AWS Account Bootstrap Matrix Generator

Overview

This repository contains a Matrix Generator written in Python that automates the deployment of infrastructure across multiple AWS accounts and environments. The project is designed to scan Terraform configuration files, organized by tenants and environments, and generate a deployment matrix that is used to manage infrastructure at scale. It integrates with GitHub Actions to trigger deployment workflows using YAML pipelines for various environments and accounts.

Key Features

• Tenant-Based Configuration: The project organizes infrastructure configurations by tenants, allowing for isolated and scalable environments for each tenant (e.g., Tenant1/Enclave-A).
• Environment-Specific Deployments: Supports deployments to multiple environments like prod, nonprod, dev, and test.
• Python Matrix Generator: The Python script scans Terraform .tfvars (for this example the accounts.tfvars) files to generate a matrix of jobs for deployments based on tenants and environments.
• GitHub Actions Integration: Provides predefined workflows in YAML that automate the deployment process using the matrix generated by the Python script.
• Terraform Workspace Management: Manages multiple workspaces for different environments and accounts, ensuring isolated state management.

Project Structure

.
├── .github
│   └── workflows
│       ├── actions          # composite actions for terraform
│       │   ├──terraform-init
│       │   └── action.yaml
│       ├── terraform-deploy.yaml          # Pipeline to deploy infrastructure
│       ├── terraform-tenant-bootstrap.yaml # Bootstrap tenant environments
│       └── terraform-tenant-list.yaml      # List tenant environments
├── bootstrap
│   └── matrix-generator.py                # Python script to generate the matrix
├── infrastructure
│   ├── data.tf
│   ├── locals.tf
│   ├── output.tf
│   ├── providers.tf
│   ├── routes.tf
│   ├── s3.tf
│   ├── transit_gateway.tf
│   ├── variables.tf
│   └── vpc.tf
├── platform
│   ├── nonprod
│   └── prod
├── tenants
│   ├── Tenant1
│   │   └── Enclave-A
│   │       ├── nonprod
│   │       └── prod
│   ├── Tenant2
│   └── defaults.tfvars
├── accounts.tfvars                         # Main account settings file
├── SharedServices-Account.tfvars           # Shared services account configuration
└── README.md

How it Works

The matrix-generator.py script scans the directory structure for .tfvars files. Based on the tenant, environment, and workspace information it finds, it creates a matrix that defines the jobs for the deployment. This matrix is then passed into the GitHub Actions workflows.

This project uses Terraform workspaces. The pipelines will create the relevant workspaces and initialize the backend for the different environments.

Input Descriptions

• tenant_name: Specifies the tenant to target for the deployment. If not provided, the script will scan and deploy to all tenants available in the folder structure.

• tenant_environment: Specifies the environment (e.g., prod, nonprod, dev) to target for the deployment. If not provided, it will deploy across all environments for the selected tenant(s).

• config_path: The path to the directory containing the configuration files. This is where the script will look for the necessary Terraform configurations and .tfvars files.

• workspace_name: Specifies a specific Terraform workspace for deployment. If not provided, the script will deploy to all workspaces within the selected tenant and environment.