CLI Commands
This page provides a reference for all Seed-Farmer CLI commands.
bootstrap¶
Bootstrap (initialize) a Toolchain or Target account
Usage:
Options:
Subcommands
bootstrap target¶
Bootstrap a Target account.
Usage:
Options:
-p, --project TEXT Project identifier
-t, --toolchain-account TEXT Account Id of the Toolchain account trusted
to assume the Target account's Deployment
Role [required]
-b, --permissions-boundary TEXT
ARN of a Managed Policy to set as the
Permission Boundary on the Toolchain Role
--synth / --no-synth Synthesize a CFN template only...do not
deploy [default: no-synth]
--profile TEXT The AWS profile to use to initiate a session
--region TEXT AWS region to use to initiate a session
--qualifier TEXT A qualifier to append to target role (alpha-
numeric char max length of 6). If used on
the toolchain account, it should be used
here!
--role-prefix TEXT An IAM path prefix to use with the
seedfarmer roles.
-pa, --policy-arn TEXT ARN of existing Policy to attach to Target
Role (Deploymenmt Role) This can be use
multiple times to create a list, but EACH
policy MUST be valid in the Target Account
--debug / --no-debug Enable detail logging [default: no-debug]
--help Show this message and exit.
bootstrap toolchain¶
Bootstrap a Toolchain account.
Usage:
Options:
-p, --project TEXT Project identifier
-t, --trusted-principal TEXT ARN of Principals trusted to assume the
Toolchain Role. This can be used multiple
times to create a list. [required]
-b, --permissions-boundary TEXT
ARN of a Managed Policy to set as the
Permission Boundary on the Toolchain Role
--as-target / --not-as-target Optionally also bootstrap the account as a
Target account [default: not-as-target]
--synth / --no-synth Synthesize a CFN bootstrap template
only...do not deploy [default: no-synth]
--profile TEXT The AWS profile to use to initiate a session
--region TEXT AWS region to use to initiate a session
--qualifier TEXT A qualifier to append to toolchain role
(alpha-numeric char max length of 6). If
used, it MUST be used on every seedfarmer
command.
--role-prefix TEXT An IAM path prefix to use with the
seedfarmer roles.
--policy-prefix TEXT An IAM path prefix to use with the
seedfarmer policies.
-pa, --policy-arn TEXT ARN of existing Policy to attach to Target
Role (Deploymenmt Role) This can be use
multiple times, but EACH policy MUST be
valid in the Target Account. The `--as-
target` flag must be used if passing in
policy arns as they are applied to the
Deployment Role only.
--debug / --no-debug Enable detail logging [default: no-debug]
--help Show this message and exit.
seedkit¶
Top Level command to support seedkits in SeedFarmer
Usage:
Options:
Subcommands
- deploy: Deploy a seedkit in the specified account and region. There can
- destroy: No description was provided with this command.
seedkit deploy¶
Deploy a seedkit in the specified account and region. There can be only one per seedfarmer project and is region-based.
Usage:
Options:
--policy-arn TEXT
--deploy-codeartifact / --skip-codeartifact
Deploy the optional CodeArtifact Domain and
Repository [default: skip-codeartifact]
--profile TEXT AWS Credentials profile to use for boto3
commands
--region TEXT AWS region to use for boto3 commands
--vpc-id TEXT The VPC ID that the Codebuild Project
resides in (only 1)
--subnet-id TEXT A subnet that the Codebuild Project resides
in (many can be passed in)
--sg-id TEXT A Securtiy Group in the VPC that the
Codebuild Project can leverage (up to 5)
-b, --permissions-boundary-arn TEXT
ARN of a Managed Policy to set as the
Permission Boundary on the CodeBuild Role
--synth / --no-synth Synthesize seedkit template only. Do not
deploy [default: no-synth]
--debug / --no-debug Enable detailed logging. [default: no-
debug]
--help Show this message and exit.
seedkit destroy¶
Usage:
Options:
--profile TEXT AWS Credentials profile to use for boto3 commands
--region TEXT AWS region to use for boto3 commands
--debug / --no-debug Enable detailed logging. [default: no-debug]
--help Show this message and exit.
init¶
Initialize a project or module
Usage:
Options:
Subcommands
init module¶
Initialize a new module
Usage:
Options:
-g, --group-name TEXT The group the module belongs to. The `group` is
created if it doesn't exist
-m, --module-name TEXT The module name [required]
-mt, --module-type TEXT The type of module code deployed...only 'cdkv2'
is accepted if used here
-t, --template-url TEXT The template URL. If not specified, the default
template repo is
`https://github.com/awslabs/seed-farmer`
-b, --template-branch TEXT The Branch on the template repository. If not
specified, the default template branch is `main`
--debug / --no-debug Enable detail logging [default: no-debug]
--help Show this message and exit.
init project¶
Initialize a project.
