A new standard for architecture
The Reference Architecture is an opinionated, battle-tested, best-practices way of setting up all the foundational pieces you need to get started with AWS and Terraform, including:
- AWS multi-account structure: Gruntwork Landing Zone.
- Network topology: VPCs, subnets, route tables, VPN, etc.
- CI / CD: Pipelines.
- Auth: AWS Identity Center (SSO), IAM roles, OIDC, etc.
- Guard Rails: SCPs, AWS Config, GuardDuty, CloudTrail, etc.
- Compliance: Gruntwork Compliance.
We generate the Reference Architecture based on your needs, deploy into your AWS accounts, and give you 100% of the code. Since you have all the code, you can extend, enhance, and customize it as much as you need. The deploy process takes about a day. Contact Us to set up a demo!
How It Works
Choose your architecture options
You can customize the following aspects of your architecture:AWS accounts:
- Default: logs, security, shared, dev, stage, and prod
- Primary region
- Pure Terraform
- Control Tower Integration (Gruntwork Enterprise only)
- GuardDuty, Macie, IAM Access Analyzer
- SCPs, AWS Config Rules (Gruntwork Enterprise only)
- IAM users, IAM roles, OIDC
- AWS Identity Center / SSO (Gruntwork Enterprise only)
- GitHub Actions
- VPC: subnets, route tables, IGW, NAT, NACLs.
- Network entrypoint: VPN or bastion host.
- Orchestration: EKS, EKS Fargate, ECS, or none
- Database: PostgreSQL, MySQL, SQL Server, Aurora, or none
- Cache: Redis, Memcached, or none
Gruntwork deploys your architecture
We generate the architecture using Terragrunt, Terraform, Bash, Python and Go. We deploy the resources to your AWS accounts. We validate the configuration, then we push the code to your git repository.
Get guided onboarding (Gruntwork Enterprise only)
Work with the Gruntwork team directly to help you get started with your architecture.
If you run into a snag, ask a question on our community support channel via Slack. Or sign up for Pro or Enterprise Support to chat directly with Gruntwork engineers via a private shared Slack channel or email, and guarantee a timely response.
Keep your code up to date automatically
With Patcher, you can streamline staying up to date, even with breaking changes.
Reference Architecture Features
Infrastructure as Code
Written in Terraform, Go, Python, and Bash. You get 100% of the code.
The architecture has been proven with hundreds of Gruntwork customers.
We'll deploy a fully-working, best-practices tech stack in AWS in about a day!
Designed for high availability, scalability, and durability
Account-level segmentation, centralized audit trail, network segmentation, encrypted by default, server hardening, & more
Includes training videos and documentation
Check out the Pricing page for details. Please note that to use the Reference Architecture, you must be a Gruntwork Subscriber.