search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
355 stars 205 forks source link

Add ChangeSet to Review for Approval #122

Open akefirad opened 2 years ago

akefirad commented 2 years ago

Is your feature request related to a problem? Please describe. Is it possible to create some sort of ChangeSet to review during approving the deployment in the pipeline?

Describe the feature you'd like I'm not sure if it's even possible. Just an idea. My thinking is, I added the manual approval step to the pipeline, but what I need to approve? Is there anything I can review? (Apart from the manual intervention) I don't see much value for the manual approval step. What would be wonderful is to have something to actually review (and eventually automate, for example using some Lambda function to do the review, notification, etc), like a ChangeSet. This of course is limited to CFN stacks. CfCT team definitely knows better what is and is not possible in terms of artifacts to review.

I'd be happy to contribute if there's anything I can do. Thanks.

balltrev commented 2 years ago

Hey @akefirad, thanks for the feature request here. I will go ahead and make a backlog for this with the team.

My recommendation for CfCT's current state, test the CloudFormation templates you're having CfCT deploy externally to CfCT. CfCT is designed as a deployment tool to slot into the end of your software development lifecycle.

meleksomai commented 1 year ago

I would agree with @akefirad . We are leveraging CfCT as our CI/CD pipeline. So the ideal state is to detect potential drift in the cloud formation templates that will be updated in the pipeline and ideally have a process to approve those changes or not.