Clipped words within a S3 bucket `aft-customization-pipeline-*********` in AWS aft-management account

[kyrylo-hulak]

AFT Version: 1.5.1

Terraform Version & Provider Versions Please provide the outputs of terraform version and terraform providers from within your AFT environment

terraform version

Terraform v1.0.11
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v4.16.0
+ provider registry.terraform.io/hashicorp/local v2.2.3
+ provider registry.terraform.io/hashicorp/random v3.2.0
+ provider registry.terraform.io/hashicorp/time v0.7.2

terraform providers

Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0, < 5.0.0
└── module.aft_pipeline
    ├── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0, < 5.0.0
    ├── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_account_provisioning_framework
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    ├── module.aft_lambda_layer
    │   ├── provider[registry.terraform.io/hashicorp/random]
    │   ├── provider[registry.terraform.io/hashicorp/local]
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    ├── module.aft_ssm_parameters
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    ├── module.packaging
    │   └── provider[registry.terraform.io/hashicorp/archive]
    ├── module.aft_account_request_framework
    │   ├── provider[registry.terraform.io/hashicorp/time]
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    ├── module.aft_code_repositories
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   └── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_customizations
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   └── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_backend
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    ├── module.aft_iam_roles
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   ├── module.audit_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   ├── module.audit_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   ├── module.ct_management_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   ├── module.ct_management_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   ├── module.log_archive_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   ├── module.log_archive_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   ├── module.aft_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   └── module.aft_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    └── module.aft_feature_options
        └── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0

Providers required by state:

    provider[registry.terraform.io/hashicorp/aws]

    provider[registry.terraform.io/hashicorp/archive]

    provider[registry.terraform.io/hashicorp/local]

    provider[registry.terraform.io/hashicorp/random]

    provider[registry.terraform.io/hashicorp/time]

Bug Description Folder names are clipped inside the S3 bucket aft-customizations-pipeline-aft-management-account-id

To Reproduce Steps to reproduce the behavior:

1. Go to S3
2. Click on aft-customizations-pipeline-*************, where ** is aft-management-account-id
3. Within the bucket you may see partially named folders

Expected behavior The folder names are properly named without clipped words.

[hanafya]

Hey @kyrylo-hulak !

Thank you for bringing us this issue. I have created a backlog item and will discuss with the team!

[kyrylo-hulak]

thank you, @hanafya! I will look forward to hearing from you!

[kyrylo-hulak]

please, @balltrev, @hanafya Is there any updates? thank you!

[stumins]

Hi @kyrylo-hulak,

These s3 paths are created automatically by CodePipeline when a new pipeline is created, and based on the documentation unfortunately I don't believe we can change the path at which they are generated.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/codepipeline.html#CodePipeline.Client.create_pipeline

"You can specify the name of an S3 bucket but not a folder in the bucket. A folder to contain the pipeline artifacts is created for you based on the name of the pipeline. "

[kyrylo-hulak]

@stumins, Am I correctly understood that those name folders were created by CodePipeline service and there is a little we can do to fix that? It's interesting thing that it only affects aft-management-account customization pipeline. As those buckets and folders included are provided properly without clipping for AWS accounts different from aforementioned. I could think of some limitations reached for the name of folder but it varies and can't be aligned to that. So, it looks as a bug. As that not something that I provide manually. It's made by the AFT terraform code and Service leveraged.

[stumins]

Yes, The {account-id}-customi/ paths within the aft-customizations-pipeline-{aft-management-account-id} bucket are created by CodePipeline automatically and hold the artifacts used by the "Source" stage of each customization pipeline. If you explore these account-specific paths you will find zip archives containing the source code files used in each pipeline execution.

https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodeCommit.html#action-reference-CodeCommit-output

The output artifact of this action is a ZIP file that contains the contents of the configured repository and branch at the commit specified as the source revision for the pipeline execution.

These paths are created for all accounts with customization pipelines, not just the AFT management account (though if you enroll the AFT management account with AFT, you will see a {aft-management-account-id}-customi/ path get created). AFT does not create those paths and CodePipeline does not provide a way to customize how these paths are named.

[kyrylo-hulak]

thank you, @stumins for your detailed explanation! I think the question is answered. And, the issue could be closed.