aws-samples / aws-bootstrap-kit-examples

MIT No Attribution
159 stars 194 forks source link

Deploy the pipeline: --require-approval broadening, but TTY is not attached #110

Open SuperThunder opened 3 years ago

SuperThunder commented 3 years ago

Hello,

At the 'Deploy the pipeline' stage the process fails because of wanting to ask for approval but not having a terminal.

I was able to get around it by following this step to disable approval, but I'm not sure if that keeps to best practice or not.

$ npm run deploy

> sdlc-organization@0.3.14 deploy C:\...\aws-bootstrap-kit-examples\source\1-SDLC-organization
> cdk --profile main-admin deploy

This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

... all the changes listed ...

"--require-approval" is enabled and stack includes security-sensitive updates, but terminal (TTY) is not attached so we are unable to get a confirmation from the user
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! sdlc-organization@0.3.14 deploy: `cdk --profile main-admin deploy`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the sdlc-organization@0.3.14 deploy script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
flochaz commented 3 years ago

Thanks for your feedback. if you didn't modified the provided CDK app (SDLC-organization), it is ok to not require approval since the permissions set is following least privileges principles.

For future updates you can always add CDK snapshot testing and enforce code review which will contains any changes of Cloud Formation and therefore permissions changes.

SuperThunder commented 3 years ago

Makes sense, thank you for the reply and thank you for the excellent guide.