Skip to content

Feature | Implement CLI pre-check + warnings for SSO and apps-prd layer Changes  #264

New issue
New issue
Open
Open
Feature | Implement CLI pre-check + warnings for SSO and apps-prd layer Changes #264
Labels
featurepatch
@exequielrafaela

Description

@exequielrafaela
exequielrafaela
opened on Apr 30, 2024

Describe the Feature:

  1. Add a feature in the leverage CLI that detects when changes are being made to the AWS SSO layer and automatically output a warning message. This warning should remind users to verify the IAM fallback mechanism is in place.
  2. Additionally, implement similar warnings for any changes that could impact the apps-prd account or similar high-impact layers / accounts eg: security-base that could block wrongly configured public buckets.
  3. Consider the specific cae when deploying in a single account project where this account will have both dev and prd envs consolidated in it.

NOTE: For more info and context check https://binbashar.slack.com/archives/GG0PJ78J3/p1713380015074299

Expected Behavior:

When developers or operations teams initiate changes to the AWS SSO layer or related high-impact layers the cli should:

  1. Automatically detect the nature of the change.
  2. Display a clear and concise warning in the CLI output advising to proceed carefully
    1. Suggest verifying configurations that ensure continued access and operational stability.
    2. communicate that the user should ideally check the IAM fallback mechanisms before applying changes in this layer.

Use Case:

This feature is designed to prevent operational disruptions by enhancing user awareness of the need to be extra careful and to have a fallback mechanisms before applying changes that could lock out users or disrupt service continuity.

Describe Ideal Solution:

The ideal solution would integrate with existing CLI operations, using context-aware programming to detect specific changes to the AWS SSO layer or similar critical configurations. Upon detection, the CLI should:

  • Prompt a warning message that is immediately visible in the CLI output.
  • Offer a direct suggestion or reminder to check and verify IAM fallback settings.
  • Provide quick links or commands that help the user confirm or set up the necessary fallback mechanisms.

Alternatives Considered:

  1. Manual reminders or documentation updates to check fallback settings—less effective due to reliance on user compliance and memory.
  2. Pre-change checklists or manual approvals—could slow down operations and still miss specific edge cases without automated detection.

Metadata

Metadata

Assignees

No one assigned

    Labels

    featurepatch

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions