Here's a diagram that shows an overview of what the Reference Architecture looks like:
Note that the Reference Architecture is highly customizable, so what's deployed may be a bit different than what's
in the diagram. Here is an overview of what's actually deployed:
All of Acme Multi Account's infrastructure is managed as code, primarily using Terraform.
That is, instead of clicking around a web UI or SSHing to a server and manually executing commands, the idea behind
infrastructure as code (IAC) is that you write code to define your infrastructure and you let an automated tool (e.g.,
Terraform) apply the code changes to your infrastructure. This has a number of benefits:
You can automate your entire provisioning and deployment process, which makes it much faster and more reliable than
any manual process.
You can represent the state of your infrastructure in source files that anyone can read rather than a sysadmin's head.
You can store those source files in version control, which means the entire history of your infrastructure is
captured in the commit log, which you can use to debug problems, and if necessary, roll back to older versions.
You can validate each infrastructure change through code reviews and automated tests.
You can package your infrastructure as reusable, documented, battle-tested modules that make it easier to scale and
evolve your infrastructure. In fact, much of the infrastructure code in this architecture is powered by modules
created by Gruntwork, which are called Infrastructure
Packages.
Your infrastructure is deployed across multiple AWS accounts. For example, the staging environment is in one account,
the production environment in another account, the DevOps tooling in yet another account, and so on. This gives you
better isolation between environments so that if you break something in one environment (e.g., staging)—or worse yet, a
hacker breaks into that environment—it should have no effect on your other environments (e.g., prod). It also gives you
better control over what resources each employee can access.
Check out Accounts and Auth for more info on the AWS accounts that have been set up and how
to authenticate to and switch between them.
VPCs and subnets
Each environment lives in a separate Virtual Private Cloud (VPC), which is a logically
isolated section within an AWS account. Each VPC defines a virtual network, with its own IP address space and rules for
what can go in and out of that network. The IP addresses within each VPC are further divided into multiple
subnets, where each subnet controls the
routing for its IP address.
Public subnets are directly accessible from the public Internet.
Private subnets are only accessible from within the VPC.
Just about everything in this infrastructure is deployed in private subnets to reduce the surface area to attackers.
The only exceptions are load balancers and the OpenVPN server,
both of which are described below.
Each VPC is also configured with VPC flow logs, which
can be useful for monitoring and auditing network traffic across the VPC. Each VPC publishes its flow logs to CloudWatch
Logs, under the log group VPC_NAME-vpc-flow-logs, where the VPC_NAME is an input variable to the vpc-mgmt and
vpc-app modules.
Traffic from the public Internet (e.g., requests from your users) initially goes to a public load balancer, which
proxies the traffic to your apps. This allows you to run multiple copies of your application for scalability and high
availability. The load balancers being used are:
Application Load Balancer (ALB): The ALB is a
load balancer managed by AWS that is designed for routing HTTP and HTTPS traffic. The advantage of using a managed
service is that AWS takes care of fault tolerance, security, and scaling the load balancer for you automatically.
Note that in EKS, ALBs are managed by Kubernetes using Ingress resources. Check out the eks-alb-ingress-controller
documentation for
more information on how this works.
We also deploy an internal load balancer in the private subnets. This load balancer is not accessible to the public.
Instead, it's used as a simple way to do service discovery: every backend service registers with the load balancer at a
particular path, and all services know to send requests to this load balancer to talk to other services.
Docker clusters
Your application code is packaged into Docker containers and deployed across an Amazon
Elactic Container Service for Kubernetes Cluster (EKS)
The advantage of Docker is that it allows you to package
your code so that it runs exactly the same way in all environments (dev, stage, prod). The advantage of a Docker
Cluster is that it makes it easy to deploy your Docker containers across a cluster of servers, making efficient use of
wherever resources are available. Moreover, EKS can automatically scale your app up and down in response to load and
redeploy containers that crashed.
Kafka: A Kafka cluster is deployed using package-kafka.
Lambda
We have deployed several example Lambda functions to show how you can build
serverless applications. Check out the package-lambda
docs for background info.
OpenVPN server
To reduce your surface area to attackers, just about all of the resources in this infrastructure run in private subnets,
which are not accessible from the public Internet at all. To allow Acme Multi Account's employees to access these
private resources, we expose a single server publicly: an OpenVPN server. Once you connect to
the server using a VPN client, you are "in the network", and will be able to access the private resources (e.g., you
will be able to SSH to your EC2 Instances).
We have set up Jenkins as a Continuous Integration (CI) server. After every commit, a Jenkins
job runs your build, tests, packaging, and automated deployment steps.
We are using Amazon Route 53 to configure DNS entries for all your services. We
have configured SSL/TLS certificates for your domain names using Amazon's Certificate Manager
(ACM), which issues certificates that are free and renew automatically.
All static content (e.g., images, CSS, JS) is stored in Amazon S3 and served via the
CloudFront CDN. This allows you to offload all the work of serving static content
from your app server and reduces latency for your users.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".gitignore","path":".gitignore","sha":"1c27fc6013cba46cd301a7c8bf951694670153a3"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"00570abefb91e715366015f8b5acf32631336d52"},{"name":"README.md","path":"README.md","sha":"45d75f99aefaa9a2d008b223da04bc26453ef651"},{"name":"_docs","children":[{"name":"01-architecture-overview.md","path":"_docs/01-architecture-overview.md","sha":"115a05d08f3a431a19e5aa2596c079619ae66dab","toggled":true},{"name":"02-whats-deployed.md","path":"_docs/02-whats-deployed.md","sha":"9dc8a401caf24896ce00a8087bfe32c7af99d2d2"},{"name":"03-security-compliance-compatibility.md","path":"_docs/03-security-compliance-compatibility.md","sha":"9342617f42adb28e440cc2161f3fee56205c150e"},{"name":"04-how-code-is-organized.md","path":"_docs/04-how-code-is-organized.md","sha":"3b340de506525633e1f7333a1e9ac9a5565a88e3"},{"name":"05-dev-environment.md","path":"_docs/05-dev-environment.md","sha":"c8b494aed802b623f7891047b6cba633d8ab5fa7"},{"name":"06-ci-cd.md","path":"_docs/06-ci-cd.md","sha":"b6c2a7d7cde7471fb08bff5dcf68c40156db68d5"},{"name":"07-monitoring-alerting-logging.md","path":"_docs/07-monitoring-alerting-logging.md","sha":"619c810c6e60418b3a46fa3d903bc76dc6d48e41"},{"name":"08-ssh-vpn.md","path":"_docs/08-ssh-vpn.md","sha":"9fe83afbd3d6116a4f3faff8923a81cd37ff91c7"},{"name":"09-accounts-and-auth.md","path":"_docs/09-accounts-and-auth.md","sha":"6b0472241644ffc79556e60d582ff1edb80f0554"},{"name":"10-gruntwork-tools.md","path":"_docs/10-gruntwork-tools.md","sha":"0ef0415847d1202ef8843dada867d018d653de6e"},{"name":"11-deploying-a-docker-service.md","path":"_docs/11-deploying-a-docker-service.md","sha":"c735be4ee94e76cc55b48a21039dfec44e6a5d51"},{"name":"12-migration.md","path":"_docs/12-migration.md","sha":"464cadf6e05d5ffd44e569c0d866b5c2cf5f42e9"},{"name":"13-deploying-the-reference-architecture-from-scratch.md","path":"_docs/13-deploying-the-reference-architecture-from-scratch.md","sha":"2176ccd41cf80dd7409e7f0df0ba13146f0b0378"},{"name":"14-undeploying-the-reference-architecture.md","path":"_docs/14-undeploying-the-reference-architecture.md","sha":"c6dcaae7266ead56d539b1816a5cfe2988412fe1"},{"name":"15-adding-new-environments-regions-and-accounts.md","path":"_docs/15-adding-new-environments-regions-and-accounts.md","sha":"c01188a1539e93ed2773a1b799b3b0f8e7b2045e"},{"name":"README.md","path":"_docs/README.md","sha":"ddb9fe83eb2fcad91e82771ad276dd0bdba40cb2"},{"name":"_images","children":[{"name":"cw-logs-1.png","path":"_docs/_images/cw-logs-1.png","sha":"84c86f014751844fbd777b5139ed61f749b5ed32"},{"