Rename variables in nex major release
Closed this issue · 2 comments
Note for future release notes.
In this release we have renamed default names of the schedule iam role, and schedule group to be consistent with naming conventions.
If you were using default names, after update to this release terraform will destroy old EventBrige Scheduler Group with all schedules inside it.
SSO Elevator uses those schedules as state, so it will forget about all access requests and revocations that were scheduled before update.
This will cause him to think that all created by him user level account assignments are Inconsistent with it state, and it will rewoke them
at the time of sso_elevator_scheduled_revocation event, by default it will happen at 23:00 UTC of every day.
To see all inconsistent assignments you can use next aws cli command to invoke revoker lambda function with payload '{"action": "check_on_inconsistency"}':
aws lambda invoke
--function-name access-revoker
--cli-binary-format raw-in-base64-out
--payload '{"action": "check_on_inconsistency"}'
response.json
or you can force SSO Elevator to rewoke all assignments by invoking revoker lambda function with payload '{"action": "sso_elevator_scheduled_revocation"}':
aws lambda invoke
--function-name access-revoker
--cli-binary-format raw-in-base64-out
--payload '{"action": "sso_elevator_scheduled_revocation"}'
response.json