Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(validation): security config awsConfig aggegration specification #219

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(validation): security config awsConfig aggegration specification #219

wants to merge 1 commit into from

Conversation

richardkeit
Copy link
Contributor

Description of changes:

When declaring !awsConfig.aggregation.enabled, the config validator assume the presence of enabled == true.

This PR allows engineers to be declaritive in their config while adhering the rule that "if control tower is used, do not allow aggregation of awsConfig"

Testing:
Sample config (security-config.yaml):

awsConfig:
  # Config recorder is completed via ControlTower
  enableConfigurationRecorder: false
  overrideExisting: false
  # managed via ControlTower
  aggregation:
    enable: false

Before

❯ yarn validate-config /Users/richardkeit/git/versent/my-lza

yarn run v1.22.19
$ ts-node $PWD/packages/@aws-accelerator/accelerator/lib/config-validator.ts /Users/richardkeit/git/versent/my-lza
2023-07-28 16:13:27.229 | info | config-validator | Config source directory -  /Users/richardkeit/git/versent/my-lza
2023-07-28 16:13:27.240 | info | accounts-config-validator | accounts-config.yaml file validation started
2023-07-28 16:13:27.241 | info | global-config-validator | global-config.yaml file validation started
2023-07-28 16:13:27.242 | info | global-config-validator | email count: 1
2023-07-28 16:13:27.242 | info | iam-config-validator | iam-config.yaml file validation started
2023-07-28 16:13:27.243 | info | network-config-validator | network-config.yaml file validation started
2023-07-28 16:13:27.244 | info | organization-config-validator | organization-config.yaml file validation started
2023-07-28 16:13:27.245 | info | security-config-validator | security-config.yaml file validation started
2023-07-28 16:13:27.246 | warn | config-validator | Config file validation failed !!!
2023-07-28 16:13:27.254 | warn | config-validator | security-config.yaml has 1 issues:
Control Tower is enabled.  Config aggregation cannot be managed by AWS LZA

Now:

❯ yarn validate-config /Users/richardkeit/git/versent/my-lza

yarn run v1.22.19
$ ts-node $PWD/packages/@aws-accelerator/accelerator/lib/config-validator.ts /Users/richardkeit/git/versent/my-lza
2023-07-28 16:11:21.068 | info | config-validator | Config source directory -  /Users/richardkeit/git/versent/my-lza
2023-07-28 16:11:21.078 | info | accounts-config-validator | accounts-config.yaml file validation started
2023-07-28 16:11:21.079 | info | global-config-validator | global-config.yaml file validation started
2023-07-28 16:11:21.080 | info | global-config-validator | email count: 1
2023-07-28 16:11:21.080 | info | iam-config-validator | iam-config.yaml file validation started
2023-07-28 16:11:21.081 | info | network-config-validator | network-config.yaml file validation started
2023-07-28 16:11:21.082 | info | organization-config-validator | organization-config.yaml file validation started
2023-07-28 16:11:21.082 | info | security-config-validator | security-config.yaml file validation started
2023-07-28 16:11:21.083 | info | config-validator | Config file validation successful.
(node:26950) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)
✨  Done in 1.70s.

@richardkeit
Copy link
Contributor Author

Hi @erwaxler ,

This seems like a pretty straightforward pull request to be merged, are there any further insights you can provide?

@richardkeit richardkeit mentioned this pull request Sep 5, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@richardkeit