name":"cw-logs-2.png","path":"_docs/_images/cw-logs-2.png","sha":"9a0a80b20490fdc1b9014040cc0bbc87c9cf6f68"},{"name":"cw-logs-3.png","path":"_docs/_images/cw-logs-3.png","sha":"bda49dc4e947658e0ceb9ba592b4e314d9db61e9"},{"name":"cw-logs-4.png","path":"_docs/_images/cw-logs-4.png","sha":"54bcc44c4b0701620b7f20c4e6fc0a9fd8f38049"},{"name":"ecs-console-1.png","path":"_docs/_images/ecs-console-1.png","sha":"afe452278d5f107e6ec225a235c587de7cb53510"},{"name":"ecs-console-2.png","path":"_docs/_images/ecs-console-2.png","sha":"40609b98015d781b9e1de801c131fadc323337ae"},{"name":"ecs-console-3.png","path":"_docs/_images/ecs-console-3.png","sha":"87ad40d291b7e9e6f6caa0389b846392bdb93ee0"},{"name":"ref-arch-full.png","path":"_docs/_images/ref-arch-full.png","sha":"8c17eef52be06757553a1f3ee4e387e6dc820016"},{"name":"ref-arch-icon.png","path":"_docs/_images/ref-arch-icon.png","sha":"05876962e6877df911674237ca1b793d9f4f04b3"},{"name":"terraform-code-provenance.png","path":"_docs/_images/terraform-code-provenance.png","sha":"e2a9d6bfbd8b963b057d4341dd0ec93e3823d834"}]}],"toggled":true},{"name":"dev","children":[{"name":"_global","children":[{"name":"README.md","path":"dev/_global/README.md","sha":"d1b8a96c00211751f079fa13cac1b3417d29bf09"},{"name":"cloudtrail","children":[{"name":"README.md","path":"dev/_global/cloudtrail/README.md","sha":"e6781286118d8ac86fe60cda1057595644d851da"},{"name":"terragrunt.hcl","path":"dev/_global/cloudtrail/terragrunt.hcl","sha":"fb19b4438de2ba919d17f3e4a6ccb3c9f2517f26"}]},{"name":"iam-cross-account","children":[{"name":"README.md","path":"dev/_global/iam-cross-account/README.md","sha":"d33fb4cd9ef7b20250205797177184bf1828f966"},{"name":"terragrunt.hcl","path":"dev/_global/iam-cross-account/terragrunt.hcl","sha":"ef9dd9c28172500be3ffd79646dff2e0c4981f70"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"dev/_global/iam-user-password-policy/README.md","sha":"b47d1c6602f3f4ea02fabd247f12c9ee3520be56"},{"name":"terragrunt.hcl","path":"dev/_global/iam-user-password-policy/terragrunt.hcl","sha":"47b669ba52099812a6d52ed4fcdad48c5e32e91e"}]},{"name":"region.yaml","path":"dev/_global/region.yaml","sha":"18b7823ed017b97431d58da7bcb9a4e31299272a"},{"name":"route53-public","children":[{"name":"README.md","path":"dev/_global/route53-public/README.md","sha":"03c91d97d2da5dea0f5dfa34a3004cc54118e60c"},{"name":"terragrunt.hcl","path":"dev/_global/route53-public/terragrunt.hcl","sha":"68ed9958a62546160f9007660857c5baa95ce12b"}]}]},{"name":"empty.yaml","path":"dev/empty.yaml","sha":"5aa66daa40faeaef37eccb7b4b0fcc792233cd7b"},{"name":"terragrunt.hcl","path":"dev/terragrunt.hcl","sha":"35ddfe3ed25d8ce7f35d20f1ea7a59dd1ccf4450"},{"name":"us-east-1","children":[{"name":"_global","children":[{"name":"README.md","path":"dev/us-east-1/_global/README.md","sha":"37b828b038945a50e2e571ef1e755c4f9170e7cf"},{"name":"kms-master-key","children":[{"name":"README.md","path":"dev/us-east-1/_global/kms-master-key/README.md","sha":"d348d763df093b315e6a8810250a01d8a5301051"},{"name":"terragrunt.hcl","path":"dev/us-east-1/_global/kms-master-key/terragrunt.hcl","sha":"d5c556e7eb743da62e0191243a2d4ee9ec2cf828"}]},{"name":"sns-topics","children":[{"name":"README.md","path":"dev/us-east-1/_global/sns-topics/README.md","sha":"ae3e2f9522b38fa85eff3c962e4c3d40c6724e17"},{"name":"terragrunt.hcl","path":"dev/us-east-1/_global/sns-topics/terragrunt.hcl","sha":"225cf4b3fe49af57c85a1e25b7942c72cf9e6853"}]}]},{"name":"dev","children":[{"name":"README.md","path":"dev/us-east-1/dev/README.md","sha":"30eef7620895f3ad23174f5f2c8772ab7f8880a8"},{"name":"cloudwatch-dashboard","children":[{"name":"README.md","path":"dev/us-east-1/dev/cloudwatch-dashboard/README.md","sha":"aa1cfea49f1679e79991f9cf80c12a5b41943a1d"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/cloudwatch-dashboard/terragrunt.hcl","sha":"f3533abbe42145ab1b29f235701892621c9d63d3"}]},{"name":"data-stores","children":[{"name":"elk-single-cluster","children":[{"name":"README.md","path":"dev/us-east-1/dev/data-stores/elk-single-cluster/README.md","sha":"9a1cb70a6f6b1b3ac81b2c7c5b17d902328db1e0"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/data-stores/elk-single-cluster/terragrunt.hcl","sha":"97fc6b6c810137e559da50b3684a5f6383c77c72"}]},{"name":"kafka","children":[{"name":"README.md","path":"dev/us-east-1/dev/data-stores/kafka/README.md","sha":"8bfe6579bd97e0148c3baa24e1215abce8cf312b"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/data-stores/kafka/terragrunt.hcl","sha":"1c40ceaf50ae178033dda665553598a3f7548cd1"}]},{"name":"mysql","children":[{"name":"README.md","path":"dev/us-east-1/dev/data-stores/mysql/README.md","sha":"df149a836e3a0f3e082cb98f3679e48e0cf6fe4b"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/data-stores/mysql/terragrunt.hcl","sha":"40313bc9ada285fe59d77067728f6cf208b04668"}]},{"name":"redis","children":[{"name":"README.md","path":"dev/us-east-1/dev/data-stores/redis/README.md","sha":"a305dff8ab1fd409e94cb7b9bf8d3a78ef84c689"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/data-stores/redis/terragrunt.hcl","sha":"bfa22ef95f443e06ccf0624c414d6f9f6bde5b88"}]},{"name":"zookeeper","children":[{"name":"README.md","path":"dev/us-east-1/dev/data-stores/zookeeper/README.md","sha":"451ce7cb440aa724bf4dc8a35726e2bda7e071a2"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/data-stores/zookeeper/terragrunt.hcl","sha":"76af3451b7a52fd7d59cd8744ff3836da3c1826d"}]}]},{"name":"env.yaml","path":"dev/us-east-1/dev/env.yaml","sha":"c38dd83256fc4206be3afc24972cd7f3b6712b19"},{"name":"lambda","children":[{"name":"long-running-scheduled","children":[{"name":"README.md","path":"dev/us-east-1/dev/lambda/long-running-scheduled/README.md","sha":"af7b8b9950d620577e1db104d0140a478e5f46fd"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/lambda/long-running-scheduled/terragrunt.hcl","sha":"72518b7089bd107c05c281372f3cccd6d7a6a628"}]},{"name":"s3-image-processing","children":[{"name":"README.md","path":"dev/us-east-1/dev/lambda/s3-image-processing/README.md","sha":"236ef4197db71e6e121e3ca7182e556fa9ecaa60"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/lambda/s3-image-processing/terragrunt.hcl","sha":"9be5024cab87f495dd8ac275b9807d086b971da5"}]}]},{"name":"networking","children":[{"name":"alb-internal","children":[{"name":"README.md","path":"dev/us-east-1/dev/networking/alb-internal/README.md","sha":"62a1d20d3b1b638b435dc3f72b900dad211d7e50"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/networking/alb-internal/terragrunt.hcl","sha":"3226f2f8cc966d88abe6ffe7b1d912735a638b80"}]},{"name":"alb-public","children":[{"name":"README.md","path":"dev/us-east-1/dev/networking/alb-public/README.md","sha":"62a1d20d3b1b638b435dc3f72b900dad211d7e50"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/networking/alb-public/terragrunt.hcl","sha":"039a02514db5e62d5ec21d3131579c821dcb6283"}]},{"name":"route53-private","children":[{"name":"README.md","path":"dev/us-east-1/dev/networking/route53-private/README.md","sha":"2f6db22493297bf5ae1c98149b9a7c9c896c3c7f"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/networking/route53-private/terragrunt.hcl","sha":"f7e7c4b437c11b0340c682314deb9b08aca3a854"}]}]},{"name":"services","children":[{"name":"ecs-cluster","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/ecs-cluster/README.md","sha":"408361ee7f158cd1ff3d61aface9d1d1e38de478"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/ecs-cluster/terragrunt.hcl","sha":"64c60f67c5ce0a965a2e636015dcb9ff4e22344a"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/eks-cluster/README.md","sha":"74ede9bb3693e3e380ee157dc3fb806f7d0d3371"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/eks-cluster/terragrunt.hcl","sha":"791a66ce8376fbec9a019d0cab0ac0ead3aac1ac"}]},{"name":"eks-core-services","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/eks-core-services/README.md","sha":"b7fae44415a060b53046b876f0740cc35d6c8301"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/eks-core-services/terragrunt.hcl","sha":"b9a002b3992e384e57015587693b3e7fe8eddc48"}]},{"name":"k8s-applications-namespace","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/k8s-applications-namespace/README.md","sha":"7cd7fd44a26d97c8be91434fb23c1a8cf5564f61"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/k8s-applications-namespace/terragrunt.hcl","sha":"dd0fbec59f588fe88fc6c7f59382c0ab6d20ff9c"}]},{"name":"k8s-sample-app-backend-multi-account-acme","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/k8s-sample-app-backend-multi-account-acme/README.md","sha":"be9775b3967cebddddd703b156bb11a43ed60504"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/k8s-sample-app-backend-multi-account-acme/terragrunt.hcl","sha":"953bef0317447c080e801343e586b0d1b3cbfbfa"}]},{"name":"k8s-sample-app-frontend-multi-account-acme","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/k8s-sample-app-frontend-