Install, configure and manage the AWS organizations management account and all its member accounts.
We use a combination of org-formation and sceptre to deploy AWS cloud resources using cloudformation.
We boostrapped our AWS management account before deployments can happen.
Deploy resources to master and all member accounts
- install nodejs
- cd org-formation
- run 'npm install'
- run
npx org-formation process-tasks --profile master-profile --verbose --print-stack organization-tasks.yaml
Note: master-profile is a profile that can assume the account's organizations-admin
role
Refer to Org-Formation Overview for a summary of what org-formation deploys.
- create a python 3.x virtualenv
- run
pip install sceptre sceptre-ssm-resolver sceptre-date-resolver git+git://github.com/Sceptre/sceptre-file-resolver.git
- cd sceptre/folder (i.e. sceptre/sandbox)
- uncomment
# profile: {{ var.profile | default("default") }}
in config/configs.yaml - run
sceptre --var "profile=member-profile" --var "region=us-east-1" launch prod/my-template.yaml
Note: member-profile is a profile that can assume the member account's OrganizationAccountAccessRole
role
We have setup Github actions to automate deployments to the AWS management and all member accounts. The deployment runs on every merge to the master branch.
Org-formation manages deployments to specific accounts using organization Bindings
Sceptre manages deployments to specific accounts with designated config folders (i.e. config/dev or config/prod).
Contributions are welcome.
Requirements:
- Install pre-commit app
- Clone this repo
- Run
pre-commit install
to install the git hook.
As a pre-deployment step we syntatically validate our sceptre and cloudformation yaml files with pre-commit.
Please install pre-commit, once installed the file validations will
automatically run on every commit. Alternatively you can manually
execute the validations by running pre-commit run --all-files
.
Please install pre-commit, once installed the file validations will
automatically run on every commit.
- We use the AWS SSM to store secrets for this project. Sceptre retrieves the secrets using a sceptre ssm resolver and passes them to the cloudformation stack on deployment.