Skip to content

Latest commit

 

History

History

0-bootstrap

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
bootstrap
bootstrap
 
 
cicd
cicd
 
 
tf-prerequisites
tf-prerequisites
 
 
README.md
README.md
 
 
bootstrap.sh
bootstrap.sh
 
 

README.md

0-bootstrap

Prerequisites

This step even though contains the very inauguration of the Landing Zone still has some prerequisites viz. It expects that AWS Organization is already set up along with optional SSO integration as a best practice going forward. It expects that whoever will run the 0-bootstrap step has admin access to the management account. It expects we have all the configuration parameters inside the file lzconfig.yaml. This is the most important file in the GitHub repository which contains all of the configuration parameters related to AWS LZ.

Overview Details

To achieve the expected end result with terraform, we will make use of a bash script which will expect that we use the Organization Admin Role from the management account; or any role that basically has the authority to create Organizational Units and Accounts on AWS.

Authenticate the shell with AWS IAM credentials belonging to the administrator user of the management account and trigger the script 0-bootstrap/bootstrap.sh

The script will do terraform apply in 0-bootstrap/tf-prerequisites directory first which will create an S3 bucket and DynamoDB table which will be used by Terraform to store the state and state locking mechanism respectively in management account.

Afterwards, 0-bootstrap/bootstrap directory will get triggered which will create and Organization Unit as well as AWS Account called LZ CICD. This newly created account will hold our CICD automation stack.

Requirements

Name Version
terraform >= 1.3.0
aws >= 4.45.0
awsutils >= 0.1.0

Providers

Name Version
aws 5.21.0

Modules

Name Source Version
s3-state ../../terraform/modules/s3-bucket n/a
setup_cicd_account ./modules/cicd n/a

Resources

Name Type
aws_iam_role.ci-cd-master-role resource
aws_iam_role_policy_attachment.ci-cd-master-role-policy resource
aws_organizations_account.bootstrap resource
aws_organizations_organization.org resource
aws_organizations_organizational_unit.bootstrap resource
aws_organizations_organization.org data source
terraform_remote_state.remote data source
aws_appautoscaling_policy.dynamodb_table_read_policy resource
aws_appautoscaling_policy.dynamodb_table_write_policy resource
aws_appautoscaling_target.dynamodb_table_read_target resource
aws_appautoscaling_target.dynamodb_table_write_target resource
aws_dynamodb_table.dynamodb-terraform-state-lock resource
aws_iam_policy_document.lz_state_bucket_policy data source
aws_organizations_organization.org data source

Inputs

Name Description Type Default Required
lz-cicd-scp n/a list [] no
scp list of policies which you want to create 
list(object({
    name        = string
    policy_file = string
  }))
 [] no
code_pipeline_build_stages maps of build type stages configured in CodePipeline map 
{
  "regula": "regula-spec.yaml",
  "tf-base": "terraform-spec.yaml"
}
 no
custom_tags Resources tags 
object({
    Environment    = string
    TargetAccounts = string
    DeploymentType = string
  })
 
{
  "DeploymentType": "Terraform",
  "Environment": "Deployment",
  "TargetAccounts": "Demo"
}
 no
git_repository_name Name of the remote git repository to be created string "aws-landing-zone" no

Outputs

Name Description
accounts_id_map LZCICD AWS account id
codebuild_name Codebuild Project's name
codebuild_s3bucket Name of the Codebuild bucket
codepipeline_name The name of the pipeline.
codepipeline_s3bucket Name of the Codepipeline bucket