Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: docs #790

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

chore: docs #790

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0e1b4bb
docs
kukushking Feb 11, 2025
6491053
terminology
kukushking Feb 11, 2025
ef29a58
fix link
kukushking Feb 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion docs/source/bootstrapping.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,9 @@ The qualifier post-pends a 6 chars alpha-numeric string to the deployment role a
## IAM Paths Prefixes for Toolchain, Target Roles, and Policies
We have added support for the use of a IAM Paths for the toolchain role, target account deployment role(s), and policie(s). Using IAM Paths you can create groupings and design a logical separation to simplify permissions management. A common example in organizations is using Service Control Policies enforcing logical separation by team e.g. `/legal/` or `/sales/`, or project name.

A `--role-prefix` and `--policy-prefix` can be used if you want to provide IAM Paths to the roles and policies created by `seed-farmer`. IAM Paths must begin and end with a `/`. More information in [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html).
A `--role-prefix` and `--policy-prefix` CLI parameters can be used if you want to provide IAM Paths to the toolchain, target roles, and project policy created by `seed-farmer`. If bootstrapped with prefixes, same prefixes must be provided with `apply` and `destroy` CLI commands so that seedfarmer is able to locate correct toolchain and target deployment roles. IAM Paths must begin and end with a `/`. More information in [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html).

Additionally, seed-farmer creates module deployment roles at `apply`. It is possible to provide prefixes for the module deployment roles using the deployment manifest. See [manifests](manifests.md).

## Prepping the Account / Region
`seedfarmer` leverages the AWS CDKv2. This must be bootstrapped in each account/region combination to be used of each target account.
Expand Down
2 changes: 0 additions & 2 deletions docs/source/manifests.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -548,8 +548,6 @@ There is a level of logic that is followed:
2. if a prefix is defined at the account level --- USE IT... ELSE
4. use default `/` prefix

NOTE: the prefixes provided must match the prefixes provided during bootstrap, unless a custom bootstrap is used.

(archivesecret)=
### Archive Secret

Expand Down
4 changes: 2 additions & 2 deletions seedfarmer/__main__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ def version() -> None:
@click.option(
"--role-prefix",
default=None,
help="""An IAM path prefix to use with the seedfarmer roles.
help="""An IAM path prefix of the seedfarmer toolchain and target roles.
Use only if bootstrapped with this path""",
required=False,
)
Expand Down Expand Up @@ -212,7 +212,7 @@ def apply(
@click.option(
"--role-prefix",
default=None,
help="""An IAM path prefix to use with the seedfarmer roles.
help="""An IAM path prefix of the seedfarmer toolchain and target roles.
Use only if bootstrapped with this path""",
required=False,
)
Expand Down