Up until now we have focused on the initial code that Gruntwork has provided in the Reference Architecture. However,
this Reference Architecture is meant to be used in production and will evolve over time. This document is meant to act
as a guide to lay out the steps necessary to evolve the Reference Architecture by taking a look at a few common
scenarios:
One of the most common things you might want to do with the Reference Architecture is to extend it with additional
services or data stores (an infrastructure component). Here are the rough steps for adding a new component to the
Reference Architecture:
The first step in adding a new component to the Reference Architecture is actually to decide what you will need to
deploy the component. For example, suppose you want to add a new data service (e.g Kafka). Some questions that you
should be asking yourself are:
Is there a managed service offering that simplifies the deployment?
Do I want to run the service using Docker or VMs?
Does the service have any dependencies such as S3?
Once you have a sense of the components that should be deployed, the next thing to figure out is what modules you will
need to build in order to maintain all that code. You should start by taking a look at the Gruntwork catalog of
infrastructure modules and seeing if Gruntwork has a library
module for the components that you need. You can also slack us using your private channel (if you are on our
Professional Support plan), or the community channel to get help deciding which library modules are relevant for your
component. Alternatively, you can email support@gruntwork.io.
You should come out of this step with an itemized list of the modules that you plan on using, and any modules that you
will need to build from scratch. You will also want to make sure Terraform has resources available for managing the
components you wish to use. Be sure to familiarize yourself with existing modules and resources if any of the
infrastructure components you plan on deploying is new to you!
Add a new library module to deploy the infrastructure for the component (if necessary)
If you find out that Gruntwork does not have a module for the infrastructure components you wish to deploy, you will
need to build the relevant modules from scratch. You can either build the relevant module directly in
infrastructure-modules-acme where all the
blueprint modules exist, or have a dedicated repository to build out the module. The advantage of using a dedicated
repository is that you can write targetted "unit" tests for the module to ensure correctness by using the Terratest
framework, that run faster than testing the whole component being launched
as a part of the infrastructure-modules structure. This may make it easier for you to test a range of input variables
to the module.
You also have the option to contribute this code back to the Gruntwork
library.
The advantage of contributing your code is that you can rely on Gruntwork to manage the code going forward, including
performing updates to newer versions of terraform, implementing new features, or fix bugs that are filed against it. It
is also a good way to get it battle tested across multiple different scenarios from the Gruntwork community, leading to
a better module overall.
Add a new infrastructure module and live config to deploy the component
Once you have a library module for your component, the next step is to integrate it into your architecture. This
involves adding a wrapper module in infrastructure-modules-acme
that can be deployed using your live config in infrastructure-live-acme.
The steps for adding a new environment, region, or account to the Reference Architecture are largely similar. At its
core, each of these scenarios involves deploying a new stack, comprising a logical group of components. The key difference is the
magnitude of the stack: environments typically start at the VPC and include everything inside it, while a region might
be multiple VPCs, and finally accounts would include multiple regions as well as global resources like IAM. Nevertheless
at the end of the day, each of these scenarios are deploying a group of components where you should already have most of
the code ready. As such, the steps for each of these scenarios are largely the same:
Before attempting to add a new environment, region, or account, you should have a sense of all the steps required to
stand up the infrastructure from scratch. You should know things like what secrets you will need to generate (e.g
passwords, certificates, etc), whether or not you need to purchase resources that are difficult to manage with Terraform
(e.g DNS domains), or whether or not you have all the code to deploy the entire stack (e.g if you are provisioning a new
environment with a completely different stack structure). You should also familiarize yourself with the dependencies of
each component in the stack, and the rough order of operations. You can use the guide Deploying the Reference
Architecture from scratch as a reference for finding out the
rough order of operations.
You should take this opportunity to write out a playbook of the deployment order of the components in the stack you are
about to roll out. This document will come in handy when you are ready to start provisioning the infrastructure.
Add necessary module components
Once you have a sense of what components are included in the stack, you should decide if you need to add any new
modules to infrastructure-modules-acme. Follow
the guide Adding a new component to add the necessary module code for deploying the stack.
Copy or add the live config
Once you have all the module code ready, it is time to start setting up the live config to deploy your infrastructure.
