OpenTUNA pipeline is a DevOps process to deploy OpenTUNA across accounts/regions for multiple stages.
See below deployment workflow grahic,
- Create deployment IAM role that trusted deployment account, run below command against
UAT
andPROD
account
npm run deploy-pipeline-cross-account-setup -- -c trustedAccount=<account id running the pipeline>
- AWS CLI installed
- Create configuration parameters for different stages in SSM parameter store. The stage configuration is a json string, which looks like below,
{
"name": "UAT",
"deployContexts": {
"vpcId": "vpc-id",
"iamCertId": "iam-cert-id",
"domainName": "mydomain.com",
"domainZone": "mydomain.com",
"additionalOptions": ""
},
"assumeRoleContexts": {
"account": "the account id to be deployed",
"roleName": "role name created by cross account step"
}
}
By default the parameter name is /opentuna/pipeline/stage/uat
and /opentuna/pipeline/stage/prod
.
npm run install-deps
npm run deploy-pipeline
There is a CDK output named IAMCertChangedTopicOutput
that is a ARN of SNS topic, the cross accounts can send the notification when the new SSL cert is issued.