Open securityclippy opened 6 years ago
hey @securityclippy thanks for filing this issue! We've ran into this a few times as well and haven't decided on the best approach for fixing. Thanks for the thoughts, we'll try to prioritize soon. You're also welcome to submit a PR to address this :)
Thanks @ryandeivert . I get that its probably not simple to just add a check, as its used in multiple places. Perhaps a large warning in the docs when setting the prefix/clusters? Curious what other solutions people have come up with?
I'll take a stab at this one at some point. If someone could assign to me, that would be greatly appreciated so I don't lose track of it.
Background
During infrastructure creation, if the length of the prefix + the length of the cluster + "streamalert_rule_processor_role" is > 64 chars, the terraform build will fail due to the character limit on IAM roles.
This exists because of the way everything is joined upon creation in the terraform vars
Desired Change
There are several ways around this. However, I think the best option would be to add a check upon creation of the prefix as well as on initial run of the init scripts. Because this fails a good way through the infrastructure creation, rollback can be rather frustrating when terraform errors out. Rather than getting through 80% of the deploy and then finding the error, I think it would be good to perform a "pre-flight" length check on the described variables.