Commit f235c19
authored
Handle External ID SSM v1.6.1> (#630)
### Feature or Bugfix
<!-- please choose -->
- Bugfix
### Detail
- As part of v1.6 Data.All moved away from storing the externalID as a
rotated secret in Secret Manager and instead placed the external ID in
SSM Parameter Store.
- In the current implementation in v1.6.1 we check if the secret exists
and the ssm parameter does not and if these conditions are met the
secret value is retrieved and a new ssm parameter is set with the same
externalID
- The problem with the above is CDK uses dynamic references to resolve
the secret value (meaning in the first upgrade deployment we set ssm
parameter as ref to secret value and delete secret, in 2nd and so one
deployments it will fail with `Secrets Manager can't find the specified
secret.`)
- Alternatively we can not use the CDK bootstrap role, such as the look
up role, and boto3 SDK commands to retrieve the secret value during
`synth` because IAM permissions out of the box do not allow said actions
- This would theoretically be a way to overcome the dynamic reference
issue mentioned above
- This PR reverts to a more straightforward approach where we create a
new SSM Parameter if one does not exist already for the external ID and
does not reference the previously created secret externalID
- NOTE: In order to keep the same externalID and prevent additional
manual work to update the pivotRole's using this value one would have to
- retain the current externalID in Secret Manager (named
`dataall-externalId-{envname}`) from version <= 1.5X
- Run the upgrade to v1.6.1
- Replace the newly created SSM (parameter named
`/dataall/{envname}/pivotRole/externalId"`) with the original value for
external ID
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.1 parent f0a932f commit f235c19
1 file changed
+12
-20
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
115 | 115 | | |
116 | 116 | | |
117 | 117 | | |
118 | | - | |
119 | | - | |
120 | | - | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
121 | 121 | | |
122 | 122 | | |
123 | 123 | | |
| |||
130 | 130 | | |
131 | 131 | | |
132 | 132 | | |
133 | | - | |
134 | | - | |
135 | | - | |
136 | | - | |
137 | | - | |
138 | | - | |
139 | | - | |
140 | | - | |
141 | 133 | | |
| 134 | + | |
142 | 135 | | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
143 | 142 | | |
144 | 143 | | |
145 | 144 | | |
146 | 145 | | |
147 | | - | |
148 | | - | |
149 | | - | |
150 | | - | |
151 | | - | |
152 | | - | |
153 | | - | |
154 | | - | |
155 | | - | |
| 146 | + | |
| 147 | + | |
156 | 148 | | |
157 | 149 | | |
158 | 150 | | |
| |||
0 commit comments