERBERUS_AMI_TAG_NAME = "tag:cerberus_component";
+
+    public static final String CMS_AMI_TAG_VALUE = "cms";
+
+    public static final String GATEWAY_AMI_TAG_VALUE = "gateway";
+
+    public static final String CONSUL_AMI_TAG_VALUE = "consul";
+
+    public static final String VAULT_AMI_TAG_VALUE = "vault";
 }

src/main/java/com/nike/cerberus/command/cms/CreateCmsClusterCommand.java

@@ -16,6 +16,7 @@
 
 package com.nike.cerberus.command.cms;
 
+import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
 import com.beust.jcommander.ParametersDelegate;
 import com.nike.cerberus.command.Command;
@@ -33,6 +34,8 @@ public class CreateCmsClusterCommand implements Command {
 
     public static final String COMMAND_NAME = "create-cms-cluster";
 
+    public static final String SKIP_AMI_TAG_CHECK_ARG = "--skip-ami-tag-check";
+
     @ParametersDelegate
     private StackDelegate stackDelegate = new StackDelegate();
 
@@ -45,6 +48,14 @@ public String getCommandName() {
         return COMMAND_NAME;
     }
 
+    @Parameter(names = SKIP_AMI_TAG_CHECK_ARG,
+            description = "Flag for skipping validation of AMI with matching stackname tags")
+    private boolean skipAmiTagCheck;
+
+    public boolean isSkipAmiTagCheck() {
+        return skipAmiTagCheck;
+    }
+
     @Override
     public Class<? extends Operation<?>> getOperationClass() {
         return CreateCmsClusterOperation.class;

src/main/java/com/nike/cerberus/command/consul/CreateConsulClusterCommand.java

@@ -16,6 +16,7 @@
 
 package com.nike.cerberus.command.consul;
 
+import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
 import com.beust.jcommander.ParametersDelegate;
 import com.nike.cerberus.command.Command;
@@ -33,6 +34,8 @@ public class CreateConsulClusterCommand implements Command {
 
     public static final String COMMAND_NAME = "create-consul-cluster";
 
+    public static final String SKIP_AMI_TAG_CHECK_ARG = "--skip-ami-tag-check";
+
     @ParametersDelegate
     private StackDelegate stackDelegate = new StackDelegate();
 
@@ -45,6 +48,14 @@ public String getCommandName() {
         return COMMAND_NAME;
     }
 
+    @Parameter(names = SKIP_AMI_TAG_CHECK_ARG,
+            description = "Flag for skipping validation of AMI with matching stackname tags")
+    private boolean skipAmiTagCheck;
+
+    public boolean isSkipAmiTagCheck() {
+        return skipAmiTagCheck;
+    }
+
     @Override
     public Class<? extends Operation<?>> getOperationClass() {
         return CreateConsulClusterOperation.class;

src/main/java/com/nike/cerberus/command/core/UpdateStackCommand.java

@@ -39,6 +39,7 @@ public class UpdateStackCommand implements Command {
     public static final String COMMAND_NAME = "update-stack";
     public static final String OVERWRITE_TEMPLATE_LONG_ARG = "--overwrite-template";
     public static final String PARAMETER_SHORT_ARG = "-P";
+    public static final String SKIP_AMI_TAG_CHECK_ARG = "--skip-ami-tag-check";
 
     @Parameter(names = {"--stack-name"}, required = true, description = "The stack name to update.")
     private StackName stackName;
@@ -78,6 +79,10 @@ public class UpdateStackCommand implements Command {
     @Parameter(names = StackDelegate.MIN_INSTANCES_LONG_ARG, description = "Minimum number of autos scaling instances")
     private Integer minimumInstances;
 
+    @Parameter(names = SKIP_AMI_TAG_CHECK_ARG,
+            description = "Flag for skipping validation of AMI with matching stackname tags")
+    private boolean skipAmiTagCheck;
+
     @DynamicParameter(names = PARAMETER_SHORT_ARG, description = "Dynamic parameters for overriding the values for specific parameters in the CloudFormation.")
     private Map<String, String> dynamicParameters = new HashMap<>();
 
@@ -129,6 +134,10 @@ public Integer getMinimumInstances() {
         return minimumInstances;
     }
 
+    public boolean isSkipAmiTagCheck() {
+        return skipAmiTagCheck;
+    }
+
     @Override
     public String getCommandName() {
         return COMMAND_NAME;

src/main/java/com/nike/cerberus/command/gateway/CreateGatewayClusterCommand.java

@@ -35,6 +35,7 @@ public class CreateGatewayClusterCommand implements Command {
     public static final String COMMAND_NAME = "create-gateway-cluster";
     public static final String HOSTED_ZONE_ID_LONG_ARG = "--hosted-zone-id";
     public static final String HOSTNAME_LONG_ARG = "--hostname";
+    public static final String SKIP_AMI_TAG_CHECK_ARG = "--skip-ami-tag-check";
 