Usage:
Options:
-p, --project-name TEXT The name of the project. If None,
seedfarmer.yaml must be at the dir where cli
invoked.
-pd, --project_dir TEXT The name of the directory that houses the
project if not to be the same as the project
name
-t, --template-url TEXT The template URL. If not specified, the default
template repo is
`https://github.com/awslabs/seed-farmer`
-b, --template-branch TEXT The Branch on the template repository. If not
specified, the default template branch is `init-
project`
--help Show this message and exit.
apply¶
Apply manifests to a SeedFarmer managed deployment
Usage:
Options:
--profile TEXT The AWS profile used to create a session to
assume the toolchain role
--region TEXT The AWS region used to create a session to
assume the toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer
roles. Use only if bootstrapped with this
qualifier
--role-prefix TEXT An IAM path prefix of the seedfarmer
toolchain and target roles. Use only if
bootstrapped with this path
--env-file TEXT A relative path to the .env file to load
environment variables from. Multple files
can be passed in by repeating this flag, and
the order will be preserved when overriding
duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-
debug]
--dry-run / --no-dry-run Apply but do not execute.... [default: no-
dry-run]
--show-manifest / --no-show-manifest
Write out the generated deployment manifest
to console [default: no-show-manifest]
--enable-session-timeout / --disable-session-timeout
Enable boto3 Session timeouts. If enabled,
boto3 Sessions will be reset on the timeout
interval [default: disable-session-timeout]
--session-timeout-interval INTEGER
If --enable-session-timeout, the interval,
in seconds, to reset boto3 Sessions
[default: 900]
--update-seedkit / --no-update-seedkit
Force SeedFarmer to update the SeedKit when
invoked [default: no-update-seedkit]
--update-project-policy / --no-update-project-policy
Force SeedFarmer to update the deployed
Project Policy when invoked [default: no-
update-project-policy]
--local / --remote Indicates whether to use local session role
or the SeedFarmer roles [default: remote]
--enable-self-access-logs / --no-enable-self-access-logs
Enable S3 self access logging to access-
logs/ prefix for seedkit and artifact
buckets [default: no-enable-self-access-
logs]
--help Show this message and exit.
destroy¶
Destroy a SeedFarmer managed deployment
Usage:
Options:
--dry-run / --no-dry-run Apply but do not execute.... [default: no-
dry-run]
--show-manifest / --no-show-manifest
Write out the generated deployment manifest
[default: no-show-manifest]
--profile TEXT The AWS profile used to create a session to
assume the toolchain role
--region TEXT The AWS region used to create a session to
assume the toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer
roles. Use only if bootstrapped with this
qualifier
--role-prefix TEXT An IAM path prefix of the seedfarmer
toolchain and target roles. Use only if
bootstrapped with this path
--env-file TEXT A relative path to the .env file to load
environment variables from. Multple files
can be passed in by repeating this flag, and
the order will be preserved when overriding
duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-
debug]
--enable-session-timeout / --disable-session-timeout
Enable boto3 Session timeouts. If enabled,
boto3 Sessions will be reset on the timeout
interval [default: disable-session-timeout]
--session-timeout-interval INTEGER
If --enable-session-timeout, the interval,
in seconds, to reset boto3 Sessions
[default: 900]
--remove-seedkit / --no-remove-seedkit
Delete the seedkit after destroy of
deployment. NOTE: this will forcibly remove
the seedkit for ALL deployments of this
project. Use with CAUTION. If you are
unsure, do not use this flag. [default: no-
remove-seedkit]
--local / --remote Indicates whether to use local session role
or the SeedFarmer roles [default: remote]
--help Show this message and exit.
list¶
List the relative data (module or deployment)
Usage:
Options:
Subcommands
- allmoduledata: Fetch ALL module metadata in the deployment as a dict
- buildparams: Fetch the environment params of an executed build.
- dependencies: List all dependencies of a module
- deployments: List the deployments in this account
- deployspec: List the stored deployspec of a module
- moduledata: Fetch the module metadata
- modules: List the modules in a deployment
- schema: Generate the schema that SeedFarmer uses for manifest objects.
list allmoduledata¶
Fetch ALL module metadata in the deployment as a dict
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume the
toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--env-file TEXT A relative path to the .env file to load environment
variables from. Multple files can be passed in by
repeating this flag, and the order will be preserved
when overriding duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-debug]
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--help Show this message and exit.
list buildparams¶
Fetch the environment params of an executed build. This is to help with local development efforts.
