Fix clean bootstrap of the deployment account (#703)

**Why?** When you attempt to install ADF the first time, it will bootstrap the deployment account via the account bootstrap state machine. This, however, happens just before executing the bootstrap pipeline the first time. Resulting in missing parameters in the deployment account at the time the `regional` stack is deployed. This stack requires the `extensions/terraform/enabled` parameter. If that is not there yet, which is the case in the situation above, it will fail to bootstrap the account. Hereby the bootstrap state machine and pipeline both fail initially. **What?** When the bootstrap state machine determines the event details, it should try to retrieve the parameter in the management account to see if Terraform is enabled or not. If this is not configured yet, it should default to False.
awslabs · May 27, 2024 · 0308686 · 0308686
1 parent dc15d0d
commit 0308686
Showing 1 changed file with 18 additions and 8 deletions.
diff --git a/src/lambda_codebase/event.py b/src/lambda_codebase/event.py
@@ -82,12 +82,10 @@ def _determine_if_deployment_account(self):
             1 if self.destination_ou_name == DEPLOYMENT_ACCOUNT_OU_NAME
             else 0
         )
-        try:
-            self.deployment_account_id = (
-                self.parameter_store.fetch_parameter('deployment_account_id')
-            )
-        except ParameterNotFoundError:
-            self.deployment_account_id = self.account_id
+        self.deployment_account_id = self._read_parameter(
+            'deployment_account_id',
+            self.account_id,
+        )
 
     def set_destination_ou_name(self):
         """
@@ -104,6 +102,12 @@ def set_destination_ou_name(self):
         finally:
             self._determine_if_deployment_account()
 
+    def _read_parameter(self, name, default_value_when_missing):
+        try:
+            return self.parameter_store.fetch_parameter(name)
+        except ParameterNotFoundError:
+            return default_value_when_missing
+
     def create_output_object(self, account_path):
         """
         Creates the output object to be passed to the next step
@@ -136,6 +140,12 @@ def create_output_object(self, account_path):
                 'cross_account_access_role': self.cross_account_access_role,
                 'deployment_account_bucket': DEPLOYMENT_ACCOUNT_S3_BUCKET,
                 'adf_version': ADF_VERSION,
-                'adf_log_level': ADF_LOG_LEVEL
-            }
+                'adf_log_level': ADF_LOG_LEVEL,
+                'extensions/terraform/enabled': (
+                    self._read_parameter(
+                        'extensions/terraform/enabled',
+                        'False',
+                    )
+                ),
+            },
         }