Closed jeremymturner closed 7 years ago
Indeed. Great suggestion.
The region information is actually quite paramount when running template. We already already store it for past template executions (i.e. logs). We use it to prevent from reverting a template in a different region that it was run.
So we will append a -r us-west-2
to the revert suggestion line.
For the profile, I am not so sure as for now. Issues reverting with a stored past profile are:
Those cases above would cause unnecessary and extra revert errors due to profile issue, whereas without specifying a profile awless
(i.e AWS SDK) would anyway bail out when permissions are not sufficient for this template.
profile mainly represents in this case your credentials and therefore your permission without showing which are those permissions
I gave awless the profile name (and credentials/permission) at the time of invocation, and I would think it is fair for awless to assume that the same profile name (and credentials/permission) would be used for a rollback.
a profile name can be changed/updated
a profile can be recreated with the same name but without the same permissions
If I go mucking around with my profile names, credentials, policies, roles, groups or whatever, that is my fault and not awless. All I'm looking for awless to do is tell me what I gave it.
Actually, it would also be nice if awless log
was able to display the profile name used, if possible. I see that region is listed there.
In my case, I have 49 long-running AWS profiles which are kept up to date with a token vending machine. The profile names stay the same, the roles/policies also stay the same, and I rotate out credentials as I need to. If I did need to revert something, it would sure be easier to locate.
The revert help line is mainly used when you are in the flow so we can always append the profile and region flag, as it will help in the copy/paste.
(My points above where mainly about storing the information - profile - permanently).
Re-thinking about it, you are right that storing and adding the profile make sense and could help without much disruption.
Done.
You can get it from master. It will be included in the next release: 0.1.2
@jeremymturner we try to focus awless
on real life usage (as we do here internally). It would be great if you had a look at this short Google form https://goo.gl/forms/1lQFPEIxdt37aDn43
Cheers.
If I specify a separate AWS Profile and/or AWS Region on the command line, the "Revert this template" line should automatically include those same parameters.
How it looks with v0.1.1:
How I think it should look: