From 335179b4ab4a6a457cce2330142195be3b381195 Mon Sep 17 00:00:00 2001 From: Yousif Akbar <11247449+yhakbar@users.noreply.github.com> Date: Fri, 10 Oct 2025 16:16:50 -0400 Subject: [PATCH 1/3] fix: Adding some basic fixes for AWS first infra change docs --- ...oying-to-aws-gov-cloud.md => deploying-to-aws-gov-cloud.mdx} | 1 + .../tutorials/deploying-your-first-infrastructure-change.mdx | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) rename docs/2.0/docs/pipelines/tutorials/{deploying-to-aws-gov-cloud.md => deploying-to-aws-gov-cloud.mdx} (99%) diff --git a/docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.md b/docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.mdx similarity index 99% rename from docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.md rename to docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.mdx index 40f916d47..7b2f7ca07 100644 --- a/docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.md +++ b/docs/2.0/docs/pipelines/tutorials/deploying-to-aws-gov-cloud.mdx @@ -5,6 +5,7 @@ import Tabs from "@theme/Tabs" import TabItem from "@theme/TabItem" In this tutorial, we will guide you through deploying an AWS S3 bucket to AWS GovCloud using Gruntwork Pipelines. + ## What you'll get By the end of this tutorial, you will have: diff --git a/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx b/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx index e3af1b485..d3f83694a 100644 --- a/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx +++ b/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx @@ -59,7 +59,7 @@ This section covers creating a cloud storage resource using Pipelines and GitOps } include "root" { - path = find_in_parent_folders() + path = find_in_parent_folders("root.hcl") } inputs = { From d9330157abd0ac48683ca989005d762de9f2fe85 Mon Sep 17 00:00:00 2001 From: Yousif Akbar <11247449+yhakbar@users.noreply.github.com> Date: Fri, 10 Oct 2025 16:31:37 -0400 Subject: [PATCH 2/3] docs: Adding permissions callout for AWS and Azure --- .../deploying-your-first-infrastructure-change.mdx | 14 ++++++++++++++ .../tutorials/destroying-infrastructure.mdx | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx b/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx index d3f83694a..f08aed8da 100644 --- a/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx +++ b/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx @@ -31,6 +31,14 @@ This section covers creating a cloud storage resource using Pipelines and GitOps +:::caution Permissions Required + +By default, Pipelines is configured with the permissions needed to complete this tutorial. However, depending on your specific setup, you may need to adjust the IAM roles used by Pipelines to ensure they have the necessary permissions. + +The default Pipelines role has permissions to create S3 buckets with names that start with `test-pipelines-`. If you want to use a different bucket name, you may need to update the IAM policy accordingly. + +::: + 1. Create the folder structure for the new S3 bucket in your environment. Replace with the account name you are deploying to and with the AWS region where the S3 bucket will be deployed. ```bash @@ -70,6 +78,12 @@ This section covers creating a cloud storage resource using Pipelines and GitOps +:::caution Permissions Required + +By default, Pipelines is configured with the permissions needed to complete this tutorial. However, depending on your specific setup, you may need to adjust the role used by Pipelines to ensure it has the appropriate permissions to create Resource Groups and Storage Accounts in your subscription. + +::: + 1. Create the folder structure for the new Resource Group and Storage Account in your environment. Replace with the subscription name you are deploying to, with the Azure location where the resources will be deployed, and with your desired resource group name. ```bash diff --git a/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx b/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx index dc7c86117..45f53475e 100644 --- a/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx +++ b/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx @@ -30,6 +30,14 @@ This section explains how to destroy cloud resources using Pipelines and GitOps +:::caution Permissions Required + +By default, Pipelines is configured with the permissions needed to complete this tutorial. However, depending on your specific setup, you may need to adjust the IAM roles used by Pipelines to ensure they have the necessary permissions to destroy resources. + +The default Pipelines role has permissions to delete S3 buckets with names that start with `test-pipelines-`. If you're destroying resources with different naming conventions, you may need to update the IAM policy accordingly. + +::: + 1. Remove the folder containing the infrastructure code for the resource you want to destroy. For the S3 bucket example, delete the folder containing the S3 bucket