Add support for enabling Enterprise Support for ADF Provisioned Accounts #232
Comments
|
In this case, I think we should support all support levels. Also, your approach only allows enabling the ES support level (not removing/downgrading it). An alternative approach is running a Lambda in the master account, triggered on organization join/invite CloudTrail events. Or use tags on accounts to determine the support level. Together with a Lambda that runs on a schedule. |
|
Hey @javydekoning Thanks for the comments :) My understanding of the Support tiers (obviously, you're in a better position to understand them, so correct me if I'm wrong) is that it will work for both ES and Business tiers. I'm not sure how many people would use ADF with Developer Plans. Likewise, I'm not sure (again, I'll defer to experience) how many customers downgrade their plans. We have alternative approaches already, but I feel like this would be a good problem to solve for other / potential users as well? |
|
It would be a great addition. However, if we build it 'as code' I'd like to see it serve both enabling and disabling. I would also prefer: Over: Hence the Lambda might need some alterations. Hopefully in the future we can do this through API instead of via support case. |
Yes, actually, I think you could be on to something there. Totally agree, that the first example make's alot more sense. Happy to make those modifications. I think that would also give flexibility going forward for future iterations on this. Likewise, it would be good to move to an actual API, rather than the CreateCase API.
If we were to do something along the lines of How would you feel about that? The same logic could probably be extended to cover enabling support for accounts not created via ADF but I think the async process could result in complications. |
|
Instead of You could get the support level by running using the DescribeSeverityLevels API. You could deduce the support level based on the available severity levels. Just keep in mind that it would return HTTP400 when on Basic. Not keen as to only logging to console for the unsupported methods. Pipelines would succeed, leading people to believe it was successful. Only supporting I'll ask the team to have a look at this to see if they agree. |
|
I like these suggestions! In case we ever support developer and business support: we need to ensure someone doesn't accidentally set developer or business, when in fact they are on enterprise support with their organization. Or am I missing a use case that would benefit from this? |
|
If made the changes, let me know what you think of that approach. |
|
Adding this one into 3.1 milestone, thanks again for your work @StewartW.. @javydekoning + @sbkok Are there any other changes you would like to see before we bring this into v3.1?.. |
|
Reviewed, looks good! We just need to clearly set expectations. The use-case here is activating Enterprise Support on account creation ONLY. I suggest we put emphasis on that in the documentation. |
|
I've added in some emphasis covering the use-case the the accounts readme file. Let me know what you think, if it's worded properly etc. :) |
|
Thanks for the patch @StewartW. It will be shipped in the next release of ADF. |
**Features 🏗** * Adds Enterprise Support to account creation process awslabs#233, closes awslabs#232: * ADF will raise a ticket to add the account to an existing AWS support subscription when an account is created. As a prerequisite, your organization master account must already have enterprise support activated. * Adds nested deployment map support awslabs#266 and awslabs#328, closes awslabs#265: * This enables usage of sub directories within the deployment_maps folder. **Fixes 🐞** * Fixes specific role usage to be used in Build and Deploy only awslabs#295. * Corrects removing pipelines anchor in docs awslabs#279. * Fixes CI builds due to isort version mismatch awslabs#284. * Fixes error handling of generate_params intrinsic upload function awslabs#277, closes awslabs#276. * Fixes spec_inline attribute of CodeBuild in docs awslabs#289. * Fixes provider spec_inline support of CodeBuild in awslabs#293. * Fixes supported list of intrinsic upload path styles, enables usage of s3-url and s3-key-only awslabs#275, closes awslabs#299. * Fixes create deployment account concurrency failure awslabs#287, closes awslabs#280. * Fixes approval stage usage, by limiting specific role usage to Build and Deploy steps awslabs#295. * Fixes yarnpkg GPG awslabs#313, closes awslabs#325. * Removes dependency on botocore.vendored.requests awslabs#326, closes awslabs#324. **Improvements ✨** * Improves docs on providers and their properties awslabs#274. * Separates pipeline cleanup from input generation script awslabs#288. * Upgrades Python from v3.7 to v3.8 awslabs#313. * Upgrades CodeBuild image from "aws/codebuild/standard:2.0" to "aws/codebuild/standard:5.0" awslabs#313, closes awslabs#267, closes awslabs#300. * Upgrades CDK from v1.32 to v1.88 awslabs#313, closes awslabs#292.
Use Case
When we provision new accounts at the moment - We use terraform to create the account and carry out a series of tasks. One of these is enabling Enterprise Support for the newly created account.
I think exposing a config option on the schema for accounts created via adf-accounts/*.yml would be a great feature for others and allow us to move closer to deprecating TF fully in favour of ADF.
The text was updated successfully, but these errors were encountered: