Background
We had an issue where ESO module triggered a divergence alert within live clusters:
https://concourse.cloud-platform.service.justice.gov.uk/teams/main/pipelines/divergence/jobs/divergence-eks-live-components/builds/1710#L66ad0cd2:1023
This was because the ESO module calls this terraform module inside of it, and we have a fairly relaxed version constraint on it: ~> 5.0. A new minor version was released with some underlying changes to the module's IAM policy, which triggered the divergence fail.
We should review all child module third-party calls in our Terraform and check whether contraints or pinning is the right way to manage versioning of these.
We should also review our processes for when a divergence pipeline fails - for example we probably want to freeze infra apply pipelines whilst we investigate the root cause.
Update the runbook as required.
Questions / Assumptions
Definition of done
Reference
How to write good user stories
Background
We had an issue where ESO module triggered a divergence alert within live clusters:
https://concourse.cloud-platform.service.justice.gov.uk/teams/main/pipelines/divergence/jobs/divergence-eks-live-components/builds/1710#L66ad0cd2:1023
This was because the ESO module calls this terraform module inside of it, and we have a fairly relaxed version constraint on it:
~> 5.0. A new minor version was released with some underlying changes to the module's IAM policy, which triggered the divergence fail.We should review all child module third-party calls in our Terraform and check whether contraints or pinning is the right way to manage versioning of these.
We should also review our processes for when a divergence pipeline fails - for example we probably want to freeze infra apply pipelines whilst we investigate the root cause.
Update the runbook as required.
Questions / Assumptions
Definition of done
Reference
How to write good user stories