Graduate @aws-cdk/aws-config to stable #5872
Comments
iliapolo
changed the title
iliapolo
changed the title
|
@richardhboyd see my response: #5874 (comment) |
|
Also to be considered #5181 |
|
@jogold @MrArnoldPalmer @nija-at @ccfife I'd like to kick-off a discussion on whether or not we should go ahead with graduating this module. The problem is that in order to use the AWS config, one needs to first setup a
Neither of these methods provide a slick CDK experience that is in par with our other modules. When we graduate modules, we should consider the developer experience as a whole, not just with existing constructs. I'd like your thoughts on this to decide if we push back on graduation until we provide support for |
Agree |
|
@iliapolo - can you continue this story, so I can understand what the experience would be like, once this gap is covered (and partly because I know nothing about the AWS Config service)? Once a Skimming through the API, I don't see a property which takes the delivery channel as input, so what is the modeling of delivery channels, configuration records and rules? |
|
@nija-at - The To clarify, the They are defined per account per region, but can be updated during their lifecycle. For example, I imagine you would normally start with minimum resource types to record (its charged per type), and as you add more rules, you might update the recorder with more resource types. The current experience is that if you haven't done the initial setup, creating the rules will simply fail. If you have done it, but are defining rules for unrecorded resource types, you just won't have the data to actually employ those rules. Im not entirely sure what the experience will look like because you don't actually reference any resources when you configure a rule, its just a lambda function that uses the
If they are already setup, you don't strictly need them in the CDK app, unless you want to update them in the case i mentioned. Once we add support for those L2's, they will be defined as free floating resources in the app, and will be changed when your rules require additional configuration tweaks. Does this answer you questions? |
If these are set up out of band (i.e., outside of the CDK app), why would they be updated as part of the CDK app?
I'm not aware of this term. What does this mean?
Should we even be providing L2s for these resources? In other words, should customers be defining these in their CDK apps? Overall, I agree with your assessment that we should hold off on graduation. |
Well, you might need update them because you are adding rules in your CDK app that assumes specific resource types are being recorded. Thats exactly the case where you don't want to define them out of band, but inside the app.
Ha yeah i made it up. I mean resources that are not connected to any other resources. Basically the ones who are not used as arguments in any other resource.
Thats a good question we need to discuss.
👍 |
|
What is the timeline for adding export function createDriftNotification(stack: cdk.Stack): void {
// Create an AWS Config rule to detect stack drift
const driftRule = new config.CloudFormationStackDriftDetectionCheck(stack, "Drift", {
ownStackOnly: true,
configRuleName: `${stack.stackName}Drift`,
maximumExecutionFrequency: MaximumExecutionFrequency.ONE_HOUR,
});
// Create a topic for drift compliance events and subscribe on-call email address
const complianceTopic = new sns.Topic(stack, "DriftComplianceTopic");
complianceTopic.addSubscription(new EmailSubscription(Constants.oncallEmailAddress));
// Send notification on drift compliance changes
driftRule.onComplianceChange("DriftComplianceChange", {
target: new targets.SnsTopic(complianceTopic),
});
}But I ran into the previously-mentioned issue wherein creating the rule fails. It is certainly possible to create the |
nija-at
added
the
management/tracking
Agree so much. |
I like the bootstrap idea. Really it should a bunch of stuff like that including ServiceLinked Roles. |
|
@ericzbeard Can you provide some details on this? |
|
@shivlaks has been looking at this, and we agree that setting up the prerequisites is going to be important for the developer experience. But it should be possible for us to graduate the rest of the library and then go back and add this later without any breaking changes. Config is in line behind CloudFront and RDS for the team to tackle as a group, so we should be able to show some progress here by the end of Q3. We will post a project board and milestones as soon as we finalize the plan. |
|
Hi @ericzbeard, any updates on adding |
|
No updates at this time, we are focused on the v2 project currently and it's not likely that we will get to that feature soon. We released aws-config as stable in #10875, so I'm closing this issue. |
|
We plan on graduating this module to
stable.What does it mean?
It means we will start providing semantic versioning guarantees on the existing API's.
Use this issue to provide feedback about the current API and any changes you think are warranted.
Following are the tasks needed to complete before flipping the switch:
awslintexclusions (chore(config): clear awslint exclusions #6671)The text was updated successfully, but these errors were encountered: