Skip to content

Fix stale API endpoint cache and improve deploy UX#17

Merged
carlosinfantes merged 1 commit into
mainfrom
fix/stale-endpoint-cache
Mar 5, 2026
Merged

Fix stale API endpoint cache and improve deploy UX#17
carlosinfantes merged 1 commit into
mainfrom
fix/stale-endpoint-cache

Conversation

@carlosinfantes
Copy link
Copy Markdown
Owner

@carlosinfantes carlosinfantes commented Mar 5, 2026

Summary

  • Fix stale endpoint cache: After a destroy+redeploy, the CLI used a cached API Gateway URL that no longer exists, causing DNS resolution failures. Now CloudFormation is queried first (always fresh), with cache as fallback only when CFN is unavailable. Profile is included in the cache key to prevent cross-profile collisions.
  • Add ./deploy.sh --setup-role: One-command assessment role creation with deterministic External ID and ready-to-paste assess command output.
  • Improve post-deploy next steps: Copy-pasteable commands with actual profile, account ID, role ARN, and external ID filled in.
  • Add CLI uninstall hint: destroy.sh now shows pip uninstall cloudsecure in the teardown summary.

Test plan

  • Full lifecycle tested: destroy → deploy → setup-role → assess → report → teardown (profile lkf, account 748901516722)
  • Verified stale cache no longer causes failures after redeploy
  • Shell syntax validation (bash -n) passes
  • Pre-commit hooks pass
  • Rebased on latest main (no conflicts)

🤖 Generated with Claude Code

@claude
Fix stale API endpoint cache and improve deploy UX
9216f35 
The CLI cached the API Gateway endpoint indefinitely in
~/.cloudsecure/config.json. After a destroy+redeploy the API Gateway ID
changes but the stale cached URL was used, causing DNS resolution failures.

Fix: Invert resolution priority — always query CloudFormation first for a
fresh endpoint, fall back to cache only when CFN is unavailable (offline or
lacking permissions). Also include the AWS profile in the cache key to
prevent cross-profile collisions.

Additionally improves the first-time user experience:
- Add ./deploy.sh --setup-role to automate assessment role creation
- Improve post-deploy next steps with copy-pasteable commands
- Add CLI uninstall hint to destroy.sh teardown summary

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@carlosinfantes carlosinfantes merged commit 0761c27 into main Mar 5, 2026
2 checks passed
@carlosinfantes carlosinfantes deleted the fix/stale-endpoint-cache branch March 5, 2026 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jorgemarti jorgemarti jorgemarti approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@carlosinfantes @jorgemarti