If you are replicating an existing stack, the easiest approach is to copy paste the directory tree for the stack. For
example, suppose you had the following directory tree:
The key thing to note here is that references to dependencies in the terragrunt folder structure are made using relative
paths. For example, the vpc in the dev environment will setup peering with the vpc in the mgmt environment of
the same region. This reference is made by using the relative path from that vpc folder to the mgmt environment
vpc folder (../mgmt/vpc). When you copy paste to a new environment, this path doesn't change!
Once you copy paste the new stack, you will want to rename the inputs to ensure correctness with the new environment.
You will want to take a closer look at variables such as:
Names: Some global resources require unique names, such as S3 buckets and IAM roles and groups. Although these are
namespaced using variables, you can't reuse the copied values since they have already been deployed in your other
stack. Make sure you update any variables that set names and name prefixes for the components.
Secrets: You will most likely want to use different passwords and certificates for the new components. If the
secrets are encrypted, you might also want a new KMS key to encrypt the secrets. You will want to make sure you update
them. Variable files: In terragrunt, it is common to store and source common variables in a yaml file in the tree.
For example, you might have the following folder structure:
.
└── dev
├── account.yml
└── us-east-2
├── dev
│ └── env.yml
└── region.yml
Each of these yaml files, account.yml, region.yml, and env.yml will contain contents that set common variables
for that level. For example, region.yml might contain an entry to set the aws_region input var to the region.
These are then sourced and merged into the inputs list to configure the variables when deploying. You will want to
make sure any variable files you copy are updated to point to the correct value for the new components in that tree.
Network addresses: Any Route53 domains and CIDR blocks should be updated to ensure they don't collide with existing
infrastructure.
Hardcoded region specific resources: AMIs can only be used within the region that they exist. This means that if
you are adding a new region or account, you will need to build new AMIs and update the AMI inputs. This is also true
for EC2 key pairs, KMS keys, SNS topics, and myriad other services.
You should also take this moment to add any live config files for new components to the stack that you will need.
Deploy
Once you have the live config for your entire stack, it is time to deploy the stack! In most cases, this will be a
terragrunt apply-all at the top level of the stack. Sometimes, this will involve prerequisite steps like building new
AMIs and setting up new domains.
For best results in deploying the infrastructure, you will want to follow the playbook that you wrote out in the
planning step.
Note on adding a new account: When adding a new account, you will most likely not have the state bucket setup for
the account. This can be problematic if you run a terragrunt apply-all for the first time, because all the modules
will prompt you if you want to create the state bucket, which breaks when there are multiple modules happening at the
same time. To avoid this, you can pass in --terragrunt-non-interactive to apply-all which will skip the prompt and
automatically create the bucket for you.
