Comments (2)
@allquixotic , agree 100% on the solution reliance on DDB causing it to go out of sync. When we originally designed the solution, we were banking on the premise that all changes would be made through the solution interface. However, we've come to realise that this premise is neither always correct (nor) a safe assumption to make.
In order to handle this and the other issues we've seen , we're working on a refactoring of the flows for permission set management.
We will stop using solution peristence (i.e. DDB) for lookup of (a) whether the permission set exists and (b) to understand how it looks like, to determine delta with the incoming permission set object. Instead, we will look up SSO directly for both (a) and (b). Additionally, we will update our S3 persistence with the lookup result every time a permisison set operation is triggered. As a side note, solution's S3 persistence is always populated irrespective of the interface enabled, to facilitate user's switching their config from API to S3 interface modes and viceversa multiple times for permissionsets.
We've been putting off our nightlyRun feature for quite some time now, so our plan is to first push that PR in, and then add this refactor on top of the nightlyRun.
Do let us know if this works in line with what your expectations are.
from aws-iam-identity-center-extensions.
Getting rid of solution persistence (DynamoDB) sounds awesome to me. I fully agree that we should remove this additional layer of data storage, as it just creates additional headaches of data that needs to be kept in sync. Querying the live source of truth is much more reliable.
from aws-iam-identity-center-extensions.
Related Issues (20)
- Update Deprecated Lambda Runtimes nodejs 12.x HOT 1
- Workshop updates HOT 1
- Unhandled exceptions when upgrading to 3.1.7 HOT 8
- Permission sets aren't provisioning in 3.1.7 HOT 3
- Unable to deploy 3.1.7
- Permission set doesn't update despite all good signs
- Trio of exception emails when uploading new permission sets
- Restricting creating Permission Sets without attaching the Permission Boundary for the same. HOT 1
- yarn install doesn't work HOT 1
- "User is missing the following permissions" error when trying to region switch HOT 1
- 3.2.0 introduces resource update behaviour bugs for IAM roles HOT 1
- Permission set schema doesn't handle NotAction and NotResource HOT 6
- ThrottlingException HOT 6
- Account provisioning does not work for tripple nested OUs HOT 4
- Permission sets failing to create with no SNS error HOT 9
- Space in group or user name should raise error
- Add customer managed policy and permission boundaries HOT 2
- Typo in Json Schema HOT 3
- AWS SSO renamed to AWS IAM Identity Center HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-iam-identity-center-extensions.