automate the approval of terms of service

[bernard357]

What is this?

When an account is assigned to a person, we want to share terms of service for the corporate resource that is provided.

Why is this important?

There is a need to align the management of personal AWS accounts with the management of other corporate resources such as computers or smart phones.

How to implement it?

• [ ] add an architectural diagram in draw.io
• [x] add a feature file to describe the scenarios related to the approbation of terms of service
• [x] add a fixture file to be used as default terms of service template
• [x] add a workbook to explain the experience of the system manager
• [ ] add cdk/documents.py to handle templates with frontmatter
• [ ] add tests/test_cdk_documents.py using fixtures/documents/terms-of-use.md
• [ ] pass make all-tests
• [ ] pass make lint
• [ ] add configuration parameters to integrate external message files into fixtures/settings/settings-with-notifications.yaml
• [ ] add loading settings test to tests/test_cdk_configuration.py
• [ ] edit cdk/parameters_construct.py to load notifications in SSM parameter store
• [ ] add integration test to tests/test_cdk_parameters_construct.py with mocked SSM
• [ ] pass make all-tests
• [ ] pass make lint
• [ ] add cdk/on_notification_construct.py to build DynamoDB table and related Lambdas functions
• [ ] add tests/test_cdk_on_notification_construct.py to ensure data encryption in DynamoDB
• [ ] edit cdk/serverless_stack.py to integrate new construct
• [ ] add notifications to tests/fixture_small_setup.py
• [ ] add function get_notification_for_account to lambdas/settings.py
• [ ] add related integration test to `tests/test_lambda_settings.py``
• [ ] pass make all-tests
• [ ] pass make lint
• [ ] introduce module lambdas/on_notification_handler.py to handle events related to notifications
• [ ] add a Lambda that can be invoked over the web to confirm explicit approbation by the end user
• [ ] add tests/test_lambda_on_integration_handler.py for integration tests
• [ ] pass make all-tests
• [ ] pass make lint
• [ ] deploy in production
• [ ] validate notifications sent on next maintenance window
• [ ] confirm notifications in production
• [ ] inspect DynamoDB table on notifications
• [ ] inspect DynamoDB table on activities
• [ ] inspect monthly notifications report

[bernard357]

As per feature file, we anticipate that a number of validations can be submitted to end users over time. The general architectural approach is that this will be powered by named documents. In addition, documents will be made out of Markdown with a YAML header (aka, frontmatter approach). The Markdown can easily be converted to HTML into mail messages sent to end users. The YAML header supports structured and meta-information, e.g., message title, document validity period, etc. During the deployment of the solution with CDK, each document is loaded and turned into one parameter in SSM. Documents are then exposed to Lambda functions via a new python module dedicated to documents, aka, lambdas/documents.py

[bernard357]

issue has been heavily reworked to better plan foreseen work on the topic

[bernard357]

Feb-19: this ticket should be split in several tickets, and a milestone should be created on user acceptance capability.