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".gitignore","path":".gitignore","sha":"1c27fc6013cba46cd301a7c8bf951694670153a3"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"6bddb3ff6e1b3dfaba7cf180e56bca12c245be56"},{"name":"README.md","path":"README.md","sha":"74507349a9d5cd784540410365adc61ba68000f1"},{"name":"_docs","children":[{"name":"01-architecture-overview.md","path":"_docs/01-architecture-overview.md","sha":"fa091294c3f4cfb2e7bd1d7df78907faf076996b"},{"name":"02-whats-deployed.md","path":"_docs/02-whats-deployed.md","sha":"8bf4519132e2ea43cbcf1e1d67eff3f961471af2"},{"name":"03-security-compliance-compatibility.md","path":"_docs/03-security-compliance-compatibility.md","sha":"9342617f42adb28e440cc2161f3fee56205c150e"},{"name":"04-how-code-is-organized.md","path":"_docs/04-how-code-is-organized.md","sha":"64b9396f54fb0b791d39b93919a6416ab8215f0d"},{"name":"05-dev-environment.md","path":"_docs/05-dev-environment.md","sha":"9209da466b0f9afee5e1afb36f01a2ba8149012f"},{"name":"06-ci-cd.md","path":"_docs/06-ci-cd.md","sha":"0685cbe746fa0271357db34ebd39d76397ea19c4"},{"name":"07-monitoring-alerting-logging.md","path":"_docs/07-monitoring-alerting-logging.md","sha":"619c810c6e60418b3a46fa3d903bc76dc6d48e41"},{"name":"08-ssh-vpn.md","path":"_docs/08-ssh-vpn.md","sha":"0f526549f4b0d08cf2a914def239f8ff872ec2d1"},{"name":"09-accounts-and-auth.md","path":"_docs/09-accounts-and-auth.md","sha":"9e6d2c1f8b9a7cc7c5b3ce3386eea22daac6cc17"},{"name":"10-gruntwork-tools.md","path":"_docs/10-gruntwork-tools.md","sha":"d08b1fe7cfbb9ad91155bfff9e3a05525c39c127"},{"name":"11-deploying-a-docker-service.md","path":"_docs/11-deploying-a-docker-service.md","sha":"d2123b688287557c1c38cd415a729b3a445a45ad"},{"name":"12-migration.md","path":"_docs/12-migration.md","sha":"6e46bf752f330de978a8927858a716f04db13f60"},{"name":"13-deploying-the-reference-architecture-from-scratch.md","path":"_docs/13-deploying-the-reference-architecture-from-scratch.md","sha":"9eb702bb6da48a97b2c9eead594a3474a1ee6703"},{"name":"14-undeploying-the-reference-architecture.md","path":"_docs/14-undeploying-the-reference-architecture.md","sha":"3ed0569cdd0e3d32079ab537e1697fbcb3ee27d8"},{"name":"15-adding-new-environments-regions-and-accounts.md","path":"_docs/15-adding-new-environments-regions-and-accounts.md","sha":"6a0372a843a9245570379e1beaad452e67d234c3","toggled":true},{"name":"README.md","path":"_docs/README.md","sha":"785d2b0b36b10e75c96e4eaa7414c1c71d78e222"},{"name":"_images","children":[{"name":"cw-logs-1.png","path":"_docs/_images/cw-logs-1.png","sha":"84c86f014751844fbd777b5139ed61f749b5ed32"},{"name":"cw-logs-2.png","path":"_docs/_images/cw-logs-2.png","sha":"9a0a80b20490fdc1b9014040cc0bbc87c9cf6f68"},{"name":"cw-logs-3.png","path":"_docs/_images/cw-logs-3.png","sha":"bda49dc4e947658e0ceb9ba592b4e314d9db61e9"},{"name":"cw-logs-4.png","path":"_docs/_images/cw-logs-4.png","sha":"54bcc44c4b0701620b7f20c4e6fc0a9fd8f38049"},{"name":"ecs-console-1.png","path":"_docs/_images/ecs-console-1.png","sha":"afe452278d5f107e6ec225a235c587de7cb53510"},{"name":"ecs-console-2.png","path":"_docs/_images/ecs-console-2.png","sha":"40609b98015d781b9e1de801c131fadc323337ae"},{"name":"ecs-console-3.png","path":"_docs/_images/ecs-console-3.png","sha":"87ad40d291b7e9e6f6caa0389b846392bdb93ee0"},{"name":"ref-arch-full.png","path":"_docs/_images/ref-arch-full.png","sha":"8c17eef52be06757553a1f3ee4e387e6dc820016"},{"name":"ref-arch-icon.png","path":"_docs/_images/ref-arch-icon.png","sha":"05876962e6877df911674237ca1b793d9f4f04b3"},{"name":"terraform-code-provenance.png","path":"_docs/_images/terraform-code-provenance.png","sha":"e2a9d6bfbd8b963b057d4341dd0ec93e3823d834"}]}],"toggled":true},{"name":"main","children":[{"name":"_global","children":[{"name":"README.md","path