le-ref-architecture-doc icon indicating copy to clipboard operation
le-ref-architecture-doc copied to clipboard

Published 20 hours ago verified publisher icon binbashar

Fix | Documentation issues for the "Try Leverage" process

Open rodriguez-matias opened this issue 1 year ago • 3 comments

Describe the Bugs

Description of bugs finding by Osvaldo during Try Leverage process documentation:

Bug 1️⃣

Improve understanding of change naming -oaar

Here: https://leverage.binbash.co/try-leverage/post-deployment/#update-backend-profiles-in-the-management-account

Reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1694800303924509?thread_ts=1692657654.705779&cid=C05G3A8KCNQ

Bug 2️⃣

Update terraform-aws-tfstate-backend module into shared layer to avoid errors related to version incompatibility

Error message: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1694790478990829?thread_ts=1692657654.705779&cid=C05G3A8KCNQ Expected behaivor: xxxxx

Bug 3️⃣

Improve understanding of Create a new accounts process

Reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1695058532528899

Expected behaivor:

Here we need to do a tf init first, because that module did not exist previously image

There are some parameterization details that were missing here: image

And another important thing is that we have to add a depends so that the permission_sets are created before the account assignment. Otherwise we have to do it in 2 steps and run the apply first for the permission_sets if we added new ones.

Bug 4️⃣

Make more clear when and why to use leverage tf init -reconfigure

here: https://leverage.binbash.co/try-leverage/post-deployment/#configure-your-sso-profiles:~:text=This%20happens%20because%20so%20far%20you%20have%20been%20running%20Terraform%20with%20a%20different%20AWS%20profile%20(the%20bootstrap%20one).%20Luckily%20the%20fix%20is%20simple%2C%20just%20run%20this%3A%20leverage%20tf%20init%20%2Dreconfigure.%20Terraform%20should%20reconfigure%20the%20AWS%20profile%20in%20the%20.terraform/terraform.tfstate%20file.

reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1694799214955729?thread_ts=1692657654.705779&cid=C05G3A8KCNQ

modify text to clarify this step: image

modify text to clarify this step: image

Bug 5️⃣

Clarify subneting configuration for networking layer

Here: https://leverage.binbash.co/try-leverage/add-aws-accounts/#create-the-security-base-layer

reference: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1695066242411459?thread_ts=1695058532.528899&cid=C05G3A8KCNQ

We can use recommended IP ranges and sizes and put all that there (with the option of whoever is doing it to change them if neccesary)

image

We could put a link here with the reference and take those networks directly as an example in the doc. So that it is very easy to follow the procedure even for anyone who has no idea how to calculate the networks

reference links:

  • https://leverage.binbash.co/user-guide/ref-architecture-aws/features/network/vpc-addressing/#networking-ip-addressing
  • k8s  => https://leverage.binbash.co/user-guide/ref-architecture-eks/vpc/

Bug 6️⃣

Add information about Important Considerations about Branching and Terraform Workflow

The link with the important considerations is pending to be assigned to a specific section of the documentation.

Reference issue: https://binbashar.slack.com/archives/C05G3A8KCNQ/p1688831663192259

Link to important considerations: https://leverage.binbash.co/how-it-works/ref-architecture/considerations/

Add in some section here: https://leverage.binbash.co/user-guide/

rodriguez-matias avatar Oct 17 '23 15:10 rodriguez-matias

Hello @borland667 , @exequielrafaela . Feel free to modify or add any issues you consider necessary.

rodriguez-matias avatar Oct 18 '23 12:10 rodriguez-matias

@rodriguez-matias Hi! Can I bother you with a brief update on this issue please? Thanks!

diego-ojeda-binbash avatar Jan 26 '24 14:01 diego-ojeda-binbash

@rodriguez-matias Matu 2 small adjustment here:

  1. https://leverage.binbash.co/try-leverage/aws-account-setup attention box or similar to guarantee that the user => Follow the instructions here.

  2. In order to enforce the recommendation of using aliases instead of "which is a convenient trick in some cases" :

Another example is below. Note that the management, security, and shared accounts have been updated with slightly different email addresses (actually [email protected] and [email protected] are email aliases of [email protected] which is a convenient trick in some cases):

...
organization:
  accounts:
  - name: management
    email: [email protected]
  - name: security
    email: [email protected]
  - name: shared
    email: [email protected]
...

exequielrafaela avatar Mar 11 '24 18:03 exequielrafaela