-
Notifications
You must be signed in to change notification settings - Fork 6
Enforce unique CloudFormation stack names #115
Copy link
Copy link
Open
Labels
bugSomething isn't working.Something isn't working.good first issueGood for newcomers.Good for newcomers.medium priorityMedium priority issues to be done in a couple of sprints.Medium priority issues to be done in a couple of sprints.t-infraIssues with this label are in the ownership of the infrastructure team.Issues with this label are in the ownership of the infrastructure team.
Description
Metadata
Metadata
Assignees
Labels
bugSomething isn't working.Something isn't working.good first issueGood for newcomers.Good for newcomers.medium priorityMedium priority issues to be done in a couple of sprints.Medium priority issues to be done in a couple of sprints.t-infraIssues with this label are in the ownership of the infrastructure team.Issues with this label are in the ownership of the infrastructure team.
Type
Fields
Give feedbackNo fields configured for issues without a type.
NOTE: this could be a good first task for a new DevOps engineer.
To prevent issues with overriding CloudFormation stacks because of a naming conflict, we need to ensure that the CloudFormation stacks have unique names.
This would be hard to enforce directly across the whole GitHub organizations, but we can split it into two parts:
We could even make sure that the stack names contain the environment that they're being deployed to, and that they're being deployed to the right environment according to the name.
So there would be stack names like:
apify-core-org-s3-bucketsapify-web-member-iam-rolesTBD: should the environments be called
organdmember, ororg,prodandstaging?Unfortunately, CloudFormation doesn't let you rename existing stacks, so we'll have to have some option to opt-out of these names for legacy stacks. We should not allow new stacks to be created with the wrong names, though. Maybe, if the legacy stack name is in the wrong format and the repo and account can't be inferred automatically, we could even have a mapping of stack name -> repo & AWS account that would verify that the stacks are being deployed to the correct account.