":"main/_global/README.md","sha":"d1b8a96c00211751f079fa13cac1b3417d29bf09"},{"name":"cloudtrail","children":[{"name":"README.md","path":"main/_global/cloudtrail/README.md","sha":"7bf54b13e60f80416bbe3ee5b22328ee47a2532a"},{"name":"terragrunt.hcl","path":"main/_global/cloudtrail/terragrunt.hcl","sha":"5d4953cb81dc711c1f5641e26b54b2de8dedf62e"}]},{"name":"iam-groups","children":[{"name":"README.md","path":"main/_global/iam-groups/README.md","sha":"b6797c786d3c914257fc0e0bb4680e9fc861ab38"},{"name":"terragrunt.hcl","path":"main/_global/iam-groups/terragrunt.hcl","sha":"f14f3f59fb104ffc4f9925dd8565f43d665600c7"}]},{"name":"iam-user-password-policy","children":[{"name":"README.md","path":"main/_global/iam-user-password-policy/README.md","sha":"1ddbc02253cb2fb3971fdbf1b3e09758f8eede9a"},{"name":"terragrunt.hcl","path":"main/_global/iam-user-password-policy/terragrunt.hcl","sha":"482cdc172a7e5f033acf9d808bef3e8bd3ef8f1e"}]},{"name":"machine-user","children":[{"name":"README.md","path":"main/_global/machine-user/README.md","sha":"0d676a50c24d954dab8a57794e6790eb03d03e4e"},{"name":"terragrunt.hcl","path":"main/_global/machine-user/terragrunt.hcl","sha":"50b845d531ee85c0a109c6abba695a3fe7d5b89e"}]},{"name":"region.yaml","path":"main/_global/region.yaml","sha":"18b7823ed017b97431d58da7bcb9a4e31299272a"},{"name":"route53-public","children":[{"name":"README.md","path":"main/_global/route53-public/README.md","sha":"4757db7a8adde3d4af6a86f3ea20e050ae946a08"},{"name":"terragrunt.hcl","path":"main/_global/route53-public/terragrunt.hcl","sha":"06c315b032005358d2a3e6c5774f5b99ab64e681"}]},{"name":"service-linked-roles","children":[{"name":"README.md","path":"main/_global/service-linked-roles/README.md","sha":"45c1919cc5667b8d8ae25f09b3baf3078a7b36f9"},{"name":"terragrunt.hcl","path":"main/_global/service-linked-roles/terragrunt.hcl","sha":"398538ac8d92ed0160f303b029720592f81af280"}]}]},{"name":"empty.yaml","path":"main/empty.yaml","sha":"5aa66daa40faeaef37eccb7b4b0fcc792233cd7b"},{"name":"terragrunt.hcl","path":"main/terragrunt.hcl","sha":"3f362bb353e2d6e02f59294d7f7044da3a62b565"},{"name":"us-east-1","children":[{"name":"_global","children":[{"name":"README.md","path":"main/us-east-1/_global/README.md","sha":"37b828b038945a50e2e571ef1e755c4f9170e7cf"},{"name":"ecr-repos","children":[{"name":"README.md","path":"main/us-east-1/_global/ecr-repos/README.md","sha":"e7215127ffcf141002796e83ed1b9e9647ddbe22"},{"name":"terragrunt.hcl","path":"main/us-east-1/_global/ecr-repos/terragrunt.hcl","sha":"20c8ae6bd26f8cfd8fddcb8676cc109201bc49eb"}]},{"name":"sns-topics","children":[{"name":"README.md","path":"main/us-east-1/_global/sns-topics/README.md","sha":"05eb8a853eccf6465dc558bb9c57637fb4e9ccd3"},{"name":"terragrunt.hcl","path":"main/us-east-1/_global/sns-topics/terragrunt.hcl","sha":"81c92f821daf7077881a43678c717d485fc36401"}]}]},{"name":"mgmt","children":[{"name":"README.md","path":"main/us-east-1/mgmt/README.md","sha":"8a131a11632b97fec18a5e344d5c721fce24b652"},{"name":"env.yaml","path":"main/us-east-1/mgmt/env.yaml","sha":"b514ab3187ebfb5bf467c632f27a21f5a9611bfc"},{"name":"kms-master-key","children":[{"name":"README.md","path":"main/us-east-1/mgmt/kms-master-key/README.md","sha":"2affa3417a1b76f670e407330cb9dc62d01a521e"},{"name":"terragrunt.hcl","path":"main/us-east-1/mgmt/kms-master-key/terragrunt.hcl","sha":"5e24ee41d1565d3e026354e71a5ae7a362a206ea"}]},{"name":"openvpn-server","children":[{"name":"README.md","path":"main/us-east-1/mgmt/openvpn-server/README.md","sha":"93a2465ed5c720dd30b434aa36a2d28c4e0c7fcf"},{"name":"terragrunt.hcl","path":"main/us-east-1/mgmt/openvpn-server/terragrunt.hcl