     @Parameter(names = HOSTED_ZONE_ID_LONG_ARG,
             description = "The Route 53 hosted zone ID that will be used to create the CNAME record for Cerberus.",
@@ -46,6 +47,10 @@ public class CreateGatewayClusterCommand implements Command {
             required = true)
     private String hostname;
 
+    @Parameter(names = SKIP_AMI_TAG_CHECK_ARG,
+            description = "Flag for skipping validation of AMI with matching stackname tags")
+    private boolean skipAmiTagCheck;
+
     @ParametersDelegate
     private StackDelegate stackDelegate = new StackDelegate();
 
@@ -57,6 +62,10 @@ public String getHostname() {
         return hostname;
     }
 
+    public boolean isSkipAmiTagCheck() {
+        return skipAmiTagCheck;
+    }
+
     public StackDelegate getStackDelegate() {
         return stackDelegate;
     }

src/main/java/com/nike/cerberus/command/vault/CreateVaultClusterCommand.java

@@ -16,6 +16,7 @@
 
 package com.nike.cerberus.command.vault;
 
+import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
 import com.beust.jcommander.ParametersDelegate;
 import com.nike.cerberus.command.Command;
@@ -33,6 +34,8 @@ public class CreateVaultClusterCommand implements Command {
 
     public static final String COMMAND_NAME = "create-vault-cluster";
 
+    public static final String SKIP_AMI_TAG_CHECK_ARG = "--skip-ami-tag-check";
+
     @ParametersDelegate
     private StackDelegate stackDelegate = new StackDelegate();
 
@@ -45,6 +48,14 @@ public String getCommandName() {
         return COMMAND_NAME;
     }
 
+    @Parameter(names = SKIP_AMI_TAG_CHECK_ARG,
+            description = "Flag for skipping validation of AMI with matching stackname tags")
+    private boolean skipAmiTagCheck;
+
+    public boolean isSkipAmiTagCheck() {
+        return skipAmiTagCheck;
+    }
+
     @Override
     public Class<? extends Operation<?>> getOperationClass() {
         return CreateVaultClusterOperation.class;

src/main/java/com/nike/cerberus/operation/cms/CreateCmsClusterOperation.java

@@ -30,6 +30,7 @@
 import com.nike.cerberus.operation.UnexpectedCloudFormationStatusException;
 import com.nike.cerberus.service.CloudFormationService;
 import com.nike.cerberus.service.Ec2UserDataService;
+import com.nike.cerberus.service.AmiTagCheckService;
 import com.nike.cerberus.store.ConfigStore;
 import com.nike.cerberus.util.UuidSupplier;
 import org.slf4j.Logger;
@@ -55,6 +56,8 @@ public class CreateCmsClusterOperation implements Operation<CreateCmsClusterComm
 
     private final Ec2UserDataService ec2UserDataService;
 
+    private final AmiTagCheckService amiTagCheckService;
+
     private final UuidSupplier uuidSupplier;
 
     private final ConfigStore configStore;
@@ -65,12 +68,14 @@ public class CreateCmsClusterOperation implements Operation<CreateCmsClusterComm
     public CreateCmsClusterOperation(final EnvironmentMetadata environmentMetadata,
                                      final CloudFormationService cloudFormationService,
                                      final Ec2UserDataService ec2UserDataService,
+                                     final AmiTagCheckService amiTagCheckService,
                                      final UuidSupplier uuidSupplier,
                                      final ConfigStore configStore,
                                      @Named(CF_OBJECT_MAPPER) final ObjectMapper cloudformationObjectMapper) {
         this.environmentMetadata = environmentMetadata;
         this.cloudFormationService = cloudFormationService;
         this.ec2UserDataService = ec2UserDataService;
+        this.amiTagCheckService = amiTagCheckService;
         this.uuidSupplier = uuidSupplier;
         this.configStore = configStore;
         this.cloudformationObjectMapper = cloudformationObjectMapper;
@@ -88,6 +93,11 @@ public void run(final CreateCmsClusterCommand command) {
             throw new IllegalStateException("CMS certificate has not been uploaded!");
         }
 
+        // Make sure the given AmiId is for CMS component. Check if it contains required tag
+        if ( !command.isSkipAmiTagCheck() ) {
+            amiTagCheckService.validateAmiTagForStack(command.getStackDelegate().getAmiId(), StackName.CMS);
+        }
+
         final CmsParameters cmsParameters = new CmsParameters()
                 .setInstanceProfileName(baseOutputs.getCmsInstanceProfileName())
                 .setCmsElbSgId(baseOutputs.getCmsElbSgId())

src/main/java/com/nike/cerberus/operation/consul/CreateConsulClusterOperation.java