multi-account-acme/README.md","sha":"ab557b031a3224f14132dc6c49301a8b4462d96f"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/k8s-sample-app-frontend-multi-account-acme/terragrunt.hcl","sha":"40060b5d96f21608eb30d259cef65289f6169a6f"}]},{"name":"sample-app-backend-multi-account-acme-asg","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/sample-app-backend-multi-account-acme-asg/README.md","sha":"685cf659d427612df857de9d87b412194c4cab6b"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/sample-app-backend-multi-account-acme-asg/terragrunt.hcl","sha":"cf84fcfa70c6d966803b70e29f549f3bd057f206"}]},{"name":"sample-app-backend-multi-account-acme","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/sample-app-backend-multi-account-acme/README.md","sha":"dff94c5b1e4eb6f3d5f4692b8c6631def939d5b0"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/sample-app-backend-multi-account-acme/terragrunt.hcl","sha":"c88b0d61edddbf9337c414cfae2d970735be2b6f"}]},{"name":"sample-app-beanstalk","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/sample-app-beanstalk/README.md","sha":"690d80935b99167035ee0222aa6ab67d6ab6ca92"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/sample-app-beanstalk/terragrunt.hcl","sha":"77ac87dca4c64fbf5108231a6faf807fca3d1fee"}]},{"name":"sample-app-frontend-multi-account-acme-asg","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/sample-app-frontend-multi-account-acme-asg/README.md","sha":"f79d423702bf789228ed180ac6364329cfbc15d2"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/sample-app-frontend-multi-account-acme-asg/terragrunt.hcl","sha":"17d10295d106fbde6b0de3bf6c5d3badc97c0ecd"}]},{"name":"sample-app-frontend-multi-account-acme","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/sample-app-frontend-multi-account-acme/README.md","sha":"a646dd069176d91bdd8bb6d330e6e66c61a7b5e8"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/sample-app-frontend-multi-account-acme/terragrunt.hcl","sha":"c423cc7a2fe3630db7c75a72ef212ba186ab3739"}]},{"name":"static-website","children":[{"name":"README.md","path":"dev/us-east-1/dev/services/static-website/README.md","sha":"bd02d2c0be6895e1154a84f183684889e0c9549a"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/services/static-website/terragrunt.hcl","sha":"3329db273624fe437ef031ee4e42583aa13c2312"}]}]},{"name":"vpc","children":[{"name":"README.md","path":"dev/us-east-1/dev/vpc/README.md","sha":"280e9664161d12f19141baa007a5c7d3d6e4f4a8"},{"name":"terragrunt.hcl","path":"dev/us-east-1/dev/vpc/terragrunt.hcl","sha":"aea95690d1f2f5d37e6781f718f4b132c7f509b1"}]}]},{"name":"mgmt","children":[{"name":"README.md","path":"dev/us-east-1/mgmt/README.md","sha":"8a131a11632b97fec18a5e344d5c721fce24b652"},{"name":"env.yaml","path":"dev/us-east-1/mgmt/env.yaml","sha":"b514ab3187ebfb5bf467c632f27a21f5a9611bfc"},{"name":"openvpn-server","children":[{"name":"README.md","path":"dev/us-east-1/mgmt/openvpn-server/README.md","sha":"c11261ef74ec62c04f96717ddf94544c1649125b"},{"name":"terragrunt.hcl","path":"dev/us-east-1/mgmt/openvpn-server/terragrunt.hcl","sha":"2541766dcbbcd6165dc0f661144f6f09be56ce1b"}]},{"name":"vpc","children":[{"name":"README.md","path":"dev/us-east-1/mgmt/vpc/README.md","sha":"73452d7db6e78079df0ee0854e9ae80645fce937"},{"name":"terragrunt.hcl","path":"dev/us-east-1/mgmt/vpc/terragrunt.hcl","sha":"20f97f225446751b79f2283837d0d9d225ea3833"}]}]},{"name":"region.yaml","path":"dev/us-east-1/region.yaml","sha":"d56afa3d82e6cea0d792e84748de56dafb0bad70"}]}]},{"name":"master","children":[{"name":"_global","children":[{"name":"README.md","path":"master/_global/README.md","sha":"d1b8a96c00211751f079fa13cac1b3417d29bf09"},{"name":"cloudtrail","children":[{"name":"README.md","path":"master/_global/cloudtrail/README.md","sha":"e6781286118d8ac86fe60cda1057595644d851da"},{"name":"terragrunt.hcl","path":"master/_global/cloudtrail/terragrunt.hcl","sha":"fb19b4438de2ba919d17f3e4a6ccb3c9f2517f26"}]},{"name":"iam-cross-account","children":[{"name":"README.md","path":"master/_global/iam-cross-account/README.md","sha":"d33fb4cd9ef7b20250205797177184bf1828f966"},{"name":"terragrunt.hcl","path":"master/_global/iam-cross-account/terragrunt.hcl","sha":"4b7fbf5498b4a1f2958a81a253faf5fc0e261b37"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"master/_global/iam-user-password-policy/README.md","sha":"b47d1c6602f3f4ea02fabd247f12c9ee3520be56"},{"name":"terragrunt.hcl","path":"master/_global/iam-user-password-policy/terragrunt.hcl","sha":"47b669ba52099812a6d52ed4fcdad48c5e32e91e"}]},{"name":"region.yaml","path":"master/_global/region.yaml","sha":"18b7823ed017b97431d58da7bcb9a4e31299272a"}]},{"name":"empty.yaml","path":"master/empty.yaml","sha":"5aa66daa40faeaef37eccb7b4b0fcc792233cd7b"},{"name":"terragrunt.hcl","path":"master/terragrunt.hcl","sha":"450cb535222a9ba6e246c8c70ba8b4b6b76e2f18"},{"name":"us-east-1","children":[{"name":"_global","children":[{"name":"README.md","path":"master/us-east-1/_global/README.md","sha":"37b828b038945a50e2e571ef1e755c4f9170e7cf"}]},{"name":"region.yaml","path":"master/us-east-1/region.yaml","sha":"d56afa3d82e6cea0d792e84748de56dafb0bad70"}]}]},{"name":"prod","children":[{"name":"_global","children":[{"name":"README.md","path":"prod/_global/README.md","sha":"d1b8a96c00211751f079fa13cac1b3417d29bf09"},{"name":"cloudtrail","children":[{"name":"README.md","path":"prod/_global/cloudtrail/README.md","sha":"e6781286118d8ac86fe60cda1057595644d851da"},{"name":"terragrunt.hcl","path":"prod/_global/cloudtrail/terragrunt.hcl","sha":"fb19b4438de2ba919d17f3e4a6ccb3c9f2517f26"}]},{"name":"iam-cross-account","children":[{"name":"README.md","path":"prod/_global/iam-cross-account/README.md","sha":"d33fb4cd9ef7b20250205797177184bf1828f966"},{"name":"terragrunt.hcl","path":"prod/_global/iam-cross-account/terragrunt.hcl","sha":"ef9dd9c28172500be3ffd79646dff2e0c4981f70"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"prod/_global/iam-user-password-policy/README.md","sha":"b47d1c6602f3f4ea02fabd247f12c9ee3520be56"},{"name":"terragrunt.hcl","path":"prod/_global/iam-user-password-policy/terragrunt.hcl","sha":"47b669ba52099812a6d52ed4fcdad48c5e32e91e"}]},{"name":"region.yaml","path":"prod/_global/region.yaml","sha":"18b7823ed017b97431d58da7bcb9a4e31299272a"},{"name":"route53-public","children":[{"name":"README.md","path":"prod/_global/route53-public/README.md","sha":"03c91d97d2da5dea0f5dfa34a3004cc54118e60c"},{"name":"terragrunt.hcl","path":"prod/_global/route53-public/terragrunt.hcl","sha":"68ed9958a62546160f9007660857c5baa95ce12b"}]}]},{"name":"empty.yaml","path":"prod/empty.yaml","sha":"5aa66daa40faeaef37eccb7b4b0fcc792233cd7b"},{"name":"terragrunt.hcl","path":"prod/terragrunt.hcl","sha":"9cc4740794cee1af908f0a90a7b24541a0e2757c"},{"name":"us-east-1","children":[{"name":"_global","children":[{"name":"README.md","path":"prod/us-east-1/_global/README.md","sha":"37b828b038945a50e2e571ef1e755c4f9170e7cf"},{"name":"kms-master-key","children":[{"name":"README.md","path":"prod/us-east-1/_global/kms-master-key/README.md","sha":"0739299135b88bf5259961de35eb374566a33d3c"},{"name":"terragrunt.hcl","path":"prod/us-east-1/_global/kms-master-key/terragrunt.hcl","sha":"5e19caaa42e506f2797048979d773f2fac5bce8a"}]},{"name":"sns-topics","children":[{"name":"README.md","path":"prod/us-east-1/_global/sns-topics/README.md","sha":"ae3e2f9522b38fa85eff3c962e4c3d40c6724e17"},{"name":"terragrunt.hcl","path":"prod/us-east-1/_global/sns-topics/terragrunt.hcl","sha":"225cf4b3fe49af57c85a1e25b7942c72cf9e6853"}]}]},{"name":"mgmt","children":[{"name":"README.md","path":"prod/us-east-1/mgmt/README.md","sha":"8a131a11632b97fec18a5e344d5c721fce24b652"},{"name":"env.yaml","path":"prod/us-east-1/mgmt/env.yaml","sha":"b514ab3187ebfb5bf467c632f27a21f5a9611bfc"},{"name":"openvpn-server","children":[{"name":"README.md","path":"prod/us-east-1/mgmt/openvpn-server/README.md","sha":"5aafd75eed0aa4f50d12b041bfad085f9f8f8bc7"},{"name":"terragrunt.hcl","path":"prod/us-east-1/mgmt/openvpn-server/terragrunt.hcl","sha":"7d032d739e1742ccab6be199d60da7680d3d5681"}]},{"name":"vpc","children":[{"name":"README.md","path":"prod/us-east-1/mgmt/vpc/README.md","sha":"73452d7db6e78079df0ee0854e9ae80645fce937"},{"name":"terragrunt.hcl","path":"prod/us-east-1/mgmt/vpc/terragrunt.hcl","sha":"a3dbfb5bb3b55e6fcf452338c69e2fdab5aa6204"}]}]},{"name":"prod","children":[{"name":"README.md","path":"prod/us-east-1/prod/README.md","sha":"f15da18661ef3624d5f63deb288bad072e93df57"},{"name":"cloudwatch-dashboard","children":[{"name":"README.md","path":"prod/us-east-1/prod/cloudwatch-dashboard/README.md","sha":"aa1cfea49f1679e79991f9cf80c12a5b41943a1d"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/cloudwatch-dashboard/terragrunt.hcl","sha":"fe0a59a0885dd19898acfd6b65b290e5b6bf279c"}]},{"name":"data-stores","children":[{"name":"elk-multi-cluster","children":[{"name":"README.md","path":"prod/us-east-1/prod/data-stores/elk-multi-cluster/README.md","sha":"111f8a7f2339e9f329920b92c275eb9fcf6c18dc"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/data-stores/elk-multi-cluster/terragrunt.hcl","sha":"ad3c96134476a81696c73807021c875283c3dfd1"}]},{"name":"kafka","children":[{"name":"README.md","path":"prod/us-east-1/prod/data-stores/kafka/README.md","sha":"8bfe6579bd97e0148c3baa24e1215abce8cf312b"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/data-stores/kafka/terragrunt.hcl","sha":"c9e85c9678126c48a4cd6fc16cc55d523194b4d8"}]},{"name":"mysql","children":[{"name":"README.md","path":"prod/us-east-1/prod/data-stores/mysql/README.md","sha":"df149a836e3a0f3e082cb98f3679e48e0cf6fe4b"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/data-stores/mysql/terragrunt.hcl","sha":"e88eea81774f2ff43c6ba0f4929593b2adf80e20"}]},{"name":"redis","children":[{"name":"README.md","path":"prod/us-east-1/prod/data-stores/redis/README.md","sha":"a305dff8ab1fd409e94cb7b9bf8d3a78ef84c689"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/data-stores/redis/terragrunt.hcl","sha":"2ab5abad0edb89d10ffebb7c279a94b5e344bce6"}]},{"name":"zookeeper","children":[{"name":"README.md","path":"prod/us-east-1/prod/data-stores/zookeeper/README.md","sha":"451ce7cb440aa724bf4dc8a35726e2bda7e071a2"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/data-stores/zookeeper/terragrunt.hcl","sha":"e04f530614ac4913a702c2a18e38b4fa5a1f7848"}]}]},{"name":"env.yaml","path":"prod/us-east-1/prod/env.yaml","sha":"90e2d18e481b6e35ddc57391f752874ffc0058cf"},{"name":"lambda","children":[{"name":"long-running-scheduled","children":[{"name":"README.md","path":"prod/us-east-1/prod/lambda/long-running-scheduled/README.md","sha":"af7b8b9950d620577e1db104d0140a478e5f46fd"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/lambda/long-running-scheduled/terragrunt.hcl","sha":"72518b7089bd107c05c281372f3cccd6d7a6a628"}]},{"name":"s3-image-processing","children":[{"name":"README.md","path":"prod/us-east-1/prod/lambda/s3-image-processing/README.md","sha":"236ef4197db71e6e121e3ca7182e556fa9ecaa60"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/lambda/s3-image-processing/terragrunt.hcl","sha":"87d070e374ab2b7a6860167650e26c0fc73b486a"}]}]},{"name":"networking","children":[{"name":"alb-internal","children":[{"name":"README.md","path":"prod/us-east-1/prod/networking/alb-internal/README.md","sha":"c2a9ab57e03ddedf51dad9c4b375336aabc0e44b"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/networking/alb-internal/terragrunt.hcl","sha":"cc5feacf99eebd2cd695507d9169037599c763e5"}]},{"name":"alb-public","children":[{"name":"README.md","path":"prod/us-east-1/prod/networking/alb-public/README.md","sha":"c2a9ab57e03ddedf51dad9c4b375336aabc0e44b"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/networking/alb-public/terragrunt.hcl","sha":"03af1d8d3f8a860dc443addbf610f5934f7869eb"}]},{"name":"route53-private","children":[{"name":"README.md","path":"prod/us-east-1/prod/networking/route53-private/README.md","sha":"2f6db22493297bf5ae1c98149b9a7c9c896c3c7f"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/networking/route53-private/terragrunt.hcl","sha":"f7e7c4b437c11b0340c682314deb9b08aca3a854"}]}]},{"name":"services","children":[{"name":"ecs-cluster","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/ecs-cluster/README.md","sha":"d990f5a959ffd98ad6c341e3c5a006edae894e1e"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/ecs-cluster/terragrunt.hcl","sha":"b0eef93fabce97dfe098d6e18677fd3b1839d009"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/eks-cluster/README.md","sha":"09f1c5d37ab965b3330d0c4baa15a4bdabe3f4f7"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/eks-cluster/terragrunt.hcl","sha":"6cd702f65352efa6710f63842666cd214b9e4109"}]},{"name":"eks-core-services","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/eks-core-services/README.md","sha":"8d2479fb8630467588cadb041607244739ce235d"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/eks-core-services/terragrunt.hcl","sha":"3ba3473cbb4c7cd83fb23f3fa18ca624bc9de5aa"}]},{"name":"k8s-applications-namespace","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/k8s-applications-namespace/README.md","sha":"6f4aedb903ed85b60b35faf831a926ad6765ea9d"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/k8s-applications-namespace/terragrunt.hcl","sha":"c9d638ac7e6367e974db2dbdf2ffc8f17473fb91"}]},{"name":"k8s-sample-app-backend-multi-account-acme","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/k8s-sample-app-backend-multi-account-acme/README.md","sha":"a95e230a5fc692c4bf8ee19ee444b66405e08eab"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/k8s-sample-app-backend-multi-account-acme/terragrunt.hcl","sha":"e8b8df48ed310a08be55d5d3d07af9dc20fe7c12"}]},{"name":"k8s-sample-app-frontend-multi-account-acme","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/k8s-sample-app-frontend-multi-account-acme/README.md","sha":"9a2e1ef3ca5487142225c9c02b25132049d884d9"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/k8s-sample-app-frontend-multi-account-acme/terragrunt.hcl","sha":"cab54c75aa28d2d0a1df465e3e4272fc7a154adb"}]},{"name":"sample-app-backend-multi-account-acme-asg","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/sample-app-backend-multi-account-acme-asg/README.md","sha":"3df2251cd06cfde9b6d113329d050669284204fb"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/sample-app-backend-multi-account-acme-asg/terragrunt.hcl","sha":"3bc70a7302b813667b0d9b9a19d888ce7a53e711"}]},{"name":"sample-app-backend-multi-account-acme","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/sample-app-backend-multi-account-acme/README.md","sha":"5fb21249645ccc5db9f8cf7ac93b70bbda0cc7c5"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/sample-app-backend-multi-account-acme/terragrunt.hcl","sha":"f6f9ecf019df9635b4a68f42816d37f1ef4722c3"}]},{"name":"sample-app-beanstalk","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/sample-app-beanstalk/README.md","sha":"8e099f7d34b7bb62d26960c43a07220617c97e04"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/sample-app-beanstalk/terragrunt.hcl","sha":"aa974300d961214d4a76f729b87e3d6d1dc90107"}]},{"name":"sample-app-frontend-multi-account-acme-asg","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/sample-app-frontend-multi-account-acme-asg/README.md","sha":"39739d90168866c8293a4ebe1be5665997327f56"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/sample-app-frontend-multi-account-acme-asg/terragrunt.hcl","sha":"c7cdbcf4cc8effe73a0130cf07a7f5da8cca0f23"}]},{"name":"sample-app-frontend-multi-account-acme","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/sample-app-frontend-multi-account-acme/README.md","sha":"3345f973994d2480a8d60e12da68523275656d95"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/sample-app-frontend-multi-account-acme/terragrunt.hcl","sha":"f0137a766733b3575863a74230dfc92ec0c94cd0"}]},{"name":"static-website","children":[{"name":"README.md","path":"prod/us-east-1/prod/services/static-website/README.md","sha":"bd02d2c0be6895e1154a84f183684889e0c9549a"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/services/static-website/terragrunt.hcl","sha":"d5879453a53db71287dad837ed32e7d9b59d120e"}]}]},{"name":"vpc","children":[{"name":"README.md","path":"prod/us-east-1/prod/vpc/README.md","sha":"fc9ad2ee05250c2e2134884feb49c142bc948897"},{"name":"terragrunt.hcl","path":"prod/us-east-1/prod/vpc/terragrunt.hcl","sha":"521968dd6fb563a01f26d8b4662fbf4624cd21a0"}]}]},{"name":"region.yaml","path":"prod/us-east-1/region.yaml","sha":"d56afa3d82e6cea0d792e84748de56dafb0bad70"}]}]},{"name":"security","children":[{"name":"_global","children":[{"name":"README.md","path":"security/_global/README.md","sha":"d1b8a96c00211751f079fa13cac1b3417d29bf09"},{"name":"cloudtrail","children":[{"name":"README.md","path":"security/_global/cloudtrail/README.md","sha":"e6781286118d8ac86fe60cda1057595644d851da"},{"name":"terragrunt.hcl","path":"security/_global/cloudtrail/terragrunt.hcl","sha":"880d875fa813a2ec594b9a8ef15eb431bf540fa4"}]},{"name":"iam-cross-account","children":[{"name":"README.md","path":"security/_global/iam-cross-account/README.md","sha":"d33fb4cd9ef7b20250205797177184bf1828f966"},{"name":"terragrunt.hcl","path":"security/_global/iam-cross-account/terragrunt.hcl","sha":"fcb656ee6ce7d78ed479bbe98f7dec361cc8f8ba"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"security/_global/iam-groups/README.md","sha":"4f322b55501dba80060a90fa9b7355e6034cac45"},{"name":"terragrunt.hcl","path":"security/_global/iam-groups/terragrunt.hcl","sha":"3d8532178660f931753089c2ed3dd3c3a0634965"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"security/_global/iam-user-password-policy/README.md","sha":"b47d1c6602f3f4ea02fabd247f12c9ee3520be56"},{"name":"terragrunt.hcl","path":"security/_global/iam-user-password-policy/terragrunt.hcl","sha":"47b669