search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
354 stars 205 forks source link

control-tower-customizations relies on outdated libraries & runtimes and looks abandoned #186

Closed markusl closed 1 month ago

markusl commented 4 months ago

Is your feature request related to a problem? Please describe.

We are evaluating a configuration mechanism for an environment with hundreds of accounts using AWS Control Tower. Customizations for AWS Control Tower (CfCT) is officially documented solution for the problem. However, according to the CHANGELOG the project seems abandoned. Latest version is from 2022. Also request for transparency did not result in a public roadmap.

The project is built on soon-to-be-deprecated version of Python (3.8), refers to Ruby 2.6 while 3.2 already exists and is using aws/codebuild/standard:5.0 when the latest version is 7.

Describe the feature you'd like

We would highly appreciate public roadmap as with other AWS products (CDK, CloudFormation) and up-to-date libraries as the currently used versions do not look very professional for the tooling which is the most critical part of maintaining highly-secured AWS environments.

If CfCT has been superseded with another tool, it could be articulated in a clearer way in the documentation to guide users there and provide a migration path.

Regards, Markus

hanafya commented 4 months ago

Thank you for reaching out @markusl I want to reiterate that CfCT remains a fully supported service under the AWS Control Tower umbrella. Since features for CfCT are prioritized against those for the Control Tower service, new releases can sometimes be infrequent. Over the last year, the team has prioritized building public APIs for Control Tower and supporting scale for large enterprises. We will continue to address bugs reported by customers and prioritize enhancements depending on the Control Tower backlog. We cannot share future roadmaps in public forums, but we do plan to continually enhance the CfCT solution.

In addition, I have created an item in our backlog to update these dependencies.

markusl commented 4 months ago

Thanks for the quick reply! I can totally understand why building APIs makes sense for the future and enables large organization to scale. I also do realize there are some updates listed at the releases page and it would be good to reflect these also in the CHANGELOG to avoid any misunderstandings.

laminarcode commented 2 months ago

AWS Just annonunced: "We are ending support for Python 3.8 in Lambda on October 14, 2024. This follows Python 3.8 End-Of-Life (EOL) which is scheduled for October, 2024 [1]." The most current CfCT release (v2.7.0) relies on Lambda running the python version being EOLed. Kindly address ASAP!

https://github.com/aws-solutions/aws-control-tower-customizations/blob/2fa6e6170230dc97410006897e389a3146b5be23/customizations-for-aws-control-tower.template#L1043

https://github.com/aws-solutions/aws-control-tower-customizations/blob/2fa6e6170230dc97410006897e389a3146b5be23/customizations-for-aws-control-tower.template#L1317

https://github.com/aws-solutions/aws-control-tower-customizations/blob/2fa6e6170230dc97410006897e389a3146b5be23/customizations-for-aws-control-tower.template#L2911

wiltangg commented 1 month ago

Hi all, newest patch v.2.7.1 (release notes) included changes to update runtimes and dependencies. To consume the updates, please perform an update to your CfCT deployment stack.

Thank you for your suggestion @markusl , we will follow up on future releases to keep the changelog up to date; but as you mentioned, please continue to refer to the repository releases to view any notes for now.

I am going to resolve this issue, please reopen if there are follow up questions.