Skip to content

Commit 10a67fd

Browse files
♻️ Merge DNS into Network account to reduce account footprint (#877)
2 parents 268865e + 190f31a commit 10a67fd

File tree

9 files changed

+36
-30
lines changed

9 files changed

+36
-30
lines changed

examples/snippets/.claude/skills/developing-components/SKILL.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,7 @@ components:
194194

195195
Stack files in `stacks/orgs/acme/` mirror the AWS account structure:
196196

197-
- `orgs/acme/core/` - Core accounts (root, audit, security, identity, network, dns, auto, artifacts)
197+
- `orgs/acme/core/` - Core accounts (root, audit, security, network, auto, artifacts)
198198
- `orgs/acme/plat/` - Platform accounts (sandbox, dev, staging, prod)
199199

200200
Within each stage, organized by region:

examples/snippets/.claude/skills/developing-stacks/SKILL.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,7 @@ stacks/
3030
│ │ ├── auto/ # Automation account
3131
│ │ ├── artifacts/ # Artifacts account (ECR, S3)
3232
│ │ ├── audit/ # Audit/logging account
33-
│ │ ├── dns/ # DNS account
34-
│ │ ├── network/ # Network account (TGW, VPN)
33+
│ │ ├── network/ # Network account (TGW, VPN, DNS)
3534
│ │ └── security/ # Security account
3635
│ └── plat/ # Platform tenant (workloads)
3736
│ ├── _defaults.yaml # Tenant defaults (tenant: plat)

examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ permissions:
3333
id-token: write # This is required for requesting the JWT
3434
contents: read # This is required for actions/checkout
3535

36-
jobs:
36+
jobs:
3737
atmos-apply:
3838
name: ${{ inputs.component }}-${{ inputs.stack }}
3939

@@ -52,7 +52,7 @@ jobs:
5252
- uses: unfor19/install-aws-cli-action@v1
5353

5454
- name: Apply Atmos Component
55-
uses: cloudposse/github-action-atmos-terraform-apply@v7
55+
uses: cloudposse/github-action-atmos-terraform-apply@v6
5656
env:
5757
ATMOS_PROFILE: "github-apply"
5858
with:

examples/snippets/CLAUDE.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
# CLAUDE.md
22

33
AWS infrastructure repository using Cloud Posse reference architecture with Atmos and OpenTofu. Manages multiple AWS
4-
accounts across core (root, audit, security, identity, network, dns, auto, artifacts) and platform (sandbox, dev,
5-
staging, prod) tenants.
4+
accounts across core (root, audit, security, network, auto, artifacts) and platform (sandbox, dev, staging, prod)
5+
tenants.
66

77
## Commands
88

examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,6 @@ workflows:
8585
- command: terraform deploy aws-account/core-artifacts -s core-gbl-root
8686
- command: terraform deploy aws-account/core-audit -s core-gbl-root
8787
- command: terraform deploy aws-account/core-auto -s core-gbl-root
88-
- command: terraform deploy aws-account/core-dns -s core-gbl-root
8988
- command: terraform deploy aws-account/core-network -s core-gbl-root
9089
- command: terraform deploy aws-account/core-security -s core-gbl-root
9190
- command: terraform deploy aws-account/plat-dev -s core-gbl-root
@@ -109,7 +108,6 @@ workflows:
109108
- command: terraform deploy aws-account-settings -s core-gbl-artifacts
110109
- command: terraform deploy aws-account-settings -s core-gbl-audit
111110
- command: terraform deploy aws-account-settings -s core-gbl-auto
112-
- command: terraform deploy aws-account-settings -s core-gbl-dns
113111
- command: terraform deploy aws-account-settings -s core-gbl-network
114112
- command: terraform deploy aws-account-settings -s core-gbl-root
115113
- command: terraform deploy aws-account-settings -s core-gbl-security
@@ -125,7 +123,6 @@ workflows:
125123
- command: terraform deploy aws-budget -s core-gbl-artifacts
126124
- command: terraform deploy aws-budget -s core-gbl-audit
127125
- command: terraform deploy aws-budget -s core-gbl-auto
128-
- command: terraform deploy aws-budget -s core-gbl-dns
129126
- command: terraform deploy aws-budget -s core-gbl-network
130127
- command: terraform deploy aws-budget -s core-gbl-security
131128
- command: terraform deploy aws-budget -s plat-gbl-dev

examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -69,18 +69,18 @@ workflows:
6969