ba52099812a6d52ed4fcdad48c5e32e91e"}]},{"name":"region.yaml","path":"security/_global/region.yaml","sha":"18b7823ed017b97431d58da7bcb9a4e31299272a"}]},{"name":"empty.yaml","path":"security/empty.yaml","sha":"5aa66daa40faeaef37eccb7b4b0fcc792233cd7b"},{"name":"terragrunt.hcl","path":"security/terragrunt.hcl","sha":"bcb0251ac68b2a7bb1acab94808083bc52b4dcf3"}]},{"name":"shared-services","children":[{"name":"_global","children":[{"name":"README.md","path":"shared-services/_global/README.md","sha":"d1b8a96c00211751f079fa13cac1b3417d29bf09"},{"name":"cloudtrail","children":[{"name":"README.md","path":"shared-services/_global/cloudtrail/README.md","sha":"e6781286118d8ac86fe60cda1057595644d851da"},{"name":"terragrunt.hcl","path":"shared-services/_global/cloudtrail/terragrunt.hcl","sha":"fb19b4438de2ba919d17f3e4a6ccb3c9f2517f26"}]},{"name":"iam-cross-account","children":[{"name":"README.md","path":"shared-services/_global/iam-cross-account/README.md","sha":"d33fb4cd9ef7b20250205797177184bf1828f966"},{"name":"terragrunt.hcl","path":"shared-services/_global/iam-cross-account/terragrunt.hcl","sha":"4b7fbf5498b4a1f2958a81a253faf5fc0e261b37"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"shared-services/_global/iam-user-password-policy/README.md","sha":"b47d1c6602f3f4ea02fabd247f12c9ee3520be56"},{"name":"terragrunt.hcl","path":"shared-services/_global/iam-user-password-policy/terragrunt.hcl","sha":"47b669ba52099812a6d52ed4fcdad48c5e32e91e"}]},{"name":"region.yaml","path":"shared-services/_global/region.yaml","sha":"18b7823ed017b97431d58da7bcb9a4e31299272a"},{"name":"route53-public","children":[{"name":"README.md","path":"shared-services/_global/route53-public/README.md","sha":"03c91d97d2da5dea0f5dfa34a3004cc54118e60c"},{"name":"terragrunt.hcl","path":"shared-services/_global/route53-public/terragrunt.hcl","sha":"68ed9958a62546160f9007660857c5baa95ce12b"}]}]},{"name":"empty.yaml","path":"shared-services/empty.yaml","sha":"5aa66daa40faeaef37eccb7b4b0fcc792233cd7b"},{"name":"terragrunt.hcl","path":"shared-services/terragrunt.hcl","sha":"97348cf7336b2508647742881b377b1ba714e9c0"},{"name":"us-east-1","children":[{"name":"_global","children":[{"name":"README.md","path":"shared-services/us-east-1/_global/README.md","sha":"37b828b038945a50e2e571ef1e755c4f9170e7cf"},{"name":"ecr-repos","children":[{"name":"README.md","path":"shared-services/us-east-1/_global/ecr-repos/README.md","sha":"def6523ffcf755613e462937e89f88063379d54b"},{"name":"terragrunt.hcl","path":"shared-services/us-east-1/_global/ecr-repos/terragrunt.hcl","sha":"0aebd1fe76c536af522f7af783dae529637f5a2b"}]},{"name":"kms-master-key","children":[{"name":"README.md","path":"shared-services/us-east-1/_global/kms-master-key/README.md","sha":"e5bbe0789e554212ffe2c605b9a301ebce202947"},{"name":"terragrunt.hcl","path":"shared-services/us-east-1/_global/kms-master-key/terragrunt.hcl","sha":"e3d3456c830e33007018dfa0444e1bb20950e327"}]},{"name":"sns-topics","children":[{"name":"README.md","path":"shared-services/us-east-1/_global/sns-topics/README.md","sha":"ae3e2f9522b38fa85eff3c962e4c3d40c6724e17"},{"name":"terragrunt.hcl","path":"shared-services/us-east-1/_global/sns-topics/terragrunt.hcl","sha":"225cf4b3fe49af57c85a1e25b7942c72cf9e6853"}]}]},{"name":"mgmt","children":[{"name":"README.md","path":"shared-services/us-east-1/mgmt/README.md","sha":"8a131a11632b97fec18a5e344d5c721fce24b652"},{"name":"env.yaml","path":"shared-services/us-east-1/mgmt/env.yaml","sha":"b514ab3187ebfb5bf467c632f27a21f5a9611bfc"},{"name":"jenkins","children":[{"name":"README.md","path":"shared-services/us-east-1/mgmt/jenkins/README.md","sha":"9401dae6add177f3f045f0f2e368076a7fc9a42e"},{"name":"terragrunt.hcl","path":"shared-services/us-east-1/mgmt/jenkins/terragrunt.hcl","sha":"2697d39997ae18103e586008388a3e79dfcabbed"}]},{"name":"openvpn-server","children":[{"name":"README.md","path":"shared-services/us-east-1/mgmt/openvpn-server/README.md","sha":"d0faac5567ed30af350e6b9181e0a9282ef88ac9"},{"name":"terragrunt.hcl","path":"shared-services/us-east-1/mgmt/openvpn-server/terragrunt.hcl","sha":"94491e691a4819cf78eefe98a69c818573c61b48"}]},{"name":"vpc","children":[{"name":"README.md","path":"shared-services/us-east-1/mgmt/vpc/README.md","sha":"73452d7db6e78079df0ee0854e9ae80645fce937"},{"name":"terragrunt.hcl","path":"shared-services/us-east-1/mgmt/vpc/terragrunt.hcl","sha":"29ff68537a532e119786f868bb2a709839792e90"}]}]},{"name":"region.yaml","path":"shared-services/us-east-1/region.yaml","sha":"d56afa3d82e6cea0d792e84748de56dafb0bad70"}]}]},{"name":"stage","children":[{"name":"_global","children":[{"name":"README.md","path":"stage/_global/README.md","sha":"d1b8a96c00211751f079fa13cac1b3417d29bf09"},{"name":"cloudtrail","children":[{"name":"README.md","path":"stage/_global/cloudtrail/README.md","sha":"e6781286118d8ac86fe60cda1057595644d851da"},{"name":"terragrunt.hcl","path":"stage/_global/cloudtrail/terragrunt.hcl","sha":"fb19b4438de2ba919d17f3e4a6ccb3c9f2517f26"}]},{"name":"iam-cross-account","children":[{"name":"README.md","path":"stage/_global/iam-cross-account/README.md","sha":"d33fb4cd9ef7b20250205797177184bf1828f966"},{"name":"terragrunt.hcl","path":"stage/_global/iam-cross-account/terragrunt.hcl","sha":"ef9dd9c28172500be3ffd79646dff2e0c4981f70"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"stage/_global/iam-user-password-policy/README.md","sha":"b47d1c6602f3f4ea02fabd247f12c9ee3520be56"},{"name":"terragrunt.hcl","path":"stage/_global/iam-user-password-policy/terragrunt.hcl","sha":"47b669ba52099812a6d52ed4fcdad48c5e32e91e"}]},{"name":"region.yaml","path":"stage/_global/region.yaml","sha":"18b7823ed017b97431d58da7bcb9a4e31299272a"},{"name":"route53-public","children":[{"name":"README.md","path":"stage/_global/route53-public/README.md","sha":"03c91d97d2da5dea0f5dfa34a3004cc54118e60c"},{"name":"terragrunt.hcl","path":"stage/_global/route53-public/terragrunt.hcl","sha":"68ed9958a62546160f9007660857c5baa95ce12b"}]}]},{"name":"empty.yaml","path":"stage/empty.yaml","sha":"5aa66daa40faeaef37eccb7b4b0fcc792233cd7b"},{"name":"terragrunt.hcl","path":"stage/terragrunt.hcl","sha":"25ec25b2a01b51434679521aecb7a6f4a0bbb2d8"},{"name":"us-east-1","children":[{"name":"_global","children":[{"name":"README.md","path":"stage/us-east-1/_global/README.md","sha":"37b828b038945a50e2e571ef1e755c4f9170e7cf"},{"name":"kms-master-key","children":[{"name":"README.md","path":"stage/us-east-1/_global/kms-master-key/README.md","sha":"e6a201af63351f171403b62a0b41866e2cb13476"},{"name":"terragrunt.hcl","path":"stage/us-east-1/_global/kms-master-key/terragrunt.hcl","sha":"c0c2f65c3cf60fc59e6646347d4458001a116e6b"}]},{"name":"sns-topics","children":[{"name":"README.md","path":"stage/us-east-1/_global/sns-topics/README.md","sha":"ae3e2f9522b38fa85eff3c962e4c3d40c6724e17"},{"name":"terragrunt.hcl","path":"stage/us-east-1/_global/sns-topics/terragrunt.hcl","sha":"225cf4b3fe49af57c85a1e25b7942c72cf9e6853"}]}]},{"name":"mgmt","children":[{"name":"README.md","path":"stage/us-east-1/mgmt/README.md","sha":"8a131a11632b97fec18a5e344d5c721fce24b652"},{"name":"env.yaml","path":"stage/us-east-1/mgmt/env.yaml","sha":"b514ab3187ebfb5bf467c632f27a21f5a9611bfc"},{"name":"openvpn-server","children":[{"name":"README.md","path":"stage/us-east-1/mgmt/openvpn-server/README.md","sha":"2b17dbeb74071ffd9f1a359989d6041acadf69b4"},{"name":"terragrunt.hcl","path":"stage/us-east-1/mgmt/openvpn-server/terragrunt.hcl","sha":"2264e52073f6eff6db62cf871eb558a06216515c"}]},{"name":"vpc","children":[{"name":"README.md","path":"stage/us-east-1/mgmt/vpc/README.md","sha":"73452d7db6e78079df0ee0854e9ae80645fce937"},{"name":"terragrunt.hcl","path":"stage/us-east-1/mgmt/vpc/terragrunt.hcl","sha":"b2016650621679f7b9f99b93806cc0b8efb149ac"}]}]},{"name":"region.yaml","path":"stage/us-east-1/region.yaml","sha":"d56afa3d82e6cea0d792e84748de56dafb0bad70"},{"name":"stage","children":[{"name":"README.md","path":"stage/us-east-1/stage/README.md","sha":"b24ba21bf01baf19ff84a2de457697a757d905c5"},{"name":"cloudwatch-dashboard","children":[{"name":"README.md","path":"stage/us-east-1/stage/cloudwatch-dashboard/README.md","sha":"aa1cfea49f1679e79991f9cf80c12a5b41943a1d"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/cloudwatch-dashboard/terragrunt.hcl","sha":"01ed95b4b404eda346293dbe5eb78b9a74f2f5bb"}]},{"name":"data-stores","children":[{"name":"elk-single-cluster","children":[{"name":"README.md","path":"stage/us-east-1/stage/data-stores/elk-single-cluster/README.md","sha":"9a1cb70a6f6b1b3ac81b2c7c5b17d902328db1e0"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/data-stores/elk-single-cluster/terragrunt.hcl","sha":"7818782091e335360279369b391a3401703ddedd"}]},{"name":"kafka","children":[{"name":"README.md","path":"stage/us-east-1/stage/data-stores/kafka/README.md","sha":"8bfe6579bd97e0148c3baa24e1215abce8cf312b"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/data-stores