Issue #2617 was caused when we used pubsys promote-ssm while AMIs were not publicly available.
This could be prevented if pubsys would check AMI ID availability before promoting SSM parameters.
Some users would not want this functionality (if they intend to point to private AMIs) so the behavior needs to be optional.
We should check if the AMI-ID we are about to promote is public. If it is not, we should report an error and our exit code should be non-zero.
We would like this to be the default behavior.
Users with intentionally private AMIs should be able to pass a buildsys variable to cargo make which is passed as an argument to pubsys that allows them to opt-out of the is ami public safety check.
Background
Issue #2617 was caused when we used
pubsys promote-ssm
while AMIs were not publicly available. This could be prevented if pubsys would check AMI ID availability before promoting SSM parameters. Some users would not want this functionality (if they intend to point to private AMIs) so the behavior needs to be optional.What I'd like:
Possibly somewhere around here https://github.com/bottlerocket-os/bottlerocket/blob/develop/tools/pubsys/src/aws/promote_ssm/mod.rs#L206
We should check if the AMI-ID we are about to promote is public. If it is not, we should report an error and our exit code should be non-zero.
We would like this to be the default behavior.
Users with intentionally private AMIs should be able to pass a buildsys variable to
cargo make
which is passed as an argument topubsys
that allows them to opt-out of theis ami public
safety check.Any alternatives you've considered: