rodriguez-matias
commented
1 year ago Hello @borland667 , @exequielrafaela . Feel free to modify or add any issues you consider necessary.
Closed rodriguez-matias closed 2 months ago
rodriguez-matias
commented
1 year ago Hello @borland667 , @exequielrafaela . Feel free to modify or add any issues you consider necessary.
diego-ojeda-binbash
commented
9 months ago @rodriguez-matias Hi! Can I bother you with a brief update on this issue please? Thanks!
exequielrafaela
commented
7 months ago @rodriguez-matias Matu 2 small adjustment here:
https://leverage.binbash.co/try-leverage/aws-account-setup attention box or similar to guarantee that the user => Follow the instructions here.
In order to enforce the recommendation of using aliases instead of "which is a convenient trick in some cases" :
Another example is below. Note that the management, security, and shared accounts have been updated with slightly different email addresses (actually aws+security@example.com and aws+shared@example.com are email aliases of aws@example.com which is a convenient trick in some cases):
...
organization:
accounts:
- name: management
email: aws@example.com
- name: security
email: aws+security@example.com
- name: shared
email: aws+shared@example.com
...
Describe the Bugs
Description of bugs finding by Osvaldo during Try Leverage process documentation:
Bug 1️⃣
Improve understanding of change naming -oaar
Here: https://leverage.binbash.co/try-leverage/post-deployment/#update-backend-profiles-in-the-management-account
Reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1694800303924509?thread_ts=1692657654.705779&cid=C05G3A8KCNQ
Bug 2️⃣
Update terraform-aws-tfstate-backend module into shared layer to avoid errors related to version incompatibility
Error message: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1694790478990829?thread_ts=1692657654.705779&cid=C05G3A8KCNQ Expected behaivor: xxxxx
Bug 3️⃣
Improve understanding of Create a new accounts process
Reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1695058532528899
Expected behaivor:
Here we need to do a tf init first, because that module did not exist previously
There are some parameterization details that were missing here:
And another important thing is that we have to add a depends so that the permission_sets are created before the account assignment. Otherwise we have to do it in 2 steps and run the apply first for the permission_sets if we added new ones.
Bug 4️⃣
Make more clear when and why to use
leverage tf init -reconfigurehere: https://leverage.binbash.co/try-leverage/post-deployment/#configure-your-sso-profiles:~:text=This%20happens%20because%20so%20far%20you%20have%20been%20running%20Terraform%20with%20a%20different%20AWS%20profile%20(the%20bootstrap%20one).%20Luckily%20the%20fix%20is%20simple%2C%20just%20run%20this%3A%20leverage%20tf%20init%20%2Dreconfigure.%20Terraform%20should%20reconfigure%20the%20AWS%20profile%20in%20the%20.terraform/terraform.tfstate%20file.
reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1694799214955729?thread_ts=1692657654.705779&cid=C05G3A8KCNQ
modify text to clarify this step:
modify text to clarify this step:
Bug 5️⃣
Clarify subneting configuration for networking layer
Here: https://leverage.binbash.co/try-leverage/add-aws-accounts/#create-the-security-base-layer
reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1695066242411459?thread_ts=1695058532.528899&cid=C05G3A8KCNQ
We can use recommended IP ranges and sizes and put all that there (with the option of whoever is doing it to change them if neccesary)
We could put a link here with the reference and take those networks directly as an example in the doc. So that it is very easy to follow the procedure even for anyone who has no idea how to calculate the networks
reference links:
Bug 6️⃣
Add information about Important Considerations about Branching and Terraform Workflow
The link with the important considerations is pending to be assigned to a specific section of the documentation.
Reference issue: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1688831663192259
Link to important considerations: https://leverage.binbash.co/how-it-works/ref-architecture/considerations/
Add in some section here: https://leverage.binbash.co/user-guide/