Pre migration:
Get Cogonito user pool configured - to be fully terraformed
a. password policy: default
b. lambdas: migrate user trigger & pre token generation trigger
c. app client for Admins-UI
d. messaging - FROM email: no-reply@tis.nhs.ukGet Admins API-Gateway configured - terraformed
Get Admins-UI on CloudFront configured (pipeline should be done on another branch) - in progress
Get revalidation config PR ready and Reval API-Gateway PR ready (ready means approved, or merged and not applied yet) - not yet
Get UserManagement fully tested locally (or on Alpha?)(give errors to admins when user does not exist on Cognito?)
We do give an error when the user does not exist, but the error is thrown from the backend and it is not shown in a friendly way to users.Give notice to all users in advance
Mid migration:
Give notice to users to inform the migration start
Restrict access of UserManagement (Modify API-Gateway to only allow some specific get reqeusts? Or remove user permission/roles temporarily? Or remove mapping annotation on the endpoints (POST/DELETE)?)
Switch Admins-UI DNS to use the app on CloudFront (new Admins API-Gateway), mind the TTL
Switch Reval to the new user pool and get Reval API-Gateway configured
Switch UserManagement to Cognito and release the UserManagement to users
Rollback plan:
3. If Admins-UI becomes unaccessible, switch DNS back
4. If Reval becomes unaccessible and cannot get resolved for 1(?) hour, roll back Reval and do 3
5. If UserManagement cannot be setup properly, try to find the issue and fix it within 1-2days?
Post migration (if the migration has done)
Some scenario to resolve:
Given user management has switched to manage Cognito users
When an admin comes to a user details page that hasn't been migrated to Cognito yet
Then should we provide a button for the admin to create this user on Cognito? Or provide an error message for admins?
0 Comments