What's Changed
New Features
This release fixes issue 362, the account drop down on the create request page can take a long time to load in organizations with lots of OUs, and where eligibility is granted at the OU level.
Cause of issue: When eligibility policies are assigned to users or groups at an OU level the application needs to identify which accounts are in the OU in order to populate the account drop down list on the Create Request page. The Organizations API has a default of 5 TPS on the related APIs. In large organizations where there might be many users with eligibility for many OUs this can cause a long delay in populating the account drop down.
Description of changes:
This change introduces an OU to account mapping table so that in most cases there is no requirement to call the Organizations API. If an OU is not in the table then then the Organizations API is queried to get the account(s) and the list is stored in the table.
The new behaviour is disabled by default but can be enabled with a feature flag in the Admin Settings.
If the state of accounts changes within an existing OU (added or removed) the cache will need to first be invalidated otherwise it will show an inaccurate list of accounts to users. TEAM provides a way to manually do this in the UI.
Key architecture changes:
This change introduces 4 new resources in the TEAM AWS account:
teamgetOUAccounts Lambda - Fetches and caches OU accounts
teaminvalidateOUCache Lambda - Handles manual cache invalidation
teamvalidateRequest Lambda - Server-side request validation
OUAccountsCache DynamoDB Table - Stores cached OU account data with TTL
See OU Account Cache Management in the documentation for more information.
Bug Fixes
- Fixed an issue where Admin pages were failing to load - @OMO-NOSA in #543
- Fixed an issue with the s3bucketSecurity Lambda to handling of DELETE events which could cause CloudFormation stack deletions to hang - @AlJohri in #469
- Fixed an issue where when approving requests on the /approvals/approve page, the checkbox selection state could be lost after a brief delay. - @MalteGood in #472
- Fixed an issue blocking CloudFormation stack deletion. Use Amplify dependsOn for SNS topic instead of CloudFormation Export - @AlJohri in #474
- Fixed an issue with the GitHub action deployment script for the docs site - @tschia in #555
- Fixed an issue where multiple concurrent requests could case some of them to get stuck in a pending state - @MatteoManzoni in #507
Other
- Docs: Update machine auth guide with updated terraform provider link by @brittandeyoung in #524
- Docs: Fix broken policy and deploy links in docs by @pyepye in #542
- This release also includes multiple dependency updates
New Contributors
- @AlJohri made their first contribution in #469
- @MatteoManzoni made their first contribution in #507
- @OMO-NOSA made their first contribution in #543
- @pyepye made their first contribution in #542
Full Changelog: v1.4.2...1.5.0