Comments (5)
bundyfx
commented on September 24, 2024
regional.yml will bootstrap accounts in regions other than the global region. When setting up ADF you would of defined a global (main) region, this region will be the target for any global.yml files found. You can also define target regions, these regions will be the target for any regional.yml files. Currently ADF does not apply the regional.yml to the global region even if its included as a target region.
I would recommend creating a deployment pipeline in the deployment account to deploy resources (such as CloudTrail, Logging resources) in a scalable and streamlined manner as oppose to bootstrapping these into the accounts.
from aws-deployment-framework.
larsrnielsen
commented on September 24, 2024
Hi,
Thanks for your explanation, it makes sense. Regarding bootstrap vs
pipeline, I am planning to create a service catalog based account vending
machine that would create new accounts under a certain OU, like
applications or sandboxes. By moving the necessary network (connection to
Transit Gateway), compliance (CloudTrail, Cloud Custodian, ...) and
security configuration (VPC flow logs, GuardDuty client, ...) to bootstrap
instead of pipeline, I would avoid manual reconfiguration of the deployment
map. The pipeline part is then for the infrastructure supporting the
application. Or should I go in another direction?
Lars
fre. 12. jul. 2019 kl. 21.46 skrev Flynn Bundy <[email protected]>:
… Hi @larsrnielsen <https://github.com/larsrnielsen>
regional.yml will bootstrap accounts in regions *other than* the global
region. When setting up ADF you would of defined a global (main) region,
this region will be the target for any global.yml files found. You can also
define target regions, these regions will be the target for any
regional.yml files. Currently ADF does not apply the regional.yml to the
global region even if its included as a target region.
I would recommend creating a deployment pipeline in the deployment account
to deploy resources (such as CloudTrail, Logging resources) in a scalable
and streamlined manner as oppose to bootstrapping these into the accounts.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#96?email_source=notifications&email_token=AAPOXKM662PQX4BDKICMDALP7DNSJA5CNFSM4ICOJOE2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZ2WSLY#issuecomment-511011119>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAPOXKNTK2VFAMZWC3LNOLTP7DNSJANCNFSM4ICOJOEQ>
.
from aws-deployment-framework.
bundyfx
commented on September 24, 2024
There is no need to reconfigure the deployment map for each new account, just set it up to target the OU's you would like to have your foundation stacks deployed to, then set it to ExecuteOnPipelineUpdate. For example:
pipelines:
- name: sample-pipeline # The name of your pipeline (This will match the name of your repository)
type: cc-cloudformation # The pipeline_type you wish to use for this pipeline
params:
- SourceAccountId: 111111111111 # The source account that will hold the codebase
- RestartExecutionOnUpdate: true # This means it will automatically trigger when a new account moves into any of the below OU's (After they have been bootstrapped)
targets: # Deployment stages
- /business_unit/testing
- /business_unit/production
You can create multiple pipelines for different foundation aspects, you can even set up pipelines to have completion triggers that will trigger other pipelines when they complete successfully. This is the preferred way to go when deploying resources. The base stacks are mostly just for setting up ADF roles that are then assumed by pipelines. Where possible its best to avoid adding more resources to them.
from aws-deployment-framework.
bundyfx
commented on September 24, 2024
Closing as this was a question, let me know if I can elaborate further.
from aws-deployment-framework.
s0enke
commented on September 24, 2024
Currently ADF does not apply the regional.yml to the global region even if its included as a target region.
Hey @bundyfx, thanks for the explanation. Could you elaborate on why regional bootstrapping is not roled out to the deployment-account region?
At least I would propose to document the behavior in the Admin Guide. Currently it states
No need to also include 'eu-central-1' in targets as the deployment-account region is also considered a target region by default.
which led me believe that regional baselines are also deployed to the deployment-account region.
My current workaround/hack is to duplicate all resources from regional.yml to global.yml.
from aws-deployment-framework.
Related Issues (20)
- [Bug]: Account Based Terraform variables do not work
- [Feat]: Improve auto-create-repository behaviour within Deployment Map Definition HOT 1
- [Feat]: Add Python isort and black linters. HOT 2
- [Feat]: Enhanced Targetting via Tags HOT 1
- AWS CodeBuild error: 'list' object has no attribute 'get'
- [Bug]: generate_params script type errors are not clear what's the issue
- [Bug]: <Error during ADF deployment cfn_custom_resource> HOT 4
- [Chore]: Upgrade GitHub CodeQL Action v2 to v3 HOT 1
- [Feat]: enable pylint on samples dir and optionally on test files
- ADF new version release HOT 4
- [Feat]: deploy multiple SCPs to a single OU or account HOT 6
- is it possibile to create another aws account using ADF HOT 2
- [Bug]: Account creation is broken since the release of lambda runtime 3.9v51 HOT 2
- [Feat]: Alerting for when AccountFileProcessorFunction fails
- StateMachine PipelineDeletionStateMachine is in failed HOT 1
- adf-bootstrap code pipeline fails in management account HOT 1
- [Bug]: installation through Makefile fails because of missing 'packaging' dependency HOT 3
- [Bug]: Terraform pipeline get accounts script error
- [Bug]: Terraform pipeline unable to upload the tf statefile
- [Bug]: Issue installing adf in new account HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-deployment-framework.