7070
deploy/iam-role:
7171
description: |
72-
Deploy iam-role/terraform and iam-role/planner to all accounts (except root).
72+
Deploy iam-role/terraform and iam-role/planner roles.
7373
These roles are used by GitHub Actions for CI/CD.
7474
steps:
75-
# Core accounts (except root)
75+
# Only deploy the planner role in the root account
76+
- command: terraform deploy iam-role/planner -s core-gbl-root
77+
# Core accounts
7678
- command: terraform deploy iam-role/terraform -s core-gbl-artifacts
7779
- command: terraform deploy iam-role/planner -s core-gbl-artifacts
7880
- command: terraform deploy iam-role/terraform -s core-gbl-audit
7981
- command: terraform deploy iam-role/planner -s core-gbl-audit
8082
- command: terraform deploy iam-role/terraform -s core-gbl-auto
8183
- command: terraform deploy iam-role/planner -s core-gbl-auto
82-
- command: terraform deploy iam-role/terraform -s core-gbl-dns
83-
- command: terraform deploy iam-role/planner -s core-gbl-dns
8484
- command: terraform deploy iam-role/terraform -s core-gbl-network
8585
- command: terraform deploy iam-role/planner -s core-gbl-network
8686
- command: terraform deploy iam-role/terraform -s core-gbl-security
@@ -105,7 +105,6 @@ workflows:
105105
- command: terraform deploy github-oidc-provider -s core-gbl-artifacts
106106
- command: terraform deploy github-oidc-provider -s core-gbl-audit
107107
- command: terraform deploy github-oidc-provider -s core-gbl-auto
108-
- command: terraform deploy github-oidc-provider -s core-gbl-dns
109108
- command: terraform deploy github-oidc-provider -s core-gbl-network
110109
- command: terraform deploy github-oidc-provider -s core-gbl-security
111110
# Platform accounts

examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,6 @@ workflows:
7171
- command: terraform deploy datadog-configuration -s core-gbl-artifacts
7272
- command: terraform deploy datadog-configuration -s core-gbl-audit
7373
- command: terraform deploy datadog-configuration -s core-gbl-auto
74-
- command: terraform deploy datadog-configuration -s core-gbl-dns
7574
- command: terraform deploy datadog-configuration -s core-gbl-network
7675
- command: terraform deploy datadog-configuration -s core-gbl-security
7776
- command: terraform deploy datadog-configuration -s plat-gbl-sandbox
@@ -85,7 +84,6 @@ workflows:
8584
- command: terraform deploy datadog-integration -s core-gbl-artifacts
8685
- command: terraform deploy datadog-integration -s core-gbl-audit
8786
- command: terraform deploy datadog-integration -s core-gbl-auto
88-
- command: terraform deploy datadog-integration -s core-gbl-dns
8987
- command: terraform deploy datadog-integration -s core-gbl-network
9088
- command: terraform deploy datadog-integration -s core-gbl-security
9189
- command: terraform deploy datadog-integration -s plat-gbl-sandbox
@@ -99,7 +97,6 @@ workflows:
9997
# - command: terraform deploy datadog-logs-archive -s core-gbl-artifacts
10098
# - command: terraform deploy datadog-logs-archive -s core-gbl-audit
10199
# - command: terraform deploy datadog-logs-archive -s core-gbl-auto
102-
# - command: terraform deploy datadog-logs-archive -s core-gbl-dns
103100
# - command: terraform deploy datadog-logs-archive -s core-gbl-network
104101
# - command: terraform deploy datadog-logs-archive -s core-gbl-security
105102
# - command: terraform deploy datadog-logs-archive -s plat-gbl-sandbox
@@ -122,7 +119,6 @@ workflows:
122119
- command: terraform deploy datadog-lambda-forwarder -s core-use1-artifacts
123120
- command: terraform deploy datadog-lambda-forwarder -s core-use1-audit
124121
- command: terraform deploy datadog-lambda-forwarder -s core-use1-auto
125-
- command: terraform deploy datadog-lambda-forwarder -s core-use1-dns
126122
- command: terraform deploy datadog-lambda-forwarder -s core-use1-network
127123
- command: terraform deploy datadog-lambda-forwarder -s core-use1-security
128124
- command: terraform deploy datadog-lambda-forwarder -s plat-use1-sandbox

examples/snippets/stacks/workflows/quickstart/monitor/grafana.yaml

Lines changed: 24 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -11,29 +11,35 @@ workflows:
1111
steps:
1212
- command: vendor pull --component managed-prometheus/workspace
1313
- command: vendor pull --component managed-grafana/workspace
14+
- command: vendor pull --component managed-grafana/api-key
1415
- command: vendor pull --component managed-grafana/dashboard
15-
- command: vendor pull --component managed-grafana/data-source/loki
1616
- command: vendor pull --component managed-grafana/data-source/managed-prometheus
17+
- command: vendor pull --component managed-grafana/data-source/loki
1718
- command: vendor pull --component eks/prometheus-scraper
1819
- command: vendor pull --component eks/loki
1920
- command: vendor pull --component eks/promtail
21+
- command: vendor pull --component managed-grafana/data-source/cloudwatch
22+
- command: vendor pull --component managed-grafana/data-source/managed-prometheus
23+
- command: vendor pull --component ecs-adot-collector
24+
- command: vendor pull --component iam-role
2025

