Skip to content

Sage-Bionetworks-IT/organizations-infra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,800 Commits

.github

.github

 
 

org-formation

org-formation

 
 

sceptre

sceptre

 
 

.gitallowed

.gitallowed

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

.yamllint

.yamllint

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

Overview

Install, configure and manage the AWS organizations management account and all its member accounts.

We use a combination of org-formation and sceptre to deploy AWS cloud resources using cloudformation.

Deployments

We boostrapped our AWS management account before deployments can happen.

org-formation

Deploy resources to master and all member accounts

  • install nodejs
  • cd org-formation
  • run 'npm install'
  • run npx org-formation process-tasks --profile master-profile --verbose --print-stack organization-tasks.yaml

Note: master-profile is a profile that can assume the account's organizations-admin role

Refer to Org-Formation Overview for a summary of what org-formation deploys.

sceptre

Install your machine and then and then run:

  • create a python 3.x virtualenv
  • run pip install sceptre sceptre-ssm-resolver sceptre-date-resolver sceptre-file-resolver
  • cd sceptre/folder (i.e. sceptre/sandbox)
  • uncomment # profile: {{ var.profile | default("default") }} in config/configs.yaml
  • run sceptre --var "profile=member-profile" --var "region=us-east-1" launch prod/my-template.yaml

Note: member-profile is a profile that can assume the member account's OrganizationAccountAccessRole role

Run in a docker container:

docker run --rm --name sceptre -v /path/to/src/organizations-infra/sceptre/scipool:/project \
-v $HOME/.aws:/root/.aws/:ro sceptreorg/sceptre \
--var "region=us-east-1" launch -y prod/my-template.yaml

Automation

We have setup Github actions to automate deployments to the AWS management and all member accounts. The deployment runs on every merge to the master branch.

Org-formation manages deployments to specific accounts using organization Bindings

Sceptre manages deployments to specific accounts with designated config folders (i.e. config/dev or config/prod).

Contributions

Contributions are welcome.

Requirements:

  • Install pre-commit app
  • Clone this repo
  • Run pre-commit install to install the git hook.

Testing

As a pre-deployment step we syntatically validate our sceptre and cloudformation yaml files with pre-commit.

Please install pre-commit, once installed the file validations will automatically run on every commit. Alternatively you can manually execute the validations by running pre-commit run --all-files. Please install pre-commit, once installed the file validations will automatically run on every commit.

To debug jinja template processing in sceptre, go the the corresponding sceptre/* directory and run e.g. sceptre generate develop.

Issues

Builds

Secrets

  • We use the AWS SSM to store secrets for this project. Sceptre retrieves the secrets using a sceptre ssm resolver and passes them to the cloudformation stack on deployment.

About

Sage AWS Organizations

Topics

sage-bionetworks-it

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

8 watching

Forks

27 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 22

+ 8 contributors

Languages