@@ -30,6 +30,7 @@
 import com.nike.cerberus.operation.UnexpectedCloudFormationStatusException;
 import com.nike.cerberus.service.CloudFormationService;
 import com.nike.cerberus.service.Ec2UserDataService;
+import com.nike.cerberus.service.AmiTagCheckService;
 import com.nike.cerberus.store.ConfigStore;
 import com.nike.cerberus.util.UuidSupplier;
 import org.apache.commons.lang3.StringUtils;
@@ -55,6 +56,8 @@ public class CreateConsulClusterOperation implements Operation<CreateConsulClust
 
     private final Ec2UserDataService ec2UserDataService;
 
+    private final AmiTagCheckService amiTagCheckService;
+
     private final UuidSupplier uuidSupplier;
 
     private final ConfigStore configStore;
@@ -65,12 +68,14 @@ public class CreateConsulClusterOperation implements Operation<CreateConsulClust
     public CreateConsulClusterOperation(final EnvironmentMetadata environmentMetadata,
                                final CloudFormationService cloudFormationService,
                                final Ec2UserDataService ec2UserDataService,
+                               final AmiTagCheckService amiTagCheckService,
                                final UuidSupplier uuidSupplier,
                                final ConfigStore configStore,
                                @Named(CF_OBJECT_MAPPER) final ObjectMapper cloudformationObjectMapper) {
         this.environmentMetadata = environmentMetadata;
         this.cloudFormationService = cloudFormationService;
         this.ec2UserDataService = ec2UserDataService;
+        this.amiTagCheckService = amiTagCheckService;
         this.uuidSupplier = uuidSupplier;
         this.configStore = configStore;
         this.cloudformationObjectMapper = cloudformationObjectMapper;
@@ -81,6 +86,11 @@ public void run(final CreateConsulClusterCommand command) {
         final String uniqueStackName = String.format("%s-%s", StackName.CONSUL.getName(), uuidSupplier.get());
         final BaseOutputs baseOutputs = configStore.getBaseStackOutputs();
 
+        // Make sure the given AmiId is for Consul component. Check if it contains required tag
+        if ( !command.isSkipAmiTagCheck() ) {
+            amiTagCheckService.validateAmiTagForStack(command.getStackDelegate().getAmiId(), StackName.CONSUL);
+        }
+
         final ConsulParameters consulParameters = new ConsulParameters()
                 .setInstanceProfileName(baseOutputs.getConsulInstanceProfileName())
                 .setConsulClientSgId(baseOutputs.getConsulClientSgId())

src/main/java/com/nike/cerberus/operation/core/UpdateStackOperation.java

@@ -37,6 +37,7 @@
 import com.nike.cerberus.operation.UnexpectedCloudFormationStatusException;
 import com.nike.cerberus.service.CloudFormationService;
 import com.nike.cerberus.service.Ec2UserDataService;
+import com.nike.cerberus.service.AmiTagCheckService;
 import com.nike.cerberus.store.ConfigStore;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -71,15 +72,19 @@ public class UpdateStackOperation implements Operation<UpdateStackCommand> {
 
     private final Ec2UserDataService ec2UserDataService;
 
+    private final AmiTagCheckService amiTagCheckService;
+
     @Inject
     public UpdateStackOperation(final ConfigStore configStore,
                                 final CloudFormationService cloudFormationService,
                                 @Named(CF_OBJECT_MAPPER) final ObjectMapper cloudformationObjectMapper,
-                                final Ec2UserDataService ec2UserDataService) {
+                                final Ec2UserDataService ec2UserDataService,
+                                final AmiTagCheckService amiTagCheckService) {
         this.configStore = configStore;
         this.cloudFormationService = cloudFormationService;
         this.cloudformationObjectMapper = cloudformationObjectMapper;
         this.ec2UserDataService = ec2UserDataService;
+        this.amiTagCheckService = amiTagCheckService;
 
         stackParameterMap = new HashMap<>();
         stackParameterMap.put(StackName.CONSUL, ConsulParameters.class);
@@ -109,6 +114,12 @@ public void run(final UpdateStackCommand command) {
             throw new IllegalArgumentException("The specified stack does not support the update stack command!");
         }
 
+        // Make sure the given AmiId is for this component. Check if it contains required tag
+        // There is no AMI for Base.
+        if ( !command.isSkipAmiTagCheck() && StackName.BASE != command.getStackName() ) {
+            amiTagCheckService.validateAmiTagForStack(command.getAmiId(),command.getStackName());
+        }
+
         parameters.putAll(command.getDynamicParameters());
 
         try {

src/main/java/com/nike/cerberus/operation/gateway/CreateGatewayClusterOperation.java