2126
deploy:
22-
description: deploys all Grafana data sources into plat accounts
27+
description: deploys all monitoring components
2328
steps:
2429
- command: workflow deploy/prometheus -s plat-use1-dev -f quickstart/monitor/grafana
2530
- command: workflow deploy/prometheus -s plat-use1-staging -f quickstart/monitor/grafana
2631
- command: workflow deploy/prometheus -s plat-use1-prod -f quickstart/monitor/grafana
2732
- command: workflow deploy/grafana -s core-use1-auto -f quickstart/monitor/grafana
2833

2934
deploy/prometheus:
30-
description: deploys all Grafana data sources into a given stack
35+
description: deploys Prometheus and backing services into a given plat stack
3136
steps:
3237
- command: terraform deploy prometheus
3338
- command: terraform deploy eks/prometheus-scraper
3439
- command: terraform deploy eks/loki
3540
- command: terraform deploy eks/promtail
36-
- command: terraform deploy eks/cluster
41+
- command: terraform deploy ecs-adot-collector
42+
- command: terraform deploy iam-role/grafana-cloudwatch-access
3743

3844
deploy/grafana:
3945
description: deploys centralized Grafana and all sub components
@@ -42,13 +48,22 @@ workflows:
4248
- command: terraform deploy grafana/api-key -s core-use1-auto
4349
- command: terraform deploy grafana/datasource/plat-dev-prometheus -s core-use1-auto
4450
- command: terraform deploy grafana/datasource/plat-dev-loki -s core-use1-auto
45-
- command: terraform deploy grafana/dashboard/plat-dev-prometheus -s core-use1-auto
46-
- command: terraform deploy grafana/dashboard/plat-dev-loki -s core-use1-auto
51+
- command: terraform deploy grafana/datasource/cloudwatch/plat-dev -s core-use1-auto
52+
- command: terraform deploy grafana/datasource/prometheus/plat-dev -s core-use1-auto
4753
- command: terraform deploy grafana/datasource/plat-staging-prometheus -s core-use1-auto
4854
- command: terraform deploy grafana/datasource/plat-staging-loki -s core-use1-auto
49-
- command: terraform deploy grafana/dashboard/plat-staging-prometheus -s core-use1-auto
50-
- command: terraform deploy grafana/dashboard/plat-staging-loki -s core-use1-auto
55+
- command: terraform deploy grafana/datasource/cloudwatch/plat-staging -s core-use1-auto
56+
- command: terraform deploy grafana/datasource/prometheus/plat-staging -s core-use1-auto
5157
- command: terraform deploy grafana/datasource/plat-prod-prometheus -s core-use1-auto
5258
- command: terraform deploy grafana/datasource/plat-prod-loki -s core-use1-auto
59+
- command: terraform deploy grafana/datasource/cloudwatch/plat-prod -s core-use1-auto
60+
- command: terraform deploy grafana/datasource/prometheus/plat-prod -s core-use1-auto
61+
- command: terraform deploy grafana/dashboard/plat-dev-prometheus -s core-use1-auto
62+
- command: terraform deploy grafana/dashboard/plat-dev-loki -s core-use1-auto
63+
- command: terraform deploy grafana/dashboard/plat-dev-ecs -s core-use1-auto
64+
- command: terraform deploy grafana/dashboard/plat-staging-prometheus -s core-use1-auto
65+
- command: terraform deploy grafana/dashboard/plat-staging-loki -s core-use1-auto
66+
- command: terraform deploy grafana/dashboard/plat-staging-ecs -s core-use1-auto
5367
- command: terraform deploy grafana/dashboard/plat-prod-prometheus -s core-use1-auto
54-
- command: terraform deploy grafana/dashboard/plat-prod-loki -s core-use1-auto
68+
- command: terraform deploy grafana/dashboard/plat-prod-loki -s core-use1-auto
69+
- command: terraform deploy grafana/dashboard/plat-prod-ecs -s core-use1-auto

examples/snippets/stacks/workflows/quickstart/network/network.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ workflows:
9090
- command: echo 'Creating primary dns zones'
9191
type: shell
9292
name: primary
93-
- command: terraform deploy dns-primary -s core-gbl-dns
93+
- command: terraform deploy dns-primary -s core-gbl-network
9494
- command: terraform deploy dns-primary -s plat-gbl-dev
9595
- command: terraform deploy dns-primary -s plat-gbl-staging
9696
- command: terraform deploy dns-primary -s plat-gbl-prod
@@ -114,7 +114,7 @@ workflows:
114114
terraform workspace select $1 > /dev/null
115115
terraform output -json zones
116116
}
117-
for s in core-gbl-dns plat-gbl-{dev,staging,prod,sandbox} ; do
117+
for s in core-gbl-network plat-gbl-{dev,staging,prod,sandbox} ; do
118118
output-dns $s
119119
done | jq 'to_entries[] | { (.key) : .value.name_servers }'
120120

0 commit comments

Comments
 (0)