search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
355 stars 205 forks source link

Publish lifecycle events via EventBridge #120

Open willdady opened 2 years ago

willdady commented 2 years ago

My org uses Gitlab. On commit, our pipeline zips up the manifest and related files and uploads it to the CfCT bucket which then starts the actual deployment. Obviously once this Gitlab pipeline ends successfully that's not the whole story as the deployment may still fail in AWS CodePipeline.

It would be great if CfCT published lifecycle events to EventBridge during deployment. This could be particularly beneficial for ChatOps-like telemetry (via Slack etc), especially for split-ci environments like described above.

balltrev commented 2 years ago

Hey @willdady, thanks for the feature request. Do you have an example of how granular these lifecycle events would be? I've gone ahead and made a backlog to track this with the team, but I'd like to make sure I've got the right idea here.

willdady commented 2 years ago

@balltrev We could hook into the AWS Codepipeline events which automatically get emitted onto the default event bus in the account. The problem we now have is AWS Chatbot does not currently work with Codepipeline events.

Event notifications from: CloudWatch Alarms, CodeBuild, CodeCommit, CodeDeploy, and CodePipeline are not currently supported via EventBridge rules. If you want to receive notifications for one of these services, you can go to its console, and configure Amazon SNS notifications that you can then map to your Slack channel or Amazon Chime webhook configuration in AWS Chatbot. For more information, see Amazon CloudWatch alarms or Notifications for AWS developer tools.

This is particularly frustrating because it means we need to add SNS topics to every Codepipeline which becomes difficult when deploying third-party templates like CfCT. We really don't want to edit the CfCT template as that would make upgrading it in the future potentially cumbersome.

Could the CfCT template be updated with an optional SNS arn parameter? If present it will enable notifications on the Codepipeline?

e88z4 commented 1 year ago

I also have a downstream pipeline that I need to trigger after CfCT pipeline. Basic information should be part of the payload such as AWS account number, OU.