","sha":"aaf206a2c80987a888872ef7812bb93984cf26d1"}]},{"name":"vpc","children":[{"name":"README.md","path":"main/us-east-1/mgmt/vpc/README.md","sha":"495e2b8828a490c03ea7e153e695239f2bb92512"},{"name":"terragrunt.hcl","path":"main/us-east-1/mgmt/vpc/terragrunt.hcl","sha":"d6fad3a7e2397ea7bc62fa77ea6e138ec27e4335"}]}]},{"name":"prod","children":[{"name":"README.md","path":"main/us-east-1/prod/README.md","sha":"f15da18661ef3624d5f63deb288bad072e93df57"},{"name":"cloudwatch-dashboard","children":[{"name":"README.md","path":"main/us-east-1/prod/cloudwatch-dashboard/README.md","sha":"766cff97af8b2bbbdb90c2262c150b4d0bc88c62"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/cloudwatch-dashboard/terragrunt.hcl","sha":"ff055251d5427c0116d0e382f38c537b09db96ee"}]},{"name":"data-stores","children":[{"name":"elasticsearch","children":[{"name":"README.md","path":"main/us-east-1/prod/data-stores/elasticsearch/README.md","sha":"de10ddf77c3ae0b341ebbd7152f8d3c086d7ba20"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/data-stores/elasticsearch/terragrunt.hcl","sha":"736a4bdbdcc1b54dcd909671a76f09988c226436"}]},{"name":"kafka","children":[{"name":"README.md","path":"main/us-east-1/prod/data-stores/kafka/README.md","sha":"3681db5950b18676e92d6f00df190ff553c06404"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/data-stores/kafka/terragrunt.hcl","sha":"89d57ee0e689e1f28141c383924b03937b46fb3b"}]},{"name":"mysql","children":[{"name":"README.md","path":"main/us-east-1/prod/data-stores/mysql/README.md","sha":"3ff802dea2beeb94b34a9d2087fa1ce332702ba0"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/data-stores/mysql/terragrunt.hcl","sha":"681f993523ec8336c4f6be26a41ab1148b127ce8"}]},{"name":"redis","children":[{"name":"README.md","path":"main/us-east-1/prod/data-stores/redis/README.md","sha":"7f5426659066280ce18fad93eb14dd573e3de1b0"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/data-stores/redis/terragrunt.hcl","sha":"e7d7171695ad1ca039db9171ac31f1fb210f51f5"}]},{"name":"zookeeper","children":[{"name":"README.md","path":"main/us-east-1/prod/data-stores/zookeeper/README.md","sha":"3aa643354b946d75610e3a8d10e616e1080717bc"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/data-stores/zookeeper/terragrunt.hcl","sha":"ed94a3d0277beb71cd9500f1d29053e2f5b99f28"}]}]},{"name":"env.yaml","path":"main/us-east-1/prod/env.yaml","sha":"90e2d18e481b6e35ddc57391f752874ffc0058cf"},{"name":"kms-master-key","children":[{"name":"README.md","path":"main/us-east-1/prod/kms-master-key/README.md","sha":"7bf1a8da34427b8314d99904b01c20937604e1e0"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/kms-master-key/terragrunt.hcl","sha":"fb4afa8978a7b719c852756ac51883c5e87f5ab8"}]},{"name":"lambda","children":[{"name":"long-running-scheduled","children":[{"name":"README.md","path":"main/us-east-1/prod/lambda/long-running-scheduled/README.md","sha":"a6a7503b1168dd015618028f30b74aeb1ba7baf3"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/lambda/long-running-scheduled/terragrunt.hcl","sha":"c05243749ec7d3bd386c0563936b0f5e0b4bbbe6"}]},{"name":"s3-image-processing","children":[{"name":"README.md","path":"main/us-east-1/prod/lambda/s3-image-processing/README.md","sha":"1b149a62078c71549d77e59b0ea995f7181a7d8b"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/lambda/s3-image-processing/terragrunt.hcl","sha":"68b62dc42154055b1eaf522fd2240992df4d7814"}]}]},{"name":"networking","children":[{"name":"alb-internal","children":[{"name":"README.md","path":"main/us-east-1/prod/networking/alb-internal/README.md","sha":"5880e9468a3bf336b613dc7132b052ea89a0f99a"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