- Ansible for configuration management
- GitHub as code repository and pipeline runner
- Terraform as Infrastructure as Code to provision AWS resources
- Packer to create golden images (refer to ami-factory)
The deployment pipeline runs using GitHub Actions. Workflows are created per customer by copying and updating the template.yml file in ./github/workflows/ directory.
The following runs on: pull_request
- Checkov - to apply static code analysis
- Infracost - to see cloud costs before launching resources
- Terraform Plan - to show changes required by the current configuration
The following runs on: push
- Terraform Apply - to finaly create or update infrastructure
- Configure Servers - to configure the provisioned servers using Ansible
| Tool | Use |
|---|---|
| Visual Studio Code | Code editor |
| AWS CLI | To enable assume role via terminal while running Terraform code locally |
| Terraform | To enable running of Terraform code locally |
| Ansible | To enable running of Ansible playbooks locally |
| AWS Cloud 9 | Cloud-based IDE for Windows users who need to perform Ansible-related tasks |
| Git | Version Control System |
| AWS Tools for PowerShell on Windows | To assume roles when working with Terraform locally |
| Role ARN | Use | Session Duration |
|---|---|---|
arn:aws:iam::<customeraccount#>:role/SSMInstanceProfile |
the instance role profile used by provisioned EC2 instances | 2 Hours |
arn:aws:iam::<customeraccount#>:role/github-oidc |
the role used by GitHub Actions to permit AWS configuration on configure_servers job; primarily used when running AWS commands on CLI | 2 Hours |
arn:aws:iam::<customeraccount#>:role/AWSAFTExecution |
the role assumed by Terraform to permit AWS configuration | 2 Hours |
arn:aws:iam::231639157514:role/github-oidc |
the role used during terraform_apply and terraform_plan job | 2 Hours |
arn:aws:iam::812224207958:role/AWSAFTExecution |
the role assumed by Terraform to use resources on shared services account | 1 Hour |