/kafka/terragrunt.hcl","sha":"26d778dddca07ead27d37e481a897659d7cec7d2"}]},{"name":"mysql","children":[{"name":"README.md","path":"stage/us-east-1/stage/data-stores/mysql/README.md","sha":"df149a836e3a0f3e082cb98f3679e48e0cf6fe4b"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/data-stores/mysql/terragrunt.hcl","sha":"35991621a16fb4cc8443fdf2695c23d3e658c5ac"}]},{"name":"redis","children":[{"name":"README.md","path":"stage/us-east-1/stage/data-stores/redis/README.md","sha":"a305dff8ab1fd409e94cb7b9bf8d3a78ef84c689"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/data-stores/redis/terragrunt.hcl","sha":"79ef1e07fde2d0dcb9673d653089da8fb3fa449a"}]},{"name":"zookeeper","children":[{"name":"README.md","path":"stage/us-east-1/stage/data-stores/zookeeper/README.md","sha":"451ce7cb440aa724bf4dc8a35726e2bda7e071a2"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/data-stores/zookeeper/terragrunt.hcl","sha":"045e1d8802b8b1dc93070a80d98da5b917dec655"}]}]},{"name":"env.yaml","path":"stage/us-east-1/stage/env.yaml","sha":"5767506e27e978f52524dadbbd8fb9f8ad115599"},{"name":"lambda","children":[{"name":"long-running-scheduled","children":[{"name":"README.md","path":"stage/us-east-1/stage/lambda/long-running-scheduled/README.md","sha":"af7b8b9950d620577e1db104d0140a478e5f46fd"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/lambda/long-running-scheduled/terragrunt.hcl","sha":"72518b7089bd107c05c281372f3cccd6d7a6a628"}]},{"name":"s3-image-processing","children":[{"name":"README.md","path":"stage/us-east-1/stage/lambda/s3-image-processing/README.md","sha":"236ef4197db71e6e121e3ca7182e556fa9ecaa60"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/lambda/s3-image-processing/terragrunt.hcl","sha":"02a23cc6f220d8301d40f7616d1e17f9e17448a5"}]}]},{"name":"networking","children":[{"name":"alb-internal","children":[{"name":"README.md","path":"stage/us-east-1/stage/networking/alb-internal/README.md","sha":"7a0ead86441c133aa09441613d4c1d8d7e630166"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/networking/alb-internal/terragrunt.hcl","sha":"9537dc7cb6dc7c9eb929a0b97a6f89025e042e57"}]},{"name":"alb-public","children":[{"name":"README.md","path":"stage/us-east-1/stage/networking/alb-public/README.md","sha":"7a0ead86441c133aa09441613d4c1d8d7e630166"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/networking/alb-public/terragrunt.hcl","sha":"8ea93d9b8dafad1fc2044a677dd9d0db8d768a55"}]},{"name":"route53-private","children":[{"name":"README.md","path":"stage/us-east-1/stage/networking/route53-private/README.md","sha":"2f6db22493297bf5ae1c98149b9a7c9c896c3c7f"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/networking/route53-private/terragrunt.hcl","sha":"f7e7c4b437c11b0340c682314deb9b08aca3a854"}]}]},{"name":"services","children":[{"name":"ecs-cluster","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/ecs-cluster/README.md","sha":"69133a6a78eabd9f9cedbbb52144f0b3f8a72421"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/ecs-cluster/terragrunt.hcl","sha":"a42cc57f67f8a9ee2bf5bfce1fb58ea96f5e48f5"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/eks-cluster/README.md","sha":"67f4e452bf104a0b6329d3147e7158058e5df135"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/eks-cluster/terragrunt.hcl","sha":"ec2a56580f4fbe9d5ea53b4a7bc0768a7ae90029"}]},{"name":"eks-core-services","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/eks-core-services/README.md","sha":"9a346101188e4590ca4f5e963ae9f0418a5b736b"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/eks-core-services/terragrunt.hcl","sha":"4c1aecc3ec52837b98978ec6fc1cd8d5564763ae"}]},{"name":"k8s-applications-namespace","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/k8s-applications-namespace/README.md","sha":"99acc7283fb7bd8ebddd652eb40f00ffdae7c212"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/k8s-applications-namespace/terragrunt.hcl","sha":"3665bac8be17e73ab034e2f32017c69ef209b2af"}]},{"name":"k8s-sample-app-backend-multi-account-acme","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/k8s-sample-app-backend-multi-account-acme/README.md","sha":"8a53ab896e3502a85f8d96f694c4ba807ee33282"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/k8s-sample-app-backend-multi-account-acme/terragrunt.hcl","sha":"9ea86835ea625bbc341b4d8cbfbcd9b954c4feb5"}]},{"name":"k8s-sample-app-frontend-multi-account-acme","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/k8s-sample-app-frontend-multi-account-acme/README.md","sha":"bbaed0680673b0973880a98f90a7d321125975d9"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/k8s-sample-app-frontend-multi-account-acme/terragrunt.hcl","sha":"b53766ca7b1cf18f27c115d086e3aebf697ee5f3"}]},{"name":"sample-app-backend-multi-account-acme-asg","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/sample-app-backend-multi-account-acme-asg/README.md","sha":"d435c50c5f02f91388927d6fde51f8220dc3b0ae"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/sample-app-backend-multi-account-acme-asg/terragrunt.hcl","sha":"2b1ddfe35699ecff6ee4e8c164ad4c9e00d224da"}]},{"name":"sample-app-backend-multi-account-acme","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/sample-app-backend-multi-account-acme/README.md","sha":"5e3bb4688968e356ff649f88b28edfc72c0d03c0"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/sample-app-backend-multi-account-acme/terragrunt.hcl","sha":"1dd22075941f49b593bc9bfb03f616ac8004a06d"}]},{"name":"sample-app-beanstalk","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/sample-app-beanstalk/README.md","sha":"3b5e260db76305505ad5e2c5d581040abbda1f9f"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/sample-app-beanstalk/terragrunt.hcl","sha":"4360debb24de5f877a88782858260326f9d72dbd"}]},{"name":"sample-app-frontend-multi-account-acme-asg","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/sample-app-frontend-multi-account-acme-asg/README.md","sha":"1941c9a22b6d3b7316ad2260b2b774f12e877961"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/sample-app-frontend-multi-account-acme-asg/terragrunt.hcl","sha":"e0efa40fe276041d8bea4a543144a5591cfcead5"}]},{"name":"sample-app-frontend-multi-account-acme","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/sample-app-frontend-multi-account-acme/README.md","sha":"9516c852664f8d68f3f7dd47cc974061cb733077"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/sample-app-frontend-multi-account-acme/terragrunt.hcl","sha":"2507d6e2e44be9e18a120c45b083b901f98a4cf9"}]},{"name":"static-website","children":[{"name":"README.md","path":"stage/us-east-1/stage/services/static-website/README.md","sha":"bd02d2c0be6895e1154a84f183684889e0c9549a"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/services/static-website/terragrunt.hcl","sha":"5dcb8cc0d74456bfa9756c29cbc70118b7c894ed"}]}]},{"name":"vpc","children":[{"name":"README.md","path":"stage/us-east-1/stage/vpc/README.md","sha":"b1272af31abdcc984831e69017e53de0c28ef71b"},{"name":"terragrunt.hcl","path":"stage/us-east-1/stage/vpc/terragrunt.hcl","sha":"96c7ebd950aea8d3e7d6767609e9419ef407db4f"}]}]}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"architecture-overview\">Architecture Overview</h1><div class=\"preview__body--border\"></div><p>Let's start by talking about your overall architecture. Acme Multi Account's architecture is deployed on top of\n<a href=\"https://aws.amazon.com/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon Web Services (AWS)</a> using the <a href=\"https://www.gruntwork.io/reference-architecture/\" class=\"preview__body--description--blue\" target=\"_blank\">Gruntwork Reference\nArchitecture</a>.</p>\n<p>Here's a diagram that shows an overview of what the Reference Architecture looks like:</p>\n<p><img src=\"/repos/images/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/_images/ref-arch-full.png\" alt=\"Architecture Diagram\" class=\"preview__body--diagram\"></p>\n<p>Note that the Reference Architecture is highly customizable, so what's deployed may be a bit different than what's\nin the diagram. Here is an overview of what's actually deployed:</p>\n<ol>\n<li><a href=\"#infrastructure-as-code\" class=\"preview__body--description--blue\">Infrastructure as code</a></li>\n<li><a href=\"#environments\" class=\"preview__body--description--blue\">Environments</a></li>\n<li><a href=\"#aws-accounts\" class=\"preview__body--description--blue\">AWS accounts</a></li>\n<li><a href=\"#vpcs-and-subnets\" class=\"preview__body--description--blue\">VPCs and subnets</a></li>\n<li><a href=\"#load-balancers\" class=\"preview__body--description--blue\">Load balancers</a></li>\n<li><a href=\"#docker-clusters\" class=\"preview__body--description--blue\">Docker clusters (EKS)</a></li>\n<li><a href=\"#data-stores\" class=\"preview__body--description--blue\">Data stores</a></li>\n<li><a href=\"#openvpn-server\" class=\"preview__body--description--blue\">OpenVPN server</a></li>\n<li><a href=\"#jenkins\" class=\"preview__body--description--blue\">Jenkins</a></li>\n<li><a href=\"#monitoring-log-aggregation-alerting\" class=\"preview__body--description--blue\">Monitoring, log aggregation, alerting</a></li>\n<li><a href=\"#dns-and-tls\" class=\"preview__body--description--blue\">DNS and TLS</a></li>\n<li><a href=\"#static-content-s3-and-cloudfront\" class=\"preview__body--description--blue\">Static content, S3, and CloudFront</a></li>\n<li><a href=\"#lambda\" class=\"preview__body--description--blue\">Lambda</a></li>\n<li><a href=\"#security\" class=\"preview__body--description--blue\">Security</a></li>\n</ol>\n<h2 class=\"preview__body--subtitle\" id=\"infrastructure-as-code\">Infrastructure as code</h2>\n<p>All of Acme Multi Account's infrastructure is managed as <strong>code</strong>, primarily using <a href=\"https://www.terraform.