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
--build-id TEXT The Build ID to fetch this info for
[required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to
assume the toolchain role
--region TEXT The AWS region used to create a session to
assume the toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer
roles. Use only if bootstrapped with this
qualifier
--export-local-env / --no-export-local-env
Print the moduledata as env parameters for
local development support INSTEAD of json
(default is FALSE) [default: no-export-
local-env]
--env-file TEXT A relative path to the .env file to load
environment variables from. Multple files
can be passed in by repeating this flag, and
the order will be preserved when overriding
duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-
debug]
--local / --remote Indicates whether to use local session role
or the SeedFarmer roles [default: remote]
--help Show this message and exit.
list dependencies¶
List all dependencies of a module
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume the
toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--env-file TEXT A relative path to the .env file to load environment
variables from. Multple files can be passed in by
repeating this flag, and the order will be preserved
when overriding duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-debug]
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--help Show this message and exit.
list deployments¶
List the deployments in this account
Usage:
Options:
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume the
toolchain role
--region TEXT The AWS region used to create a session to assume the
toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use only
if bootstrapped with this qualifier
--debug / --no-debug Enable detailed logging. [default: no-debug]
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--help Show this message and exit.
list deployspec¶
List the stored deployspec of a module
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume the
toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--env-file TEXT A relative path to the .env file to load environment
variables from. Multple files can be passed in by
repeating this flag, and the order will be preserved
when overriding duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-debug]
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--help Show this message and exit.
list moduledata¶
Fetch the module metadata
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to
assume the toolchain role
--region TEXT The AWS region used to create a session to
assume the toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer
roles. Use only if bootstrapped with this
qualifier
--export-local-env / --no-export-local-env
Print the moduledata as env parameters for
local development support INSTEAD of json
(default is FALSE) [default: no-export-
local-env]
--env-file TEXT A relative path to the .env file to load
environment variables from. Multple files
can be passed in by repeating this flag, and
the order will be preserved when overriding
duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-
debug]
--local / --remote Indicates whether to use local session role
or the SeedFarmer roles [default: remote]
--help Show this message and exit.
list modules¶
List the modules in a deployment
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume the
toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--env-file TEXT A relative path to the .env file to load environment
variables from. Multple files can be passed in by
repeating this flag, and the order will be preserved
when overriding duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-debug]
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--help Show this message and exit.
list schema¶
Generate the schema that SeedFarmer uses for manifest objects. Either the deployment manifest or module manifest schema can be requested. This will return a formatted string of the schema that can be piped to a file.
Usage:
Options:
-t, --type [deployment|module] Either 'deployment' or 'module' can be used,
default is `deployment`
--help Show this message and exit.
projectpolicy¶
Fetch info about the project policy. This will output the default provided project polocy that can be customized.
Usage:
Options:
Subcommands
- synth: Synth a Project Policy from seed-farmer.
projectpolicy synth¶
Synth a Project Policy from seed-farmer.
Usage:
Options:
--policy-prefix TEXT An IAM path prefix to use with the policy.
--debug / --no-debug Enable detail logging [default: no-debug]
--help Show this message and exit.
Warning
The metadata command work only within a deployspec.yaml
metadata¶
Manage the metadata in a module deployment execution
Usage:
Options:
Subcommands
- add: Add Output K,V to the Metadata.
- convert: Convert the CDK Output of the module to SeedFarmer Metadata.
- depmod: Get the Full Name of the Module.
- paramvalue: Get the parameter value based on the suffix.
metadata add¶
Add Output K,V to the Metadata. This command is meant to be run in the deployspec only!!!
Usage:
Options:
-k, --key TEXT The key of a key-value pair
-v, --value TEXT The value of a key-value pair
-j, --jsonstring TEXT JSON-compliant string to add in a stringified format
--help Show this message and exit.
metadata convert¶
Convert the CDK Output of the module to SeedFarmer Metadata.
Usage:
Options:
-jq, --jq-path TEXT A jq-compliant path to apply to a cdk-output (json)
file
-f, --json-file TEXT Relative path to a cdk-output file (defautls to cdk-
exports.json)
--help Show this message and exit.
metadata depmod¶
Get the Full Name of the Module. This command is meant to be run in the deployspec only!!!
Usage:
Options:
metadata paramvalue¶
Get the parameter value based on the suffix. This command is meant to be run in the deployspec only!!!
Usage:
Options:
-s, --suffix TEXT A jq-compliant path to apply to a cdk-output (json) file
[required]
--help Show this message and exit.
Info
The taint command will mark an individual module for redeploy on next apply.
taint¶
Top Level command to support adding a taint to a deployed module
Usage:
Options:
Subcommands
- module: This command will mark a module as needing
taint module¶
This command will mark a module as needing redeploy of a module on the next deployment. Do not use this unless you are sure of the ramifications!
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume the
toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--env-file TEXT A relative path to the .env file to load environment
variables from. Multple files can be passed in by
repeating this flag, and the order will be preserved
when overriding duplicate values.
