aws-control-tower-customizations icon indicating copy to clipboard operation
aws-control-tower-customizations copied to clipboard

Published 20 hours ago verified publisher icon aws-solutions

control-tower-customizations relies on outdated libraries & runtimes and looks abandoned

Open markusl opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe.

We are evaluating a configuration mechanism for an environment with hundreds of accounts using AWS Control Tower. Customizations for AWS Control Tower (CfCT) is officially documented solution for the problem. However, according to the CHANGELOG the project seems abandoned. Latest version is from 2022. Also request for transparency did not result in a public roadmap.

The project is built on soon-to-be-deprecated version of Python (3.8), refers to Ruby 2.6 while 3.2 already exists and is using aws/codebuild/standard:5.0 when the latest version is 7.

Describe the feature you'd like

We would highly appreciate public roadmap as with other AWS products (CDK, CloudFormation) and up-to-date libraries as the currently used versions do not look very professional for the tooling which is the most critical part of maintaining highly-secured AWS environments.

If CfCT has been superseded with another tool, it could be articulated in a clearer way in the documentation to guide users there and provide a migration path.

Regards, Markus

markusl avatar Feb 21 '24 12:02 markusl

Thank you for reaching out @markusl I want to reiterate that CfCT remains a fully supported service under the AWS Control Tower umbrella. Since features for CfCT are prioritized against those for the Control Tower service, new releases can sometimes be infrequent. Over the last year, the team has prioritized building public APIs for Control Tower and supporting scale for large enterprises. We will continue to address bugs reported by customers and prioritize enhancements depending on the Control Tower backlog. We cannot share future roadmaps in public forums, but we do plan to continually enhance the CfCT solution.

In addition, I have created an item in our backlog to update these dependencies.

hanafya avatar Feb 22 '24 21:02 hanafya

Thanks for the quick reply! I can totally understand why building APIs makes sense for the future and enables large organization to scale. I also do realize there are some updates listed at the releases page and it would be good to reflect these also in the CHANGELOG to avoid any misunderstandings.

markusl avatar Feb 23 '24 08:02 markusl

AWS Just annonunced: "We are ending support for Python 3.8 in Lambda on October 14, 2024. This follows Python 3.8 End-Of-Life (EOL) which is scheduled for October, 2024 [1]." The most current CfCT release (v2.7.0) relies on Lambda running the python version being EOLed. Kindly address ASAP!

https://github.com/aws-solutions/aws-control-tower-customizations/blob/2fa6e6170230dc97410006897e389a3146b5be23/customizations-for-aws-control-tower.template#L1043

https://github.com/aws-solutions/aws-control-tower-customizations/blob/2fa6e6170230dc97410006897e389a3146b5be23/customizations-for-aws-control-tower.template#L1317

https://github.com/aws-solutions/aws-control-tower-customizations/blob/2fa6e6170230dc97410006897e389a3146b5be23/customizations-for-aws-control-tower.template#L2911

laminarcode avatar Apr 22 '24 13:04 laminarcode