Deploy Shared Resources

In this deployment, we will create and ECR (Elastic Container Registry) for the API service where we build and push Docker container images when we commit to git.

The container registry will be common for all envrionments.

note

An active engagement with OPStimus is required to access the GitHub repositories mentioned in this guide.

Initialize a git repository in your organization from https://github.com/opstimus/client-aws-architecture-iac-shared with name iac-shared.

Configure Terraform Backend

In the environment directory.

1. Edit config.s3.tfbackend and s3 bucket name with your shared account id.
2. Edit terraform.tfvars and set the region where you plan to deploy your infrastructure.

Update Resource Definitions

Edit main.tf and update according to the project and service namings.

You can add more container registries by duplicating the resource definition with different project and service names.

account_ids shares the container registry with AWS accounts that can pull the images from. You can find the AWS account ids of project accounts from IAM Identity Center login portal.

Create IAM role for GitHub Workflow to Assume

In the project account.

1. In AWS console, Goto IAM → Roles.
2. Click Create role.
3. Select Web identity and select github Identity Provider in the dropdown.
4. Fill the repository and branch details (never leave them blank) and click Next.
5. Select the required AWS managed permissions that needed for base deployment. Generally they are:
   • AmazonEC2ContainerRegistryFullAccess
6. Click Next and set role name iac-shared
7. Update role ARN in cd.yml.example workflow.

Run Deployment

After ensuring Terraform resource configurations, start the initial deployment by renaming cd.yml.example to cd.yml