diff --git a/examples/snippets/.claude/skills/developing-components/SKILL.md b/examples/snippets/.claude/skills/developing-components/SKILL.md index 60fb6b430..b32398666 100644 --- a/examples/snippets/.claude/skills/developing-components/SKILL.md +++ b/examples/snippets/.claude/skills/developing-components/SKILL.md @@ -194,7 +194,7 @@ components: Stack files in `stacks/orgs/acme/` mirror the AWS account structure: -- `orgs/acme/core/` - Core accounts (root, audit, security, identity, network, dns, auto, artifacts) +- `orgs/acme/core/` - Core accounts (root, audit, security, network, auto, artifacts) - `orgs/acme/plat/` - Platform accounts (sandbox, dev, staging, prod) Within each stage, organized by region: diff --git a/examples/snippets/.claude/skills/developing-stacks/SKILL.md b/examples/snippets/.claude/skills/developing-stacks/SKILL.md index fc169591a..21f1a0011 100644 --- a/examples/snippets/.claude/skills/developing-stacks/SKILL.md +++ b/examples/snippets/.claude/skills/developing-stacks/SKILL.md @@ -30,8 +30,7 @@ stacks/ │ │ ├── auto/ # Automation account │ │ ├── artifacts/ # Artifacts account (ECR, S3) │ │ ├── audit/ # Audit/logging account -│ │ ├── dns/ # DNS account -│ │ ├── network/ # Network account (TGW, VPN) +│ │ ├── network/ # Network account (TGW, VPN, DNS) │ │ └── security/ # Security account │ └── plat/ # Platform tenant (workloads) │ ├── _defaults.yaml # Tenant defaults (tenant: plat) diff --git a/examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml b/examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml index f1bbe3920..148a5c2b7 100644 --- a/examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml +++ b/examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml @@ -33,7 +33,7 @@ permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout -jobs: +jobs: atmos-apply: name: ${{ inputs.component }}-${{ inputs.stack }} @@ -52,7 +52,7 @@ jobs: - uses: unfor19/install-aws-cli-action@v1 - name: Apply Atmos Component - uses: cloudposse/github-action-atmos-terraform-apply@v7 + uses: cloudposse/github-action-atmos-terraform-apply@v6 env: ATMOS_PROFILE: "github-apply" with: diff --git a/examples/snippets/CLAUDE.md b/examples/snippets/CLAUDE.md index 54c683c35..401fa8335 100644 --- a/examples/snippets/CLAUDE.md +++ b/examples/snippets/CLAUDE.md @@ -1,8 +1,8 @@ # CLAUDE.md AWS infrastructure repository using Cloud Posse reference architecture with Atmos and OpenTofu. Manages multiple AWS -accounts across core (root, audit, security, identity, network, dns, auto, artifacts) and platform (sandbox, dev, -staging, prod) tenants. +accounts across core (root, audit, security, network, auto, artifacts) and platform (sandbox, dev, staging, prod) +tenants. ## Commands diff --git a/examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml b/examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml index 819532e74..444a9da58 100644 --- a/examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml +++ b/examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml @@ -85,7 +85,6 @@ workflows: - command: terraform deploy aws-account/core-artifacts -s core-gbl-root - command: terraform deploy aws-account/core-audit -s core-gbl-root - command: terraform deploy aws-account/core-auto -s core-gbl-root - - command: terraform deploy aws-account/core-dns -s core-gbl-root - command: terraform deploy aws-account/core-network -s core-gbl-root - command: terraform deploy aws-account/core-security -s core-gbl-root - command: terraform deploy aws-account/plat-dev -s core-gbl-root @@ -109,7 +108,6 @@ workflows: - command: terraform deploy aws-account-settings -s core-gbl-artifacts - command: terraform deploy aws-account-settings -s core-gbl-audit - command: terraform deploy aws-account-settings -s core-gbl-auto - - command: terraform deploy aws-account-settings -s core-gbl-dns - command: terraform deploy aws-account-settings -s core-gbl-network - command: terraform deploy aws-account-settings -s core-gbl-root - command: terraform deploy aws-account-settings -s core-gbl-security @@ -125,7 +123,6 @@ workflows: - command: terraform deploy aws-budget -s core-gbl-artifacts - command: terraform deploy aws-budget -s core-gbl-audit - command: terraform deploy aws-budget -s core-gbl-auto - - command: terraform deploy aws-budget -s core-gbl-dns - command: terraform deploy aws-budget -s core-gbl-network - command: terraform deploy aws-budget -s core-gbl-security - command: terraform deploy aws-budget -s plat-gbl-dev diff --git a/examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml b/examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml index a702bb72b..a5057195b 100644 --- a/examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml +++ b/examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml @@ -69,18 +69,18 @@ workflows: deploy/iam-role: description: | - Deploy iam-role/terraform and iam-role/planner to all accounts (except root). + Deploy iam-role/terraform and iam-role/planner roles. These roles are used by GitHub Actions for CI/CD. steps: - # Core accounts (except root) + # Only deploy the planner role in the root account + - command: terraform deploy iam-role/planner -s core-gbl-root + # Core accounts - command: terraform deploy iam-role/terraform -s core-gbl-artifacts - command: terraform deploy iam-role/planner -s core-gbl-artifacts - command: terraform deploy iam-role/terraform -s core-gbl-audit - command: terraform deploy iam-role/planner -s core-gbl-audit - command: terraform deploy iam-role/terraform -s core-gbl-auto - command: terraform deploy iam-role/planner -s core-gbl-auto - - command: terraform deploy iam-role/terraform -s core-gbl-dns - - command: terraform deploy iam-role/planner -s core-gbl-dns - command: terraform deploy iam-role/terraform -s core-gbl-network - command: terraform deploy iam-role/planner -s core-gbl-network - command: terraform deploy iam-role/terraform -s core-gbl-security @@ -105,7 +105,6 @@ workflows: - command: terraform deploy github-oidc-provider -s core-gbl-artifacts - command: terraform deploy github-oidc-provider -s core-gbl-audit - command: terraform deploy github-oidc-provider -s core-gbl-auto - - command: terraform deploy github-oidc-provider -s core-gbl-dns - command: terraform deploy github-oidc-provider -s core-gbl-network - command: terraform deploy github-oidc-provider -s core-gbl-security # Platform accounts diff --git a/examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml b/examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml index d9541e74c..923d14399 100644 --- a/examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml +++ b/examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml @@ -71,7 +71,6 @@ workflows: - command: terraform deploy datadog-configuration -s core-gbl-artifacts - command: terraform deploy datadog-configuration -s core-gbl-audit - command: terraform deploy datadog-configuration -s core-gbl-auto - - command: terraform deploy datadog-configuration -s core-gbl-dns - command: terraform deploy datadog-configuration -s core-gbl-network - command: terraform deploy datadog-configuration -s core-gbl-security - command: terraform deploy datadog-configuration -s plat-gbl-sandbox @@ -85,7 +84,6 @@ workflows: - command: terraform deploy datadog-integration -s core-gbl-artifacts - command: terraform deploy datadog-integration -s core-gbl-audit - command: terraform deploy datadog-integration -s core-gbl-auto - - command: terraform deploy datadog-integration -s core-gbl-dns - command: terraform deploy datadog-integration -s core-gbl-network - command: terraform deploy datadog-integration -s core-gbl-security - command: terraform deploy datadog-integration -s plat-gbl-sandbox @@ -99,7 +97,6 @@ workflows: # - command: terraform deploy datadog-logs-archive -s core-gbl-artifacts # - command: terraform deploy datadog-logs-archive -s core-gbl-audit # - command: terraform deploy datadog-logs-archive -s core-gbl-auto -# - command: terraform deploy datadog-logs-archive -s core-gbl-dns # - command: terraform deploy datadog-logs-archive -s core-gbl-network # - command: terraform deploy datadog-logs-archive -s core-gbl-security # - command: terraform deploy datadog-logs-archive -s plat-gbl-sandbox @@ -122,7 +119,6 @@ workflows: - command: terraform deploy datadog-lambda-forwarder -s core-use1-artifacts - command: terraform deploy datadog-lambda-forwarder -s core-use1-audit - command: terraform deploy datadog-lambda-forwarder -s core-use1-auto - - command: terraform deploy datadog-lambda-forwarder -s core-use1-dns - command: terraform deploy datadog-lambda-forwarder -s core-use1-network - command: terraform deploy datadog-lambda-forwarder -s core-use1-security - command: terraform deploy datadog-lambda-forwarder -s plat-use1-sandbox diff --git a/examples/snippets/stacks/workflows/quickstart/monitor/grafana.yaml b/examples/snippets/stacks/workflows/quickstart/monitor/grafana.yaml index f6691737e..9ec61fe7a 100644 --- a/examples/snippets/stacks/workflows/quickstart/monitor/grafana.yaml +++ b/examples/snippets/stacks/workflows/quickstart/monitor/grafana.yaml @@ -11,15 +11,20 @@ workflows: steps: - command: vendor pull --component managed-prometheus/workspace - command: vendor pull --component managed-grafana/workspace + - command: vendor pull --component managed-grafana/api-key - command: vendor pull --component managed-grafana/dashboard - - command: vendor pull --component managed-grafana/data-source/loki - command: vendor pull --component managed-grafana/data-source/managed-prometheus + - command: vendor pull --component managed-grafana/data-source/loki - command: vendor pull --component eks/prometheus-scraper - command: vendor pull --component eks/loki - command: vendor pull --component eks/promtail + - command: vendor pull --component managed-grafana/data-source/cloudwatch + - command: vendor pull --component managed-grafana/data-source/managed-prometheus + - command: vendor pull --component ecs-adot-collector + - command: vendor pull --component iam-role deploy: - description: deploys all Grafana data sources into plat accounts + description: deploys all monitoring components steps: - command: workflow deploy/prometheus -s plat-use1-dev -f quickstart/monitor/grafana - command: workflow deploy/prometheus -s plat-use1-staging -f quickstart/monitor/grafana @@ -27,13 +32,14 @@ workflows: - command: workflow deploy/grafana -s core-use1-auto -f quickstart/monitor/grafana deploy/prometheus: - description: deploys all Grafana data sources into a given stack + description: deploys Prometheus and backing services into a given plat stack steps: - command: terraform deploy prometheus - command: terraform deploy eks/prometheus-scraper - command: terraform deploy eks/loki - command: terraform deploy eks/promtail - - command: terraform deploy eks/cluster + - command: terraform deploy ecs-adot-collector + - command: terraform deploy iam-role/grafana-cloudwatch-access deploy/grafana: description: deploys centralized Grafana and all sub components @@ -42,13 +48,22 @@ workflows: - command: terraform deploy grafana/api-key -s core-use1-auto - command: terraform deploy grafana/datasource/plat-dev-prometheus -s core-use1-auto - command: terraform deploy grafana/datasource/plat-dev-loki -s core-use1-auto - - command: terraform deploy grafana/dashboard/plat-dev-prometheus -s core-use1-auto - - command: terraform deploy grafana/dashboard/plat-dev-loki -s core-use1-auto + - command: terraform deploy grafana/datasource/cloudwatch/plat-dev -s core-use1-auto + - command: terraform deploy grafana/datasource/prometheus/plat-dev -s core-use1-auto - command: terraform deploy grafana/datasource/plat-staging-prometheus -s core-use1-auto - command: terraform deploy grafana/datasource/plat-staging-loki -s core-use1-auto - - command: terraform deploy grafana/dashboard/plat-staging-prometheus -s core-use1-auto - - command: terraform deploy grafana/dashboard/plat-staging-loki -s core-use1-auto + - command: terraform deploy grafana/datasource/cloudwatch/plat-staging -s core-use1-auto + - command: terraform deploy grafana/datasource/prometheus/plat-staging -s core-use1-auto - command: terraform deploy grafana/datasource/plat-prod-prometheus -s core-use1-auto - command: terraform deploy grafana/datasource/plat-prod-loki -s core-use1-auto + - command: terraform deploy grafana/datasource/cloudwatch/plat-prod -s core-use1-auto + - command: terraform deploy grafana/datasource/prometheus/plat-prod -s core-use1-auto + - command: terraform deploy grafana/dashboard/plat-dev-prometheus -s core-use1-auto + - command: terraform deploy grafana/dashboard/plat-dev-loki -s core-use1-auto + - command: terraform deploy grafana/dashboard/plat-dev-ecs -s core-use1-auto + - command: terraform deploy grafana/dashboard/plat-staging-prometheus -s core-use1-auto + - command: terraform deploy grafana/dashboard/plat-staging-loki -s core-use1-auto + - command: terraform deploy grafana/dashboard/plat-staging-ecs -s core-use1-auto - command: terraform deploy grafana/dashboard/plat-prod-prometheus -s core-use1-auto - - command: terraform deploy grafana/dashboard/plat-prod-loki -s core-use1-auto \ No newline at end of file + - command: terraform deploy grafana/dashboard/plat-prod-loki -s core-use1-auto + - command: terraform deploy grafana/dashboard/plat-prod-ecs -s core-use1-auto \ No newline at end of file diff --git a/examples/snippets/stacks/workflows/quickstart/network/network.yaml b/examples/snippets/stacks/workflows/quickstart/network/network.yaml index 2c0c078e6..79de6c59a 100644 --- a/examples/snippets/stacks/workflows/quickstart/network/network.yaml +++ b/examples/snippets/stacks/workflows/quickstart/network/network.yaml @@ -90,7 +90,7 @@ workflows: - command: echo 'Creating primary dns zones' type: shell name: primary - - command: terraform deploy dns-primary -s core-gbl-dns + - command: terraform deploy dns-primary -s core-gbl-network - command: terraform deploy dns-primary -s plat-gbl-dev - command: terraform deploy dns-primary -s plat-gbl-staging - command: terraform deploy dns-primary -s plat-gbl-prod @@ -114,7 +114,7 @@ workflows: terraform workspace select $1 > /dev/null terraform output -json zones } - for s in core-gbl-dns plat-gbl-{dev,staging,prod,sandbox} ; do + for s in core-gbl-network plat-gbl-{dev,staging,prod,sandbox} ; do output-dns $s done | jq 'to_entries[] | { (.key) : .value.name_servers }'