Skip to content

fix(template): Prevent upgrade from overwriting SSM config; remove re…#95

Merged
ngjinshan merged 1 commit into
mainfrom
fix/upgrade-ssm-overwrite-and-remove-reconciliation
May 11, 2026
Merged

fix(template): Prevent upgrade from overwriting SSM config; remove re…#95
ngjinshan merged 1 commit into
mainfrom
fix/upgrade-ssm-overwrite-and-remove-reconciliation

Conversation

@ngjinshan
Copy link
Copy Markdown
Collaborator

@ngjinshan ngjinshan commented May 11, 2026

…conciliation

Two changes:

  1. SSM config (MapConfig) now uses !Sub with CFN parameter references instead of baked JS template literals. This means upgrade.sh's UsePreviousValue=true preserves the customer's real scope config (agreement dates, scoped accounts, VPCs) instead of overwriting with placeholder values. Added ScopedAccountIds, ScopedVpcIds, and TagNonVpcServices as CFN parameters.

  2. Removed reconciliation Lambda entirely (Role, Function, Schedule, Permission). The real-time tagger with SQS buffering (14-day retention, 5 retries) is reliable enough. Reconciliation added risk of mass-tagging damage when config was incorrect and provided minimal value given the SQS retry guarantees.

Description

Brief description of the change and the problem it solves.

Type of change

  • Bug fix
  • New resource type support
  • Security improvement
  • Documentation update

Testing

  • Tested end-to-end in a real AWS account (or CI E2E will cover this)
  • No false positives observed
  • CloudWatch logs reviewed for errors

Checklist

  • CloudFormation template is valid (cfn-lint passes — checked by CI)
  • IAM permissions follow least-privilege (only tag actions added)
  • If adding a new service handler: corresponding resource added to .github/scripts/resource_groups/ for E2E coverage
  • CHANGELOG.md updated

CI Notes

Layer 1 (lint) runs immediately on every PR — ~1 min.
Layer 2 (E2E) runs when configurator.yaml or configurator.html changes — ~37 min across 7 AWS accounts. No AWS credentials needed.
If Layer 2 fails, download verification-report.json from the Actions run for details.

@ngjinshan
fix(template): Prevent upgrade from overwriting SSM config; remove re…
3ea6457 
…conciliation

Two changes:

1. SSM config (MapConfig) now uses !Sub with CFN parameter references
   instead of baked JS template literals. This means upgrade.sh's
   UsePreviousValue=true preserves the customer's real scope config
   (agreement dates, scoped accounts, VPCs) instead of overwriting
   with placeholder values. Added ScopedAccountIds, ScopedVpcIds,
   and TagNonVpcServices as CFN parameters.

2. Removed reconciliation Lambda entirely (Role, Function, Schedule,
   Permission). The real-time tagger with SQS buffering (14-day
   retention, 5 retries) is reliable enough. Reconciliation added
   risk of mass-tagging damage when config was incorrect and provided
   minimal value given the SQS retry guarantees.
@ngjinshan ngjinshan requested a review from hyunsies as a code owner May 11, 2026 05:13
@ngjinshan ngjinshan merged commit afddcae into main May 11, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyunsies hyunsies Awaiting requested review from hyunsies hyunsies is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ngjinshan