Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds option to remove old user assignment on account update #223

Merged
merged 10 commits into from
Jan 10, 2025
Merged

feat: adds option to remove old user assignment on account update #223

merged 10 commits into from
Jan 10, 2025

Conversation

wanisfahmyDE
Copy link
Contributor

The default behaviour in AWS Control Tower Account Factory when updating an account with a new user email address does not drop the old user assignment, but rather just assigns the new user to the account. AWS support confirmed that this behaviour is by design and works as intended. An excerpt of the response we received was "This design allows for scenarios where you might want to maintain access for multiple users or ensure business continuity during transitions."

Since this behaviour might not always be desired, this PR adds the possibility to optionally drop the old user assignment after updating the provisioned product successfully. It uses the ssoadmin to achieve that.

The default behaviour is not affected and the new behaviour only works when remove_account_assignment_on_update is set to true along with filling all the other attributes under the sso object.

A complete example can be found in the docs as a part of this PR.

Should solve #217

@wanisfahmyDE wanisfahmyDE marked this pull request as ready for review January 9, 2025 14:59
@wanisfahmyDE wanisfahmyDE requested a review from a team as a code owner January 9, 2025 14:59
sjvaiz
sjvaiz approved these changes Jan 10, 2025
View reviewed changes
Copy link
Contributor

@sjvaiz sjvaiz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@wanisfahmyDE wanisfahmyDE merged commit c1f74fb into main Jan 10, 2025
11 checks passed
@wanisfahmyDE wanisfahmyDE deleted the fix/remove-old-user-assignment-on-update branch January 10, 2025 15:16
@wanisfahmyDE wanisfahmyDE self-assigned this Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjvaiz sjvaiz sjvaiz approved these changes

@david-graesser david-graesser david-graesser approved these changes

Assignees

@wanisfahmyDE wanisfahmyDE

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wanisfahmyDE @david-graesser @sjvaiz