search

awslabs / service-workbench-on-aws

A platform that provides researchers with one-click access to collaborative workspace environments operating across teams, universities, and datasets while enabling university IT stakeholders to manage, monitor, and control spending, apply security best practices, and comply with corporate governance.
Apache License 2.0
179 stars 119 forks source link

[Bug] environment_delete.sh script should delete SSM param for native admin password #988

Open dcloud9 opened 2 years ago

dcloud9 commented 2 years ago

Describe the bug Running ./scripts/environment_delete.sh does not delete SSM param for */usr/native/admin/password. If redeployed again using ./environment_deploy.sh, the postDeployment stack doesn't update the param with new password value, therefore login denied.

To Reproduce Steps to reproduce the behavior:

  1. Login to SWB builder that built the stack
  2. Run ./scripts/environment_delete.sh
  3. Run /scripts/environment_deploy.sh
  4. Login to SWB URL using the rootUserEmail account

Expected behavior I expect to user the SSM param value and successfully login.

Screenshots

---- SSM Parameters
Deleting param /<redacted>/jwt/secret
Deleting param /<redacted>/user/root/password
**Deleting param /<redacted>/user/native/admin/password #this should be removed as well for SWB >= v4.2.0**

--- Edge Lambda Associations in Cloudfront Distribution

*******************************************************************
*****     ----- ENVIRONMENT DELETED SUCCESSFULLY  🎉!! -----     *****
*******************************************************************
You still have to remove the following elements :
  -[Edge lambda]: It can be deleted manually in 1 hour,
     Navigate here on the main account:
       https://console.aws.amazon.com/lambda
  -[Consumer Accounts]: The stacks and resources deployed on your
     hosting accounts are not deleted as part of this script
     Navigate here on those accounts:
       https://console.aws.amazon.com/ec2/v2/home,
       https://console.aws.amazon.com/sagemaker/home
       https://console.aws.amazon.com/cloudformation

Versions (please complete the following information):

Additional context Add any other context about the problem here.

ssvegaraju commented 2 years ago

Thanks for catching this @dcloud9, I've added this to the team's backlog!

tdmalone commented 2 years ago

In the meantime a potential workaround for this situation is to manually reset the password with eg.:

aws cognito-idp admin-set-user-password --user-pool-id region-name_XXXXXXXXX --username root@example.com --password 'CHOOSE_A_UNIQUE_TEMPORARY_PASSWORD'
tdmalone commented 1 year ago

Adding response so this doesn't get closed

t-young31 commented 1 year ago

I've also just hit this – a fix would be much appreciated! Thanks 😄