Skip to content

Latest commit

 

History

History
137 lines (97 loc) · 5.72 KB

README.md

File metadata and controls

137 lines (97 loc) · 5.72 KB

AWS Landing Zone

Overview

Contains the configuration for the Landing Zone Accelerator on AWS (LZA). It uses the aws-luminarlz-cli to manage and deploy the LZA config.

Directory structure

  • templates contains the liquid templates and other files that are used to generate the LZA config.
  • customizations contains a CDK app used to generate the CloudFormation templates that are defined in the customizations-config.
  • config.ts defines how the templates are generated and all project relevant configurations.
    • cloudTrailLogGroupName defaults to __AUTO__, which resolves the Control Tower CloudTrail log group during deploy.
  • docs contains:

Customizations

Parts of the landing zone are Customizations that are deployed via the LZA.

These are configured in the customizations-config file. LZA supports deploying CloudFormation templates which in this project are generated via the Customizations CDK app.

AWS access

Use the SSO sign-in page to get access to the AWS accounts.

Prerequisites

  • Credentials with administrator privileges for the Management AWS account.
  • Install the node version defined in .node-version.
  • Install dependencies:
npm i

Development

Manual synth of the LZA config

npm run cli -- synth

Validate the LZA config

This allows you to validate the LZA config before deploying it. Underneath it uses the LZA Core CLI.

npm run cli -- lza config validate

Deploy a LZA Customizations stack

This allows you to deploy a LZA Customizations stack manually during development. Underneath it uses the LZA Core CLI.

# synth
npm run cli -- lza customizations-stack synth --stack-name <target-stack-name> --account-id <target-account-id>
# e.g.: npm run cli -- lza customizations-stack synth --stack-name LzaCustomization-AwsAcceleratorPipeline --account-id <<AWS_MANAGEMENT_ACCOUNT_ID>>

# synth & deploy
npm run cli -- lza customizations-stack deploy --stack-name <target-stack-name> --account-id <target-account-id>

Deploy a LZA pipeline stage

This allows you to deploy a specific stage of the LZA pipeline for development or debugging purposes. Underneath it uses the LZA Core CLI.

# synth
npm run cli -- lza stage synth

# synth & deploy
npm run cli -- lza stage deploy # by default the customizations stage is deployed

# to deploy another stage have a look at the help
npm run cli -- lza stage deploy --help

Deploying a new region

If you just add a new region and call npm run cli -- deploy it will fail when trying to upload the CDK assets for the Customizations to the new region. This is because it's expecting the new region already to be bootstrapped which includes the s3 bucket for the CDK assets.

To deploy a new region:

  1. Add the new region to the ENABLED_REGIONS in the config.ts file.
  2. Bootstrap the new region using the LZA:
npm run cli -- lza core bootstrap

Afterward you can commit your changes and trigger a deployment with npm run cli -- deploy.

Deployment

A deployment consists of synthesizing the LZA config and uploading it to S3.

Uploading the LZA config to S3 then triggers the LZA Core pipeline.

If you want to deploy manually from your local machine, you can use the following command:

npm run cli -- deploy

Update the Landing Zone Accelerator version

To update the LZA version, you can follow the LZA update guide or use this CLI as follows:

  1. Check that the locally configured version is in sync with the deployed version:
npm run cli -- lza installer-version check
  1. Update the awsAcceleratorVersion of the config object in the config.ts file with a newer version.
  2. Make sure to check that the personal GitHub access token used by the LZA is still valid. Otherwise, update the Secret in the Secret Manager.
  3. Trigger the version update:
npm run cli -- lza installer-version update
  1. Wait and manually check that both accelerator pipelines succeeded with the new version.