aws-control-tower-customizations icon indicating copy to clipboard operation
aws-control-tower-customizations copied to clipboard

Published 20 hours ago verified publisher icon aws-solutions

Removing the SCP from the manifest file does not detach the SCP from the OUs.

Open gabrielbac opened this issue 2 years ago • 5 comments

Describe the bug Removing the SCP from the manifest file does not detach the SCP from the OUs

To Reproduce

  1. Add an SCP to the manifest
  2. Run the pipeline
  3. See the SCP attached to the OU
  4. Remove the SCP from the manifest
  5. SCP is still attached.

Expected behavior SCP should have been detached.

Please complete the following information about the solution:

  • Version: [e.g. v2.5.0]

Region: [e.g. us-east-1]

  • Was the solution modified from the version published on this repository? NO
  • Were there any errors in the CloudWatch Logs? No, pipeline completed successfully.

I know this is similar to https://github.com/aws-solutions/aws-control-tower-customizations/issues/24 Partially resolved for stacksets in v2.5.0 but still needs to be resolved for SCPs

gabrielbac avatar Aug 30 '22 23:08 gabrielbac

@gabrielbac Thank you for reaching out. I have created a backlog to address this issue and discuss it with the team.

snebhu3 avatar Aug 31 '22 18:08 snebhu3

@snebhu3 hi, any update regarding this issue?

nd-at-globetel avatar Oct 11 '22 03:10 nd-at-globetel

@nd-at-globetel unfortunately, we do not have an update at this time.

snebhu3 avatar Oct 11 '22 23:10 snebhu3

I believe SCPs supports tagging. Please correct me if i'm wrong. They could be treated the exact same way as stacksets in this regard, i.e.:

  • Place tag on SCP upon placement by CfCT.
  • If a to-be-defined parameter is set to true in the manifest: check if any tagged SCP has a matching manifest entry and detach/remove if it doesn't. How does that sound?

Cihl28 avatar Dec 06 '23 12:12 Cihl28

Any update as to when this will be addressed?

jmino avatar Jan 12 '24 20:01 jmino