Install, configure and manage the AWS organizations management account and all its member accounts.
We use a combination of org-formation and sceptre to deploy AWS cloud resources using cloudformation.
We boostrapped our AWS management account before deployments can happen.
Deploy resources to master and all member accounts
- install nodejs
- cd org-formation
- run 'npm install'
- run
npx org-formation process-tasks --profile master-profile --verbose --print-stack organization-tasks.yaml
Note: master-profile is a profile that can assume the account's organizations-admin role
Refer to Org-Formation Overview for a summary of what org-formation deploys.
- create a python 3.x virtualenv
- run
pip install sceptre sceptre-ssm-resolver sceptre-date-resolver sceptre-file-resolver - cd sceptre/folder (i.e. sceptre/sandbox)
- uncomment
# profile: {{ var.profile | default("default") }}in config/configs.yaml - run
sceptre --var "profile=member-profile" --var "region=us-east-1" launch prod/my-template.yaml
Note: member-profile is a profile that can assume the member account's OrganizationAccountAccessRole role
docker run --rm --name sceptre -v /path/to/src/organizations-infra/sceptre/scipool:/project \
-v $HOME/.aws:/root/.aws/:ro sceptreorg/sceptre \
--var "region=us-east-1" launch -y prod/my-template.yaml
We have setup Github actions to automate deployments to the AWS management and all member accounts. The deployment runs on every merge to the master branch.
Org-formation manages deployments to specific accounts using organization Bindings
Sceptre manages deployments to specific accounts with designated config folders (i.e. config/dev or config/prod).
Contributions are welcome.
Requirements:
- Install pre-commit app
- Clone this repo
- Run
pre-commit installto install the git hook.
As a pre-deployment step we syntatically validate our sceptre and cloudformation yaml files with pre-commit.
Please install pre-commit, once installed the file validations will
automatically run on every commit. Alternatively you can manually
execute the validations by running pre-commit run --all-files.
Please install pre-commit, once installed the file validations will
automatically run on every commit.
To debug jinja template processing in sceptre, go the the corresponding
sceptre/* directory and run e.g. sceptre generate develop.
- We use the AWS SSM to store secrets for this project. Sceptre retrieves the secrets using a sceptre ssm resolver and passes them to the cloudformation stack on deployment.