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Terraform</a>.\nThat is, instead of clicking around a web UI or SSHing to a server and manually executing commands, the idea behind\ninfrastructure as code (IAC) is that you write code to define your infrastructure and you let an automated tool (e.g.,\nTerraform) apply the code changes to your infrastructure. This has a number of benefits:</p>\n<ul>\n<li>\n<p>You can automate your entire provisioning and deployment process, which makes it much faster and more reliable than\nany manual process.</p>\n</li>\n<li>\n<p>You can represent the state of your infrastructure in source files that anyone can read rather than a sysadmin's head.</p>\n</li>\n<li>\n<p>You can store those source files in version control, which means the entire history of your infrastructure is\ncaptured in the commit log, which you can use to debug problems, and if necessary, roll back to older versions.</p>\n</li>\n<li>\n<p>You can validate each infrastructure change through code reviews and automated tests.</p>\n</li>\n<li>\n<p>You can package your infrastructure as reusable, documented, battle-tested modules that make it easier to scale and\nevolve your infrastructure. In fact, much of the infrastructure code in this architecture is powered by modules\ncreated by Gruntwork, which are called <a href=\"https://blog.gruntwork.io/gruntwork-infrastructure-packages-7434dc77d0b1\" class=\"preview__body--description--blue\" target=\"_blank\">Infrastructure\nPackages</a>.</p>\n</li>\n</ul>\n<p>For more info on Infrastructure as Code and Terraform, check out <a href=\"https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca\" class=\"preview__body--description--blue\" target=\"_blank\">A Comprehensive Guide to\nTerraform</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"environments\">Environments</h2>\n<p>The infrastructure is deployed across multiple environments:</p>\n<ul>\n<li>\n<p><strong>dev</strong> (account id: <code>087285199408</code>): Sandbox environment.</p>\n</li>\n<li>\n<p><strong>master</strong> (account id: <code>087285199408</code>): Consolidated billing account</p>\n</li>\n<li>\n<p><strong>prod</strong> (account id: <code>087285199408</code>): Production environment.</p>\n</li>\n<li>\n<p><strong>security</strong> (account id: <code>087285199408</code>): All IAM users and permissions are defined in this account.</p>\n</li>\n<li>\n<p><strong>shared-services</strong> (account id: <code>087285199408</code>): DevOps tooling, such as the OpenVPN server.</p>\n</li>\n<li>\n<p><strong>stage</strong> (account id: <code>087285199408</code>): Pre-production environment.</p>\n</li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"aws-accounts\">AWS accounts</h2>\n<p>Your infrastructure is deployed across multiple AWS accounts. For example, the staging environment is in one account,\nthe production environment in another account, the DevOps tooling in yet another account, and so on. This gives you\nbetter isolation between environments so that if you break something in one environment (e.g., staging)—or worse yet, a\nhacker breaks into that environment—it should have no effect on your other environments (e.g., prod). It also gives you\nbetter control over what resources each employee can access.</p>\n<p>Check out <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/09-accounts-and-auth.md\" class=\"preview__body--description--blue\">Accounts and Auth</a> for more info on the AWS accounts that have been set up and how\nto authenticate to and switch between them.</p>\n<h2 class=\"preview__body--subtitle\" id=\"vp-cs-and-subnets\">VPCs and subnets</h2>\n<p>Each environment lives in a separate <a href=\"https://aws.amazon.com/vpc/\" class=\"preview__body--description--blue\" target=\"_blank\">Virtual Private Cloud (VPC)</a>, which is a logically\nisolated section within an AWS account. Each VPC defines a virtual network, with its own IP address space and rules for\nwhat can go in and out of that network. The IP addresses within each VPC are further divided into multiple\n<a href=\"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html\" class=\"preview__body--description--blue\" target=\"_blank\">subnets</a>, where each subnet controls the\nrouting for its IP address.</p>\n<ul>\n<li><em>Public subnets</em> are directly accessible from the public Internet.</li>\n<li><em>Private subnets</em> are only accessible from within the VPC.</li>\n</ul>\n<p>Just about everything in this infrastructure is deployed in private subnets to reduce the surface area to attackers.\nThe only exceptions are load balancers and the <a href=\"#openvpn-server\" class=\"preview__body--description--blue\">OpenVPN server</a>,\nboth of which are described below.</p>\n<p>Each VPC is also configured with <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html\" class=\"preview__body--description--blue\" target=\"_blank\">VPC flow logs</a>, which\ncan be useful for monitoring and auditing network traffic across the VPC. Each VPC publishes its flow logs to CloudWatch\nLogs, under the log group <code>VPC_NAME-vpc-flow-logs</code>, where the <code>VPC_NAME</code> is an input variable to the <code>vpc-mgmt</code> and\n<code>vpc-app</code> modules.</p>\n<p>To learn more about VPCs and subnets, check out the Gruntwork <a href=\"/repos/module-vpc/modules/vpc-app\" class=\"preview__body--description--blue\">vpc-app module\ndocumentation</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"load-balancers\">Load balancers</h2>\n<p>Traffic from the public Internet (e.g., requests from your users) initially goes to a <em>public load balancer</em>, which\nproxies the traffic to your apps. This allows you to run multiple copies of your application for scalability and high\navailability. The load balancers being used are:</p>\n<ul>\n<li><a href=\"https://aws.amazon.com/elasticloadbalancing/applicationloadbalancer/\" class=\"preview__body--description--blue\" target=\"_blank\">Application Load Balancer (ALB)</a>: The ALB is a\nload balancer managed by AWS that is designed for routing HTTP and HTTPS traffic. The advantage of using a managed\nservice is that AWS takes care of fault tolerance, security, and scaling the load balancer for you automatically.\nNote that in EKS, ALBs are managed by Kubernetes using <code>Ingress</code> resources. Check out the <a href=\"/repos/terraform-aws-eks/modules/eks-alb-ingress-controller\" class=\"preview__body--description--blue\">eks-alb-ingress-controller\ndocumentation</a> for\nmore information on how this works.</li>\n</ul>\n<p>We also deploy an <em>internal</em> load balancer in the private subnets. This load balancer is not accessible to the public.\nInstead, it's used as a simple way to do service discovery: every backend service registers with the load balancer at a\nparticular path, and all services know to send requests to this load balancer to talk to other services.</p>\n<h2 class=\"preview__body--subtitle\" id=\"docker-clusters\">Docker clusters</h2>\n<p>Your application code is packaged into <a href=\"http://docker.com/\" class=\"preview__body--description--blue\" target=\"_blank\">Docker containers</a> and deployed across an Amazon\n<a href=\"https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html\" class=\"preview__body--description--blue\" target=\"_blank\">Elactic Container Service for Kubernetes Cluster (EKS)</a>\nThe advantage of Docker is that it allows you to package\nyour code so that it runs exactly the same way in all environments (dev, stage, prod). The advantage of a Docker\nCluster is that it makes it easy to deploy your Docker containers across a cluster of servers, making efficient use of\nwherever resources are available. Moreover, EKS can automatically scale your app up and down in response to load and\nredeploy containers that crashed.</p>\n<p>For a quick intro to Docker, see <a href=\"http://www.ybrikman.com/writing/2016/03/31/infrastructure-as-code-microservices-aws-docker-terraform-ecs/\" class=\"preview__body--description--blue\" target=\"_blank\">Running microservices on AWS using Docker, Terraform, and\nECS</a>.