renovosolutions / cdk-library-aws-organization Goto Github PK

Describe the bug
When a new account is created an AccountNotFoundException occurs.

To Reproduce
Try to add a new account.

Expected behavior
Account is created.

Screenshots

Logs

{
    "StatusCode": 200,
    "FunctionError": "Unhandled",
    "ExecutedVersion": "$LATEST",
    "Payload": "{\"errorMessage\": \"AccountNotFoundException\", \"errorType\": \"Exception\", \"requestId\": \"08e4363b-9441-4c3a-bf2a-def9dbb9a4b4\", \"stackTrace\": [\"  File \\\"/var/task/index.py\\\", line 117, in on_event\\n    if request_type == 'Create': return on_create(event, import_on_duplicate, allow_move)\\n\", \"  File \\\"/var/task/index.py\\\", line 222, in on_create\\n    raise e\\n\", \"  File \\\"/var/task/index.py\\\", line 124, in on_create\\n    existing_account_info = get_account_id(event['ResourceProperties']['Name'], event['ResourceProperties']['Email'])\\n\", \"  File \\\"/var/task/index.py\\\", line 56, in get_account_id\\n    raise Exception('AccountNotFoundException')\\n\"]}"
}

Additional context
The AccountNotFoundException is expected, but its supposed to be handled on line 150, but this is, apparently, done incorrectly. This is the hardest area to test cause we dont want to create a bunch of garbage test accounts.

Describe the bug
When utilizing importOnDuplicate to import items that already exist.. if the import is successful and something else in the stack fails and the stack rolls back it will try to delete the imported resource. This will inevitably lead to a lot of other errors.

To Reproduce
Steps to reproduce the behavior:

1. Create an OU manually
2. Add it to the stack with import on duplicate
3. Create another OU manually
4. Add it to the stack after the first OU and dont allow imports on duplicate
5. Deploy the stack. The first OU will import, the second will fail as expected, and the first one will be deleted.

Expected behavior
If importOnDuplicate is used and the stack is rolling back then delete should retain the item. Perhaps the python code could check the stack state before a delete.

Screenshots

Logs

Additional context

Describe the bug
When existing account is located in a root of an Org an error occurs because existing account info contains all root details instead of just the id.

To Reproduce
Move an account to the root. Try to move it back.

Expected behavior
It moves without error.

Screenshots

Logs

Invalid type for parameter SourceParentId, value: {'Id': '<redacted>', 'Arn': 'arn:aws:organizations::<redacted>', 'Name': 'Root', 'PolicyTypes': [{'Type': 'SERVICE_CONTROL_POLICY', 'Status': 'ENABLED'}]}, type: <class 'dict'>, valid types: <class 'str'>

Additional context
Need to modify the function that returns the data to only return the root ID