code. Replace and with the appropriate values. ```bash @@ -41,6 +49,12 @@ This section explains how to destroy cloud resources using Pipelines and GitOps +:::caution Permissions Required + +By default, Pipelines is configured with the permissions needed to complete this tutorial. However, depending on your specific setup, you may need to adjust the role used by Pipelines to ensure it has the appropriate permissions to delete Resource Groups and Storage Accounts in your subscription. + +::: + 1. Remove the folder containing the infrastructure code for the resources you want to destroy. For the Resource Group and Storage Account example, delete the folder containing all the resource group code. Replace , , and with the appropriate values. ```bash From d0d5e33e39f19099dde71f0864d9238b2e782bfe Mon Sep 17 00:00:00 2001 From: Yousif Akbar <11247449+yhakbar@users.noreply.github.com> Date: Fri, 10 Oct 2025 16:36:22 -0400 Subject: [PATCH 3/3] docs: Adding callout for permissions that are required for tutorials --- .../deploying-your-first-infrastructure-change.mdx | 8 ++++++++ .../pipelines/tutorials/destroying-infrastructure.mdx | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx b/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx index f08aed8da..4b4e7acaf 100644 --- a/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx +++ b/docs/2.0/docs/pipelines/tutorials/deploying-your-first-infrastructure-change.mdx @@ -37,6 +37,10 @@ By default, Pipelines is configured with the permissions needed to complete this The default Pipelines role has permissions to create S3 buckets with names that start with `test-pipelines-`. If you want to use a different bucket name, you may need to update the IAM policy accordingly. +:::tip +The default `bootstrap` Terragrunt stack provided in the installation guide includes `plan_iam_policy` and `apply_iam_policy` values that can be configured to adjust the permissions granted to Pipelines. +::: + ::: 1. Create the folder structure for the new S3 bucket in your environment. Replace with the account name you are deploying to and with the AWS region where the S3 bucket will be deployed. @@ -82,6 +86,10 @@ The default Pipelines role has permissions to create S3 buckets with names that By default, Pipelines is configured with the permissions needed to complete this tutorial. However, depending on your specific setup, you may need to adjust the role used by Pipelines to ensure it has the appropriate permissions to create Resource Groups and Storage Accounts in your subscription. +:::tip +The default `bootstrap` Terragrunt stack provided in the installation guide includes `plan_custom_role_actions` and `apply_custom_role_actions` values that can be configured to adjust the permissions granted to Pipelines. +::: + ::: 1. Create the folder structure for the new Resource Group and Storage Account in your environment. Replace with the subscription name you are deploying to, with the Azure location where the resources will be deployed, and with your desired resource group name. diff --git a/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx b/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx index 45f53475e..00265d936 100644 --- a/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx +++ b/docs/2.0/docs/pipelines/tutorials/destroying-infrastructure.mdx @@ -36,6 +36,10 @@ By default, Pipelines is configured with the permissions needed to complete this The default Pipelines role has permissions to delete S3 buckets with names that start with `test-pipelines-`. If you're destroying resources with different naming conventions, you may need to update the IAM policy accordingly. +:::tip +The default `bootstrap` Terragrunt stack provided in the installation guide includes `plan_iam_policy` and `apply_iam_policy` values that can be configured to adjust the permissions granted to Pipelines. +::: + ::: 1. Remove the folder containing the infrastructure code for the resource you want to destroy. For the S3 bucket example, delete the folder containing the S3 bucket code. Replace and with the appropriate values. @@ -53,6 +57,10 @@ The default Pipelines role has permissions to delete S3 buckets with names that By default, Pipelines is configured with the permissions needed to complete this tutorial. However, depending on your specific setup, you may need to adjust the role used by Pipelines to ensure it has the appropriate permissions to delete Resource Groups and Storage Accounts in your subscription. +:::tip +The default `bootstrap` Terragrunt stack provided in the installation guide includes `plan_custom_role_actions` and `apply_custom_role_actions` values that can be configured to adjust the permissions granted to Pipelines. +::: + ::: 1. Remove the folder containing the infrastructure code for the resources you want to destroy. For the Resource Group and Storage Account example, delete the folder containing all the resource group code. Replace , , and with the appropriate values.