Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enterprise Support attempts to enroll when already enrolled in enterprise support #523

Open
rtkjbeverly opened this issue Jan 21, 2025 · 0 comments
Open

Enterprise Support attempts to enroll when already enrolled in enterprise support #523

rtkjbeverly opened this issue Jan 21, 2025 · 0 comments
Labels
bug Something isn't working pending investigation Issue needs further investigation

Comments

@rtkjbeverly
Copy link

Terraform Version & Prov:
N/A

AFT Version:
(Can be found in the AFT Management Account in the SSM Parameter /aft/config/aft/version)
1.13.2

Terraform Version & Provider Versions
Please provide the outputs of terraform version and terraform providers from within your AFT environment

terraform version

N/A

terraform providers

N/A

Bug Description
When the aft-account-request repository is updated, and this update causes the DynamoDB table item to trigger a rerun of the state machine aft-account-provisioning-framework, this wil re-trigger the state machine aft-feature-options for that account. When this happens the step Enroll Enterprise Support will run again.

If sufficient time has passed since the account was created & enrolled into enterprise support, this will recreate the enterprise support ticket requesting enablement of enterprise support.

When working with many accounts that trigger this event at once, this will trigger a flood of support tickets to AWS Support requesting enablement of enterprise support.

To Reproduce
Prerequisites:
An AWS Account that is registered within AFT and already enrolled within enterprise support.

Steps to reproduce the behavior:

  1. In the aft-account-request repository, update the change_management_parameters.change_reason property to a new value
  2. Merge the change in AFT
  3. Observe the state machine 'aft-feature-options', which will attempt to create a new support ticket for an account already enrolled in enterprise support
  4. See a new support ticket created within the aws account

Expected behavior
The lambda would recognize that Enterprise support is enabled, or a support ticket already exists previously, and no ticket is created.

Related Logs

From the lambda function for enrollment into enterprise support

{
    "time_stamp": "2025-01-21 20:03:47,753",
    "module": "aft_enroll_support",
    "log_level": "INFO",
    "log_message": {
        "account_id": "XXXXXXXXXXXXX",
        "customization_request_id": "ad3268a6-8fa4-4f3d-8c26-ed3edd5ef276",
        "detail": "Generating support case for enrolling target account into AWS Enterprise Support"
    }
}

Additional context

The reason to have a change_reason that changes, or any other update to the DynamoDB table entry that might trigger an update event is to take advantage of the state machine aft-account-provisioning-framework, which will update/provision the CodePipeline & other dynamic resources within the account. Resolving any drift and ensuring that the account is inline with expectations.
@rtkjbeverly rtkjbeverly added bug Something isn't working pending investigation Issue needs further investigation labels Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working pending investigation Issue needs further investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rtkjbeverly