♻️ Merge DNS into Network account to reduce account footprint (#877)

Author: cloudpossebot

examples/snippets/.claude/skills/developing-components/SKILL.md

@@ -194,7 +194,7 @@ components:
 
 Stack files in `stacks/orgs/acme/` mirror the AWS account structure:
 
-- `orgs/acme/core/` - Core accounts (root, audit, security, identity, network, dns, auto, artifacts)
+- `orgs/acme/core/` - Core accounts (root, audit, security, network, auto, artifacts)
 - `orgs/acme/plat/` - Platform accounts (sandbox, dev, staging, prod)
 
 Within each stage, organized by region:

examples/snippets/.claude/skills/developing-stacks/SKILL.md

@@ -30,8 +30,7 @@ stacks/
 │   │   ├── auto/                     # Automation account
 │   │   ├── artifacts/                # Artifacts account (ECR, S3)
 │   │   ├── audit/                    # Audit/logging account
-│   │   ├── dns/                      # DNS account
-│   │   ├── network/                  # Network account (TGW, VPN)
+│   │   ├── network/                  # Network account (TGW, VPN, DNS)
 │   │   └── security/                 # Security account
 │   └── plat/                         # Platform tenant (workloads)
 │       ├── _defaults.yaml            # Tenant defaults (tenant: plat)

examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml

@@ -33,7 +33,7 @@ permissions:
   id-token: write # This is required for requesting the JWT
   contents: read  # This is required for actions/checkout
 
-jobs: 
+jobs:
   atmos-apply:
     name: ${{ inputs.component }}-${{ inputs.stack }}
 
@@ -52,7 +52,7 @@ jobs:
       - uses: unfor19/install-aws-cli-action@v1
 
       - name: Apply Atmos Component
-        uses: cloudposse/github-action-atmos-terraform-apply@v7
+        uses: cloudposse/github-action-atmos-terraform-apply@v6
         env:
           ATMOS_PROFILE: "github-apply"
         with:

examples/snippets/CLAUDE.md

@@ -1,8 +1,8 @@
 # CLAUDE.md
 
 AWS infrastructure repository using Cloud Posse reference architecture with Atmos and OpenTofu. Manages multiple AWS
-accounts across core (root, audit, security, identity, network, dns, auto, artifacts) and platform (sandbox, dev,
-staging, prod) tenants.
+accounts across core (root, audit, security, network, auto, artifacts) and platform (sandbox, dev, staging, prod)
+tenants.
 
 ## Commands
 

examples/snippets/stacks/workflows/quickstart/foundation/accounts.yaml

@@ -85,7 +85,6 @@ workflows:
       - command: terraform deploy aws-account/core-artifacts -s core-gbl-root
       - command: terraform deploy aws-account/core-audit -s core-gbl-root
       - command: terraform deploy aws-account/core-auto -s core-gbl-root
-      - command: terraform deploy aws-account/core-dns -s core-gbl-root
       - command: terraform deploy aws-account/core-network -s core-gbl-root
       - command: terraform deploy aws-account/core-security -s core-gbl-root
       - command: terraform deploy aws-account/plat-dev -s core-gbl-root
@@ -109,7 +108,6 @@ workflows:
       - command: terraform deploy aws-account-settings -s core-gbl-artifacts
       - command: terraform deploy aws-account-settings -s core-gbl-audit
       - command: terraform deploy aws-account-settings -s core-gbl-auto
-      - command: terraform deploy aws-account-settings -s core-gbl-dns
       - command: terraform deploy aws-account-settings -s core-gbl-network
       - command: terraform deploy aws-account-settings -s core-gbl-root
       - command: terraform deploy aws-account-settings -s core-gbl-security
@@ -125,7 +123,6 @@ workflows:
       - command: terraform deploy aws-budget -s core-gbl-artifacts
       - command: terraform deploy aws-budget -s core-gbl-audit
       - command: terraform deploy aws-budget -s core-gbl-auto
-      - command: terraform deploy aws-budget -s core-gbl-dns
       - command: terraform deploy aws-budget -s core-gbl-network
       - command: terraform deploy aws-budget -s core-gbl-security
       - command: terraform deploy aws-budget -s plat-gbl-dev

examples/snippets/stacks/workflows/quickstart/foundation/identity.yaml

@@ -69,18 +69,18 @@ workflows:
 
