Add the CloudFormation ContinueUpdateRollback permission to the pivotRole, for administrative use #849
Labels
effort: low
priority: medium
status: closing-soon
status: in-review
This issue has been implemented and is currently in review and waiting for next release
Milestone
Comments
dlpzx
added
status: closing-soon
status: in-review
dlpzx
pushed a commit
that referenced
this issue
Nov 9, 2023
… to the pivotRole, for administration of linked environment accounts. (#850) ### Feature or Bugfix - Feature ### Detail Adds the cloudformation:ContinueUpdateRollback permission to the pivotRole. This makes it possible for an admin of the central infra account, who assumes the pivotRole of a linked environment, to help get a user's environment out of a bad state where an Update Rollback might have failed. An administrator can iterate through all linked environments and trigger the Continue Update Rollback if many environment accounts have somehow gotten into the Update Rollback Failed state. ### Relates #849 ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? No - Is the input sanitized? N/A - What precautions are you taking before deserializing the data you consume? N/A - Is injection prevented by parametrizing queries? N/A - Have you ensured no `eval` or similar functions are used? N/A - Does this PR introduce any functionality or component that requires authorization? No - How have you ensured it respects the existing AuthN/AuthZ mechanisms? N/A - Are you logging failed auth attempts? N/A - Are you using or adding any cryptographic features? No - Do you use a standard proven implementations? N/A - Are the used keys controlled by the customer? Where are they stored? N/A - Are you introducing any new policies/roles/users? The PR adds the cloudformation:ContinueUpdateRollback permission to the pivotRole. - Have you used the least-privilege principle? How? N/A By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: rbernota <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your idea related to a problem? Please describe.
We would like to add the following permission to the pivotRole:
cloudformation:ContinueUpdateRollback
...so that as a data.all administrator, we can trigger the Continue Update Rollback from the data.all infra account (while assuming the pivotRole) on environment stacks for environments that are bootstrapped to the data.all infra account.
We had a situation where a missing lambda permission in the CDK Exec Role policy caused all of our linked environments to go into the Update Rollback Failed state. While we have some automation to help users to update the permissions in that policy, it is more cumbersome (and not scalable) to get them to go into their accounts to trigger the Continue Update Rollback. Ideally we can add this permission to the pivotRole, so that we can most easily script from the admin account automatically getting the environments back to the successful rollback state, before the next environment update is applied.
Describe the solution you'd like
Add the cloudformation:ContinueUpdateRollback to the pivotRole.
P.S. Don't attach files. Please, prefer add code snippets directly in the message body.
The text was updated successfully, but these errors were encountered: