Should the account emails use the parent account id ?

Question

Should the account emails use the parent account id ?

npvisual opened this issue 2 years ago · comments

Nicolas Philippe commented 2 years ago

Description

I just deployed the AWS Bootstrap Kit Examples' SDLC Org app, with a slightly different org structure :

Notice how the Prod and Staging accounts for Tenant-A have the following :

Prod : acct # starting in 3428590... but email with aws-accounts+Prod-0833601...@mycompany.com
Staging : acct # starting in 67632595... but email with aws-accounts+Staging-0833601...@mycompany.com

This is, of course, from the perspective of a SaaS provider deploying multiple tenant environments.

So if we want to create Tenant-B with the same Prod and Staging structure we would be re-using the same email account to send AWS account creation notices, effectively making it impossible to distinguish which AWS account those are for.

The emails received (8 in total), all had one of the following 2 recipients :

aws-accounts+Prod-0833601...@mycompany.com, or
aws-accounts+Staging-0833601...@mycompany.com

Note : account numbers masked and email domains changed on purpose.

Suggestion

Would it be possible to use email addresses with the actual ID of the account being created, rather than the stack account number ?

Current code below :

      else if(this.emailPrefix && this.domain)
      {
        accountEmail = `${this.emailPrefix}+${accountSpec.name}-${Stack.of(this).account}@${this.domain}`
      }

Florian Chazal · Answer 1 · Tue Dec 27 2022 17:40:51 GMT+0800 (China Standard Time)

Good point . We will consider that shortly.