CloudRaider icon indicating copy to clipboard operation
CloudRaider copied to clipboard

Published 20 hours ago verified publisher icon intuit

Validate the aws account number which is worked on

Open pandian912 opened this issue 5 years ago • 8 comments

Is your feature request related to a problem? Please describe.

Ppl often work with multiple aws accounts and often run scenarios or api calls inadvertently on the wrong aws account.

Describe the solution you'd like

Take acc no in the config and validate before performing any operations

Describe alternatives you've considered

This is usefull for a generic scanario where the names of ELB/ec2/tags are same across accounts

pandian912 avatar Oct 11 '19 09:10 pandian912

I can't take a shot at this one. By "validate" do you mean prompt the user to acknowledge that the account number in the config is the desired one?

macdude357 avatar Oct 16 '19 16:10 macdude357

Store account number in config... Get account number with aws api call and verify if they match

pandian912 avatar Oct 16 '19 16:10 pandian912

The way I'm thinking about implementing this is to have the user add a property to src/test/resources/config.properties named "aws.targetAccount". In looking at how I would insert the logic to validate the account, I was thinking about creating a base class for the Delegator classes and put the logic in that base class. Ideally, I could refactor a lot of the boilerplate code from the Delegators into that base class. Does that work?

macdude357 avatar Oct 16 '19 17:10 macdude357

Validating the account number on aws credential initialization would be better i believe.

pandian912 avatar Oct 16 '19 17:10 pandian912

Are we limiting this for config driven accounts? What about credentials that are stored in environment variables or aws config files? Not sure the value of account number here? Perhaps "Who am I?" api call to see which account it is?

zeeshanSD avatar Oct 16 '19 17:10 zeeshanSD

  1. we can get account number from env variable
  2. also handle case where account number is not present.. In such a case we disable acc number validation altogether.

pandian912 avatar Oct 16 '19 17:10 pandian912

So my understanding is that you want the user to indicate what account he is targeting via an env var. The code should then validate that the credentials that are being used are actually for that "target" account number. If the env var does not exist, then no validation takes place.

macdude357 avatar Oct 16 '19 17:10 macdude357

Added comments here - https://github.com/intuit/CloudRaider/pull/13/files

So the check priority will be like as follows:

  • account number from env variable (doucment the variable name in readme)
  • account number in config file
  • no account number found in above scenarios, so don't do account number verification (log the same)

pandian912 avatar Oct 18 '19 17:10 pandian912