search

missionfocus / auto-aws

This repository contains CDK code to manage and automatically update our AWS infrastructure.
Apache License 2.0
1 stars 0 forks source link

Have an array for group Permission defaults #2

Closed andreweick closed 2 years ago

andreweick commented 2 years ago

Suggestion --

It'd be nice to have the "Group Permission GUID" be an array with 'named' groups -- This way I could add and subtract them from a account without manually checking the numbers.

I'm not even thinking of having it be 'pulled' from AWS -- I could hardcode this above the code -- it'd just be nice to use 'names' rather than the GUIDS

hoegertn commented 2 years ago

Hi, is this still relevant? How would you love to have this implemented?

I hope that in the "near" future AWS will allow pulling done group lists.

andreweick commented 2 years ago

If you think this is something that might be coming down the to AWS as a native primitive, then we should hold off -- I was thinking since I have a known number of Groups, maybe it would make sense to declare the GUID's in the code and link it to a strongly typed name.

andreweick commented 2 years ago

Hmm, I'm still thinking this might be needed -- I'm not even thinking it should be dynamic, but just a "hard coded" struct at the top of the file that has the account information? Then in this code If I wanted to add a budget, I would get type safety (rather then typing 'Mission Focus S3' as a string literal).

I don't know typescript, but a struct at the the top of the file so I could get auto-complete in the methods would keep the names specific (rather than string literals)

I don't know what (90676f8aa8-1ca4896c-398f-4db9-b3b8-44751f8a2283) GUID refers to, but I think it would be cleaner to have that in the "Account Structure" rather than cut and pasted (it would help readability / maintainability)

Thoughts?

hoegertn commented 2 years ago

I agree with the group ids and will create a PR for this.

For the type safety of the account names: This is indeed type checked as the type of this string field is "keyof names in accounts.json" so any name that is not in the account list will not compile.

andreweick commented 2 years ago

Oh perfect! So exposing that accounts.json into a strongly typed thing I can use in the source code should be straightfoward (and a good addition!)

hoegertn commented 2 years ago

The accounts.json contains only the accounts not the groups and it is already exposed and used anywhere you can specify an account name.

For groups no such thing yet exists but I will add it.