\nFor more info on using EKS, see <a href=\"/repos/terraform-aws-eks\" class=\"preview__body--description--blue\">terraform-aws-eks</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"data-stores\">Data stores</h2>\n<p>The infrastructure includes the following data stores:</p>\n<ol>\n<li>\n<p><strong>Mysql</strong>: Mysql is deployed using <a href=\"https://aws.amazon.com/rds/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon's Relational Database Service\n(RDS)</a>, including automatic failover, backups, and replicas. Check out\n<a href=\"/repos/module-data-storage\" class=\"preview__body--description--blue\">module-data-storage</a> for more info.</p>\n</li>\n<li>\n<p><strong>Redis</strong>: Redis is deployed using <a href=\"https://aws.amazon.com/elasticache/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon's ElastiCache\nService</a>, including automatic failover, backups, and replicas. Check out\n<a href=\"/repos/module-cache\" class=\"preview__body--description--blue\">module-cache</a> for more info.</p>\n</li>\n<li>\n<p><strong>ZooKeeper</strong>: A ZooKeeper cluster is deployed using <a href=\"/repos/package-zookeeper\" class=\"preview__body--description--blue\">package-zookeeper</a>.</p>\n</li>\n<li>\n<p><strong>Kafka</strong>: A Kafka cluster is deployed using <a href=\"/repos/package-kafka\" class=\"preview__body--description--blue\">package-kafka</a>.</p>\n</li>\n</ol>\n<h2 class=\"preview__body--subtitle\" id=\"lambda\">Lambda</h2>\n<p>We have deployed several example <a href=\"https://aws.amazon.com/lambda/\" class=\"preview__body--description--blue\" target=\"_blank\">Lambda functions</a> to show how you can build\nserverless applications. Check out the <a href=\"/repos/package-lambda/modules/lambda\" class=\"preview__body--description--blue\">package-lambda\ndocs</a> for background info.</p>\n<h2 class=\"preview__body--subtitle\" id=\"open-vpn-server\">OpenVPN server</h2>\n<p>To reduce your surface area to attackers, just about all of the resources in this infrastructure run in private subnets,\nwhich are not accessible from the public Internet at all. To allow Acme Multi Account's employees to access these\nprivate resources, we expose a single server publicly: an <a href=\"https://openvpn.net/\" class=\"preview__body--description--blue\" target=\"_blank\">OpenVPN server</a>. Once you connect to\nthe server using a VPN client, you are "in the network", and will be able to access the private resources (e.g., you\nwill be able to SSH to your EC2 Instances).</p>\n<p>For more info, see <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/08-ssh-vpn.md\" class=\"preview__body--description--blue\">SSH and VPN</a> and <a href=\"/repos/package-openvpn\" class=\"preview__body--description--blue\">package-openvpn</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"jenkins\">Jenkins</h2>\n<p>We have set up <a href=\"https://jenkins.io/\" class=\"preview__body--description--blue\" target=\"_blank\">Jenkins</a> as a Continuous Integration (CI) server. After every commit, a Jenkins\njob runs your build, tests, packaging, and automated deployment steps.</p>\n<p>For more info, see <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/06-ci-cd.md\" class=\"preview__body--description--blue\">Build, tests, and deployment (CI/CD)</a> and\n<a href=\"/repos/module-ci\" class=\"preview__body--description--blue\">module-ci</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"monitoring-log-aggregation-alerting\">Monitoring, log aggregation, alerting</h2>\n<p>You can find metrics, log files from all your servers, and subscribe to alert notifications using <a href=\"https://aws.amazon.com/cloudwatch/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon\nCloudWatch</a>.</p>\n<p>For more info, see <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/07-monitoring-alerting-logging.md\" class=\"preview__body--description--blue\">Monitoring, Alerting, and Logging</a> and\n<a href=\"/repos/module-aws-monitoring\" class=\"preview__body--description--blue\">module-aws-monitoring</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"dns-and-tls\">DNS and TLS</h2>\n<p>We are using <a href=\"https://aws.amazon.com/route53/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon Route 53</a> to configure DNS entries for all your services. We\nhave configured SSL/TLS certificates for your domain names using <a href=\"https://aws.amazon.com/certificate-manager/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon's Certificate Manager\n(ACM)</a>, which issues certificates that are free and renew automatically.</p>\n<p>For more info, see <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/02-whats-deployed.md\" class=\"preview__body--description--blue\">What's deployed</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"static-content-s-3-and-cloud-front\">Static content, S3, and CloudFront</h2>\n<p>All static content (e.g., images, CSS, JS) is stored in <a href=\"https://aws.amazon.com/s3/\" class=\"preview__body--description--blue\" target=\"_blank\">Amazon S3</a> and served via the\n<a href=\"https://aws.amazon.com/cloudfront/\" class=\"preview__body--description--blue\" target=\"_blank\">CloudFront</a> CDN. This allows you to offload all the work of serving static content\nfrom your app server and reduces latency for your users.</p>\n<p>For more info, see <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/02-whats-deployed.md\" class=\"preview__body--description--blue\">What's deployed</a> and\n<a href=\"/repos/package-static-assets\" class=\"preview__body--description--blue\">package-static-assets</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"security\">Security</h2>\n<p>We have configured security best practices in every aspect of this infrastructure:</p>\n<ul>\n<li>\n<p><strong>Network security</strong>: see <a href=\"#vpcs-and-subnets\" class=\"preview__body--description--blue\">VPCs and subnets</a>.</p>\n</li>\n<li>\n<p><strong>Server access</strong>: see <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/08-ssh-vpn.md\" class=\"preview__body--description--blue\">SSH and VPN</a>.</p>\n</li>\n<li>\n<p><strong>Application secrets</strong>: see the GruntKMS section of <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/05-dev-environment.md\" class=\"preview__body--description--blue\">Running an App in the Dev Environment</a>\nand <a href=\"/repos/gruntkms\" class=\"preview__body--description--blue\">gruntkms</a>.</p>\n</li>\n<li>\n<p><strong>User accounts</strong>: see <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/09-accounts-and-auth.md\" class=\"preview__body--description--blue\">Accounts and Auth</a>.</p>\n</li>\n<li>\n<p><strong>Auditing</strong>: see the <a href=\"/repos/module-security/modules/cloudtrail\" class=\"preview__body--description--blue\">CloudTrail module</a>.</p>\n</li>\n<li>\n<p><strong>Intrusion detection</strong>: see the <a href=\"/repos/module-security/modules/fail2ban\" class=\"preview__body--description--blue\">fail2ban module</a>.</p>\n</li>\n<li>\n<p><strong>Security updates</strong>: see the <a href=\"/repos/module-security/modules/auto-update\" class=\"preview__body--description--blue\">auto-update module</a>.</p>\n</li>\n<li>\n<p><strong>OS hardening</strong>: see the <a href=\"/repos/module-security/modules/os-hardening\" class=\"preview__body--description--blue\">os-hardening module</a>.</p>\n</li>\n</ul>\n<p>Check out <a href=\"https://docs.google.com/document/d/e/2PACX-1vTikva7hXPd2h1SSglJWhlW8W6qhMlZUxl0qQ9rUJ0OX22CQNeM-91w4lStRk9u2zQIn6lPejUbe-dl/pub\" class=\"preview__body--description--blue\" target=\"_blank\">Gruntwork Security Best Practices</a> for more info.</p>\n<h2 class=\"preview__body--subtitle\" id=\"next-steps\">Next steps</h2>\n<p>Next up, let's have a look at <a href=\"/repos/v0.0.1-06082020/infrastructure-live-multi-account-acme/_docs/02-whats-deployed.md\" class=\"preview__body--description--blue\">What's deployed</a>.</p>\n","repoName":"infrastructure-live-multi-account-acme","repoRef":"v0.0.1-06082020","serviceDescriptor":{"serviceName":"Multi-account Reference Architecture","serviceRepoName":"infrastructure-live-multi-account-acme","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"End-to-end tech stack designed to deploy into multiple AWS accounts. Includes VPCs, EKS, ALBs, CI / CD, monitoring, alerting, VPN, DNS, and more.","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go","Bash","Python"],"compliance":[],"tags":[""]},"serviceCategoryName":"Reference Architecture","fileName":"01-architecture-overview.md","filePath":"/_docs/01-architecture-overview.md","title":"Repo Browser: Multi-account Reference Architecture","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}
_docs
.gitignore