   deploy/iam-role:
     description: |
-      Deploy iam-role/terraform and iam-role/planner to all accounts (except root).
+      Deploy iam-role/terraform and iam-role/planner roles.
       These roles are used by GitHub Actions for CI/CD.
     steps:
-      # Core accounts (except root)
+      # Only deploy the planner role in the root account
+      - command: terraform deploy iam-role/planner -s core-gbl-root
+      # Core accounts
       - command: terraform deploy iam-role/terraform -s core-gbl-artifacts
       - command: terraform deploy iam-role/planner -s core-gbl-artifacts
       - command: terraform deploy iam-role/terraform -s core-gbl-audit
       - command: terraform deploy iam-role/planner -s core-gbl-audit
       - command: terraform deploy iam-role/terraform -s core-gbl-auto
       - command: terraform deploy iam-role/planner -s core-gbl-auto
-      - command: terraform deploy iam-role/terraform -s core-gbl-dns
-      - command: terraform deploy iam-role/planner -s core-gbl-dns
       - command: terraform deploy iam-role/terraform -s core-gbl-network
       - command: terraform deploy iam-role/planner -s core-gbl-network
       - command: terraform deploy iam-role/terraform -s core-gbl-security
@@ -105,7 +105,6 @@ workflows:
       - command: terraform deploy github-oidc-provider -s core-gbl-artifacts
       - command: terraform deploy github-oidc-provider -s core-gbl-audit
       - command: terraform deploy github-oidc-provider -s core-gbl-auto
-      - command: terraform deploy github-oidc-provider -s core-gbl-dns
       - command: terraform deploy github-oidc-provider -s core-gbl-network
       - command: terraform deploy github-oidc-provider -s core-gbl-security
       # Platform accounts

examples/snippets/stacks/workflows/quickstart/monitor/datadog.yaml

@@ -71,7 +71,6 @@ workflows:
       - command: terraform deploy datadog-configuration -s core-gbl-artifacts
       - command: terraform deploy datadog-configuration -s core-gbl-audit
       - command: terraform deploy datadog-configuration -s core-gbl-auto
-      - command: terraform deploy datadog-configuration -s core-gbl-dns
       - command: terraform deploy datadog-configuration -s core-gbl-network
       - command: terraform deploy datadog-configuration -s core-gbl-security
       - command: terraform deploy datadog-configuration -s plat-gbl-sandbox
@@ -85,7 +84,6 @@ workflows:
       - command: terraform deploy datadog-integration -s core-gbl-artifacts
       - command: terraform deploy datadog-integration -s core-gbl-audit
       - command: terraform deploy datadog-integration -s core-gbl-auto
-      - command: terraform deploy datadog-integration -s core-gbl-dns
       - command: terraform deploy datadog-integration -s core-gbl-network
       - command: terraform deploy datadog-integration -s core-gbl-security
       - command: terraform deploy datadog-integration -s plat-gbl-sandbox
@@ -99,7 +97,6 @@ workflows:
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-artifacts
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-audit
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-auto
-#      - command: terraform deploy datadog-logs-archive -s core-gbl-dns
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-network
 #      - command: terraform deploy datadog-logs-archive -s core-gbl-security
 #      - command: terraform deploy datadog-logs-archive -s plat-gbl-sandbox
@@ -122,7 +119,6 @@ workflows:
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-artifacts
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-audit
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-auto
-      - command: terraform deploy datadog-lambda-forwarder -s core-use1-dns
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-network
       - command: terraform deploy datadog-lambda-forwarder -s core-use1-security
       - command: terraform deploy datadog-lambda-forwarder -s plat-use1-sandbox

examples/snippets/stacks/workflows/quickstart/monitor/grafana.yaml

@@ -11,29 +11,35 @@ workflows:
     steps:
       - command: vendor pull --component managed-prometheus/workspace
       - command: vendor pull --component managed-grafana/workspace
+      - command: vendor pull --component managed-grafana/api-key
       - command: vendor pull --component managed-grafana/dashboard
-      - command: vendor pull --component managed-grafana/data-source/loki
       - command: vendor pull --component managed-grafana/data-source/managed-prometheus
+      - command: vendor pull --component managed-grafana/data-source/loki
       - command: vendor pull --component eks/prometheus-scraper
       - command: vendor pull --component eks/loki
       - command: vendor pull --component eks/promtail
+      - command: vendor pull --component managed-grafana/data-source/cloudwatch
+      - command: vendor pull --component managed-grafana/data-source/managed-prometheus
+      - command: vendor pull --component ecs-adot-collector
+      - command: vendor pull --component iam-role
 
   deploy:
-    description: deploys all Grafana data sources into plat accounts
+    description: deploys all monitoring components
     steps:
       - command: workflow deploy/prometheus -s plat-use1-dev -f quickstart/monitor/grafana
       - command: workflow deploy/prometheus -s plat-use1-staging -f quickstart/monitor/grafana
       - command: workflow deploy/prometheus -s plat-use1-prod -f quickstart/monitor/grafana
       - command: workflow deploy/grafana -s core-use1-auto -f quickstart/monitor/grafana
 
   deploy/prometheus:
-    description: deploys all Grafana data sources into a given stack
+    description: deploys Prometheus and backing services into a given plat stack
     steps:
       - command: terraform deploy prometheus
       - command: terraform deploy eks/prometheus-scraper
       - command: terraform deploy eks/loki
       - command: terraform deploy eks/promtail
-      - command: terraform deploy eks/cluster
+      - command: terraform deploy ecs-adot-collector
+      - command: terraform deploy iam-role/grafana-cloudwatch-access
 
   deploy/grafana:
     description: deploys centralized Grafana and all sub components
@@ -42,13 +48,22 @@ workflows:
       - command: terraform deploy grafana/api-key -s core-use1-auto
       - command: terraform deploy grafana/datasource/plat-dev-prometheus -s core-use1-auto
       - command: terraform deploy grafana/datasource/plat-dev-loki -s core-use1-auto
-      - command: terraform deploy grafana/dashboard/plat-dev-prometheus -s core-use1-auto
-      - command: terraform deploy grafana/dashboard/plat-dev-loki -s core-use1-auto
+      - command: terraform deploy grafana/datasource/cloudwatch/plat-dev -s core-use1-auto
+      - command: terraform deploy grafana/datasource/prometheus/plat-dev -s core-use1-auto
       - command: terraform deploy grafana/datasource/plat-staging-prometheus -s core-use1-auto
       - command: terraform deploy grafana/datasource/plat-staging-loki -s core-use1-auto
-      - command: terraform deploy grafana/dashboard/plat-staging-prometheus -s core-use1-auto
-      - command: terraform deploy grafana/dashboard/plat-staging-loki -s core-use1-auto
+      - command: terraform deploy grafana/datasource/cloudwatch/plat-staging -s core-use1-auto
+      - command: terraform deploy grafana/datasource/prometheus/plat-staging -s core-use1-auto
       - command: terraform deploy grafana/datasource/plat-prod-prometheus -s core-use1-auto
       - command: terraform deploy grafana/datasource/plat-prod-loki -s core-use1-auto
+      - command: terraform deploy grafana/datasource/cloudwatch/plat-prod -s core-use1-auto
+      - command: terraform deploy grafana/datasource/prometheus/plat-prod -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-dev-prometheus -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-dev-loki -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-dev-ecs -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-staging-prometheus -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-staging-loki -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-staging-ecs -s core-use1-auto
       - command: terraform deploy grafana/dashboard/plat-prod-prometheus -s core-use1-auto
-      - command: terraform deploy grafana/dashboard/plat-prod-loki -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-prod-loki -s core-use1-auto
+      - command: terraform deploy grafana/dashboard/plat-prod-ecs -s core-use1-auto

examples/snippets/stacks/workflows/quickstart/network/network.yaml

@@ -90,7 +90,7 @@ workflows:
       - command: echo 'Creating primary dns zones'
         type: shell
         name: primary
-      - command: terraform deploy dns-primary -s core-gbl-dns
+      - command: terraform deploy dns-primary -s core-gbl-network
       - command: terraform deploy dns-primary -s plat-gbl-dev
       - command: terraform deploy dns-primary -s plat-gbl-staging
       - command: terraform deploy dns-primary -s plat-gbl-prod
@@ -114,7 +114,7 @@ workflows:
             terraform workspace select $1 > /dev/null
             terraform output -json zones
           }
-          for s in core-gbl-dns plat-gbl-{dev,staging,prod,sandbox} ; do
+          for s in core-gbl-network plat-gbl-{dev,staging,prod,sandbox} ; do
             output-dns $s
           done | jq 'to_entries[] | { (.key) : .value.name_servers }'