@@ -31,6 +31,7 @@
 import com.nike.cerberus.operation.UnexpectedCloudFormationStatusException;
 import com.nike.cerberus.service.CloudFormationService;
 import com.nike.cerberus.service.Ec2UserDataService;
+import com.nike.cerberus.service.AmiTagCheckService;
 import com.nike.cerberus.store.ConfigStore;
 import com.nike.cerberus.util.UuidSupplier;
 import org.apache.commons.lang3.StringUtils;
@@ -57,6 +58,8 @@ public class CreateGatewayClusterOperation implements Operation<CreateGatewayClu
 
     private final Ec2UserDataService ec2UserDataService;
 
+    private final AmiTagCheckService amiTagCheckService;
+
     private final UuidSupplier uuidSupplier;
 
     private final ConfigStore configStore;
@@ -67,12 +70,14 @@ public class CreateGatewayClusterOperation implements Operation<CreateGatewayClu
     public CreateGatewayClusterOperation(final EnvironmentMetadata environmentMetadata,
                                          final CloudFormationService cloudFormationService,
                                          final Ec2UserDataService ec2UserDataService,
+                                         final AmiTagCheckService amiTagCheckService,
                                          final UuidSupplier uuidSupplier,
                                          final ConfigStore configStore,
                                          @Named(CF_OBJECT_MAPPER) final ObjectMapper cloudformationObjectMapper) {
         this.environmentMetadata = environmentMetadata;
         this.cloudFormationService = cloudFormationService;
         this.ec2UserDataService = ec2UserDataService;
+        this.amiTagCheckService = amiTagCheckService;
         this.uuidSupplier = uuidSupplier;
         this.configStore = configStore;
         this.cloudformationObjectMapper = cloudformationObjectMapper;
@@ -90,6 +95,11 @@ public void run(final CreateGatewayClusterCommand command) {
             throw new IllegalStateException("Gateway certificate has not been uploaded!");
         }
 
+        // Make sure the given AmiId is for Gateway component. Check if it contains required tag
+        if ( !command.isSkipAmiTagCheck() ) {
+            amiTagCheckService.validateAmiTagForStack(command.getStackDelegate().getAmiId(), StackName.GATEWAY);
+        }
+
         final GatewayParameters gatewayParameters = new GatewayParameters()
                 .setVpcId(baseOutputs.getVpcId())
                 .setInstanceProfileName(baseOutputs.getGatewayInstanceProfileName())

src/main/java/com/nike/cerberus/operation/vault/CreateVaultClusterOperation.java

@@ -30,6 +30,7 @@
 import com.nike.cerberus.operation.UnexpectedCloudFormationStatusException;
 import com.nike.cerberus.service.CloudFormationService;
 import com.nike.cerberus.service.Ec2UserDataService;
+import com.nike.cerberus.service.AmiTagCheckService;
 import com.nike.cerberus.store.ConfigStore;
 import com.nike.cerberus.util.UuidSupplier;
 import org.apache.commons.lang3.StringUtils;
@@ -56,6 +57,8 @@ public class CreateVaultClusterOperation implements Operation<CreateVaultCluster
 
     private final Ec2UserDataService ec2UserDataService;
 
+    private final AmiTagCheckService amiTagCheckService;
+
     private final UuidSupplier uuidSupplier;
 
     private final ConfigStore configStore;
@@ -66,12 +69,14 @@ public class CreateVaultClusterOperation implements Operation<CreateVaultCluster
     public CreateVaultClusterOperation(final EnvironmentMetadata environmentMetadata,
                                        final CloudFormationService cloudFormationService,
                                        final Ec2UserDataService ec2UserDataService,
+                                       final AmiTagCheckService amiTagCheckService,
                                        final UuidSupplier uuidSupplier,
                                        final ConfigStore configStore,
                                        @Named(CF_OBJECT_MAPPER) final ObjectMapper cloudformationObjectMapper) {
         this.environmentMetadata = environmentMetadata;
         this.cloudFormationService = cloudFormationService;
         this.ec2UserDataService = ec2UserDataService;
+        this.amiTagCheckService = amiTagCheckService;
         this.uuidSupplier = uuidSupplier;
         this.configStore = configStore;
         this.cloudformationObjectMapper = cloudformationObjectMapper;
@@ -89,6 +94,11 @@ public void run(final CreateVaultClusterCommand command) {
             throw new IllegalStateException("Vault server certificate has not been uploaded!");
         }
 
+        // Make sure the given AmiId is for Vault component. Check if it contains required tag
+        if ( !command.isSkipAmiTagCheck() ) {
+            amiTagCheckService.validateAmiTagForStack(command.getStackDelegate().getAmiId(), StackName.VAULT);
+        }
+
         final VaultParameters vaultParameters = new VaultParameters()
                 .setInstanceProfileName(baseOutputs.getVaultInstanceProfileName())
                 .setVaultClientSgId(baseOutputs.getVaultClientSgId())