--debug / --no-debug Enable detailed logging. [default: no-debug]
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--help Show this message and exit.
Warning
The remove command is meant for SeedFarmer but can be used for iterative development.
remove¶
Top Level command to support removing module metadata
Usage:
Options:
Subcommands
- moduledata: Remove all SSM parameters tied to the module.
remove moduledata¶
Remove all SSM parameters tied to the module. This command is meant to be run by seedfarmer ONLY!!! It is run within the context of the build job. Do not use this unless you are sure of the ramifications!
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session.
--region TEXT The AWS region used to create a session.
--qualifier TEXT A qualifier to use with the seedfarmer roles
--target-account-id TEXT Account Id to remove module data from, if specifed
--target-region is required
--target-region TEXT Region to remove module data from, if specifed
--target-account-id is required
--debug / --no-debug Enable detailed logging. [default: no-debug]
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--help Show this message and exit.
Danger
The store command is meant for Seed-Farmer use.
Only the deployspec command may be used to support iterative development
store¶
Top Level command to support storing module information
Usage:
Options:
Subcommands
- deployspec: Store/Update a deployspec of a currently deployed module.
- md5: CAT or pipe in a string.
- moduledata: CAT or pipe in a json or yaml object.
store deployspec¶
Store/Update a deployspec of a currently deployed module. Use this if you cannot destroy a deployed module because of a defect in the the destroy portion of the deployspec. USE WITH CAUTION as the existing deployspec gets overwritten and is NOT recoverable.
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
--path TEXT The relative module path (ex.
modules/optionals/networking) - DO NOT PASS IN
filename `deployspec.yaml` [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume
the toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--target-account-id TEXT Account Id of the target account to store
deployspec, if specified --target-region is
required You SHOULD NOT use this parameter as this
command will leverage the SeedFarmer session
manager! It is meant for development purposes.
--target-region TEXT Region of the target account to store deployspec,
if specified --target-account-id is required You
SHOULD NOT use this parameter as this command will
leverage the SeedFarmer session manager! It is
meant for development purposes.
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--debug / --no-debug Enable detailed logging. [default: no-debug]
--help Show this message and exit.
store md5¶
CAT or pipe in a string. This command is meant to be run by seedfarmer ONLY!!!
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-t, --type TEXT The kind of MD5: bundle or spec [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume
the toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--target-account-id TEXT Account Id of the target account to store md5, if
specified --target-region is required
--target-region TEXT Region of the target account to store md5, if
specified --target-account-id is required
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--debug / --no-debug Enable detailed logging. [default: no-debug]
--help Show this message and exit.
store moduledata¶
CAT or pipe in a json or yaml object. This command is meant to be run by seedfarmer ONLY!!! It is run within the context of the build job. Do not use this unless you are sure of the ramifications!
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-p, --project TEXT Project identifier
--profile TEXT The AWS profile used to create a session to assume
the toolchain role
--region TEXT The AWS region used to create a session to assume
the toolchain role
--qualifier TEXT A qualifier to use with the seedfarmer roles. Use
only if bootstrapped with this qualifier
--target-account-id TEXT Account Id of the target account to store module
metadata, if specified --target-region is required
--target-region TEXT Region of the target account to store module
metadata, if specified --target-account-id is
required
--local / --remote Indicates whether to use local session role or the
SeedFarmer roles [default: remote]
--debug / --no-debug Enable detailed logging. [default: no-debug]
--help Show this message and exit.
Danger
The bundle command is meant for Seed-Farmer use.
bundle¶
Manage the bundle in a module deployment execution
Usage:
Options:
Subcommands
- delete: Delete the bundle stored in SF.
- fetch: Fetch the full path where the bundle is stored in SF.
- store: Store the bundle used to deploy a module.
bundle delete¶
Delete the bundle stored in SF. This command is meant to be run by SeedFarmer ONLY!!!
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-b, --bucket TEXT The Name of the bucket where the bundle is stored in
SeedFarmer [required]
--region TEXT The AWS region used to create a session
--help Show this message and exit.
bundle fetch¶
Fetch the full path where the bundle is stored in SF. This command is meant to be run by SeedFarmer ONLY!!!
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-b, --bucket TEXT The Name of the bucket where the bundle is stored in
SeedFarmer [required]
--help Show this message and exit.
bundle store¶
Store the bundle used to deploy a module. This command is meant to be run by SeedFarmer ONLY!!!
Usage:
Options:
-d, --deployment TEXT The Deployment Name [required]
-g, --group TEXT The Group Name [required]
-m, --module TEXT The Module Name [required]
-b, --bucket TEXT The name of the SeedFarmer bucket the bundle to be
stored in [required]
-o, --origin TEXT Full path of the bundle object in SeedKit bucket
[required]
--region TEXT The AWS region used to create a session
--help Show this message and exit.