I use Sceptre to manage AWS infrastructure, but not always in a CI/CD pipeline. Sometimes updates are manual. In that case, the engineer will set the environment variables corresponding to the AWS account (usually there are three accounts per project, dev-pre-pro), and in the project folder execute something like sceptre launch pre.
There appears a problem when the AWS account in the environment is not actually the right account, for example executing sceptre launch pre when the environment keys are for the dev project. While of course people shouldn't mess up, and usually any mistakes are caught by warnings, I would like to prevent errors, and I think the best way would be to explicitly set an account number in the configuration and have sceptre check in some pre-hook that it is actually accessing that account before attempting any modification.
How would that best be done? I know how to identify the account number using plain boto commands; can I simply put some plain python pre-hook that would get the account keys from the environment, the expected account number from a sceptre parameter, and abort on any discrepancy, or is there a better way?
There is provision for hooks with
sceptretemplates as well. See: hook-docsYou can either run
aws-clicommand with hook like below:Or if you want to do a bit more, you can try creating a custom hook. Ref: custom-hooks