After running a terraform apply with these updates, the following resources are changed (no create or destroy actions):
module.aft.module.aft_code_repositories.aws_codepipeline.codestar_account_provisioning_customizations[0] (FullRepositoryId definitions in the pipeline to be updated to use the new org repositories)
module.aft.module.aft_code_repositories.aws_codepipeline.codestar_account_request[0] (FullRepositoryId definitions in the pipeline to be updated to use the new org repositories)
module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_customizations_repo_name (parameter values updated to use the new org repositories)
module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_provisioning_customizations_repo_name (parameter values updated to use the new org repositories)
module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_request_repo_name (parameter values updated to use the new org repositories)
module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_global_customizations_repo_name (parameter values updated to use the new org repositories)
There is no issue with the terraform apply itself running. However, the CodePipelines are left non-functional because there is no AWS CodeStar connection pending confirmation for the new github VCS repositories (in the new org).
If I then attempt to execute the customizations pipeline (i.e. via the aft-invoke-customizations state machine), the source stage of the CodePipeline run fails with the error:
[GitHub] No Branch [main] found for FullRepositoryName [bar-org/aft-global-customizations]
I assume this is because there has not been a CodeStar connection established for the new org repositories.
To Reproduce
Steps to reproduce the behavior:
Update module VCS arguments as shown in bug description.
Run terraform apply to update CodePipeline and SSM parameter resources.
See that no new AWS CodeStar connections are pending confirmation.
Attempt to run AFT CodePipelines fail at the source step with "no branch found"
Expected behavior
I would expect that when changing VCS settings in the module, a new AWS CodeStar connection to the new org should be pending approval. This would be in-line with the post-deployment steps AWS documentation.
Additional context
I would appreciate any suggestions for how to proceed here. My current idea is to terraform state rm any existing CodeStar connection resources for github, or deleting the existing connection in the AWS CodeStar console as a means of forcing Terraform to re-create the CodeStar connection. Would you advise against this?
Also, could this type of change disrupt any other functionality that I'm not thinking of?
I understand that CodeStar requires manual intervention during the initial provisioning of the AFT module. So, perhaps the resolution to this issue may simply be documentation along the lines of:
If you need to update your VCS settings, here are the steps you should take and things you need to consider
Terraform Version & Prov:
AFT Version:
Terraform Version & Provider Versions Please provide the outputs of
terraform version
andterraform providers
from within your AFT environmentterraform version
terraform providers
Bug Description
I am trying to update the VCS details for my AFT deployment, as I have switched GitHub organizations from
foo-org
tobar-org
, like so:Before:
After:
After running a
terraform apply
with these updates, the following resources arechanged
(nocreate
ordestroy
actions):module.aft.module.aft_code_repositories.aws_codepipeline.codestar_account_provisioning_customizations[0]
(FullRepositoryId
definitions in the pipeline to be updated to use the new org repositories)module.aft.module.aft_code_repositories.aws_codepipeline.codestar_account_request[0]
(FullRepositoryId
definitions in the pipeline to be updated to use the new org repositories)module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_customizations_repo_name
(parameter values updated to use the new org repositories)module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_provisioning_customizations_repo_name
(parameter values updated to use the new org repositories)module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_request_repo_name
(parameter values updated to use the new org repositories)module.aft.module.aft_ssm_parameters.aws_ssm_parameters.account_global_customizations_repo_name
(parameter values updated to use the new org repositories)There is no issue with the
terraform apply
itself running. However, the CodePipelines are left non-functional because there is no AWS CodeStar connection pending confirmation for the newgithub
VCS repositories (in the new org).If I then attempt to execute the customizations pipeline (i.e. via the
aft-invoke-customizations
state machine), thesource
stage of the CodePipeline run fails with the error:I assume this is because there has not been a CodeStar connection established for the new org repositories.
To Reproduce Steps to reproduce the behavior:
terraform apply
to update CodePipeline and SSM parameter resources.source
step with "no branch found"Expected behavior
I would expect that when changing VCS settings in the module, a new AWS CodeStar connection to the new org should be pending approval. This would be in-line with the post-deployment steps AWS documentation.
Additional context
I would appreciate any suggestions for how to proceed here. My current idea is to
terraform state rm
any existing CodeStar connection resources forgithub
, or deleting the existing connection in the AWS CodeStar console as a means of forcing Terraform to re-create the CodeStar connection. Would you advise against this?Also, could this type of change disrupt any other functionality that I'm not thinking of?
I understand that CodeStar requires manual intervention during the initial provisioning of the AFT module. So, perhaps the resolution to this issue may simply be documentation along the lines of:
If you need to update your VCS settings, here are the steps you should take and things you need to consider