Skip to content

awslabs/aws-cross-account-cicd-git-actions-prereq

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits

target-account

target-account

 
 

tools-account

tools-account

 
 

.gitignore

.gitignore

 
 

.npmignore

.npmignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

aws-cross-account-cicd-git-actions-prereq

This project is prerequisite to aws-cross-account-cicd-git-actions. It is to be deployed via CDK (Typescript).

License

This library is licensed under the MIT-0 License. See the LICENSE file.

System requirements

Project Structure

Project has been structured into two sections target-account and tools-account. Each section has one stack under folder src/ that deploys to an AWS account tools-account

The cdk stack here deploys IAM user to the tools AWS account. This IAM user is will be used by git action workflow to carry out deployment in target account

  • src/cdk-stack.ts deploys IAM user and stores its secret in secret manager.
  • src/cdk-stack-param.json Defines parameters to be used in the stack. The only parameter currently is TARGET_ACCOUNT_USER_ARN which defines the cross account iam role arn that the user would be allowed to assume when carrying out deployment. In the arn replace <target-account-id> with AWS account id of designated deployment target account.

The stack is part of app.ts which represents an cdk app.

target-account

The cdk stack here deploys cross account iam role and cloudformation execution iam role to the target AWS account.

  • src/cdk-stack.ts deploys cross account and cloudformation execution iam roles.
  • src/cdk-stack-param.json Defines parameters to be used in the stack. The only parameter currently is TOOLS_ACCOUNT_USER_ARN which defines the iam user arn that would be allowed to assume the cross account role. In the arn replace <tools-account-id> with AWS account id of designated tools account.

The stack is part of app.ts which represents an cdk app.

Deployment using CDK

Both sections target-account and tools-account are to be deployed as a cdk app using deploy.sh script provided under their respective folder.

Script takes AWS profile name configured in ~/.aws/credentials file as the only parameter. This AWS profile should pertain to the AWS account designated as the deployment target. It also needs to have necessary permissions to carry out their respective tasks. For target-account permissions are required to create Cloudformation stack and IAM roles. Cloudformation exports GIT-ACTIONS-CF-EXECUTION-ROLE-ARN and GIT-ACTIONS-CROSS-ACCOUNT-ROLE-ARN. You will need them. For tools-account permissions are required to create Cloudformation stack, IAM user and Secret Manager secret. Cloudformation exports GIT-ACTIONS-DEPLOYMENT-USER-ACCESS-KEY and GIT-ACTIONS-DEPLOYMENT-USER-ARN. You will need them.

As a prerequisite to deployment please setup a profile for the tools account and each AWS account to be designated as the deployment target.

About

No description, website, or topics provided.

Resources

Readme

License

MIT-0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

9 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages