Skip to content

SOPs - Standard Operation Procedures

Day0

In order for Constellation to be deployed, the following resources & settings are either not codified or are done outside of Terraform:

  • Constellation AWS Accounts including SSO -> will be done by constellation/aws-management
  • Constellation Roles (Engineering & Admin) -> will be done by constellation/aws-management
  • S3 Bucket for TF state; currently done here -> will move to constellation/aws-management
  • Azure App Registrations (Constellation-ArgoCD & Constellation-Grafana); Secrets in AWS SM -> should be done using the Azure Provider, need an SP with appropriate RBAC
  • AWS Route53 Hosted Zone for {{ env }}.clearroute.io; should be done in here, need appropriate RBAC (IAM)
  • clear-route/constellation-iac GHA IAM role for TF provisioning; currently here -> will be done by constellation/aws-management
  • Constellation Github App created by hand (used by ArgoCD)