Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

AWS Resources that are in suspended accounts failing plan/apply stages - Can we ignore or bypass these accounts? #684

Open
MaxMoon771 opened this issue Dec 16, 2024 · 1 comment
Open

AWS Resources that are in suspended accounts failing plan/apply stages - Can we ignore or bypass these accounts? #684

MaxMoon771 opened this issue Dec 16, 2024 · 1 comment

Comments

@MaxMoon771
Copy link

We have recently suspended a few aws accounts, but we did not delete or remove any resources before the process... I am having issues with iambic unable to update a PermissionSet AWSPowerUserAccess due to what I believe is the suspended account. Updating and running iambic plan for the resource is resulting with this error. I have commented out the suspended accounts in iambic_config to avoid scanning that account. I have done through and removed all references to this account.

Curious if anyone has ran into issues with suspended accounts and issues with modifying resources?

[
  {
    "resource_id": "AWSPowerUserAccess",
    "resource_type": "aws:identity_center:permission_set",
    "template_path": "resources/aws/identity_center/permission_set/awspoweruseraccess.yaml",
    "proposed_changes": [],
    "exceptions_seen": [
      {
        "account": "gafg-master - (851158803636)",
        "resource_id": "AWSPowerUserAccess",
        "proposed_changes": [],
        "exceptions_seen": [
          {
            "change_type": "Unknown",
            "account": "gafg-master - (851158803636)",
            "resource_id": "AWSPowerUserAccess",
            "resource_type": "aws:identity_center:permission_set",
            "exceptions_seen": [
              "'020619688306'"
            ]
          }
        ]
      }
    ]
  }
]

image

Expected behavior
Hoping iambic can do a health check and see accounts/resources in suspended state and allow the plan/apply to proceed

Community Engagement
Your vote counts! Please support this bug report by adding a 👍 reaction to the original issue, which will aid the community and maintainers in addressing this problem.

Please refrain from adding "+1" or "me too" comments, as these create unnecessary noise for issue followers and do not help in prioritizing the issue. If you wish to contribute to solving this issue or have submitted a pull request, please leave a comment.
@MaxMoon771
Copy link
Author

Found a document via Merge in Aug 2023.
Tried marking the accounts in iambic_config = disabled
Re-ran the import process to update those resources as disabled.
Same error

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MaxMoon771