/networking/alb-internal/terragrunt.hcl","sha":"7ad684cfd8fc90140bf149e0f7fa689a2bd6ace0"}]},{"name":"alb-public","children":[{"name":"README.md","path":"main/us-east-1/prod/networking/alb-public/README.md","sha":"5880e9468a3bf336b613dc7132b052ea89a0f99a"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/networking/alb-public/terragrunt.hcl","sha":"ad8fd584b78fdd026ac76554e60653f2c23cf765"}]},{"name":"route53-private","children":[{"name":"README.md","path":"main/us-east-1/prod/networking/route53-private/README.md","sha":"9160c66a0b04a407981db7bf9ee40dad8c5d9434"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/networking/route53-private/terragrunt.hcl","sha":"df4f82c4dc568fbe251eef10adbc28f1b1ccc263"}]}]},{"name":"services","children":[{"name":"ecs-cluster","children":[{"name":"README.md","path":"main/us-east-1/prod/services/ecs-cluster/README.md","sha":"560d730485383f188833313b77599681d146bdd7"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/ecs-cluster/terragrunt.hcl","sha":"38c41c4c8583f8569c2d37e51321acf4a0af6f5f"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"main/us-east-1/prod/services/eks-cluster/README.md","sha":"84d53a02559d844d8c62ee9d11a558265b3ae5b5"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/eks-cluster/terragrunt.hcl","sha":"e80ff0c733463d17c33d8c7062121e985d1cd1e8"}]},{"name":"eks-core-services","children":[{"name":"README.md","path":"main/us-east-1/prod/services/eks-core-services/README.md","sha":"298969aaf6db9c7e972cd735cef2d43cda899e3f"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/eks-core-services/terragrunt.hcl","sha":"1e8a88f4c8330f10848fea04daa719ab92c74d53"}]},{"name":"k8s-applications-namespace","children":[{"name":"README.md","path":"main/us-east-1/prod/services/k8s-applications-namespace/README.md","sha":"5e0a3640be89e96aece9e4ac8f8b7967e4d57056"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/k8s-applications-namespace/terragrunt.hcl","sha":"120cab356ca4590c262bd3b727d60f6c8294792b"}]},{"name":"k8s-sample-app-backend-acme","children":[{"name":"README.md","path":"main/us-east-1/prod/services/k8s-sample-app-backend-acme/README.md","sha":"4737c31d75b6d6c7565fa3d391177c9d3d022a5e"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/k8s-sample-app-backend-acme/terragrunt.hcl","sha":"c4e9d2aaad8a61ebcb1148800e50858e1023d959"}]},{"name":"k8s-sample-app-frontend-acme","children":[{"name":"README.md","path":"main/us-east-1/prod/services/k8s-sample-app-frontend-acme/README.md","sha":"43161374e0c977f15e8af04913e3554894ed2a82"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/k8s-sample-app-frontend-acme/terragrunt.hcl","sha":"9ab415e18bdf994e3b78f9a6ade6cd3b0fb87e5f"}]},{"name":"sample-app-backend-acme-asg","children":[{"name":"README.md","path":"main/us-east-1/prod/services/sample-app-backend-acme-asg/README.md","sha":"90c4b69a937239b4b51e99c4404360f4aba4edde"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/sample-app-backend-acme-asg/terragrunt.hcl","sha":"940d42befd46a394d63124cfd0d5830c6cea44b2"}]},{"name":"sample-app-backend-acme","children":[{"name":"README.md","path":"main/us-east-1/prod/services/sample-app-backend-acme/README.md","sha":"db3e1635aae0577080a9e2518633d4b5830a259a"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/sample-app-backend-acme/terragrunt.hcl","sha":"c2f4509348ff2f45c10901bbd06f7e409b888e14"}]},{"name":"sample-app-beanstalk","children":[{"name":"README.md","path":"main/us-east-1/prod/services/sample-app-beanstalk/README.md","sha":"27f6c3930f0621262b5dd0400f59e1122631da65"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/sample-app-beanstalk/terragrunt.hcl","sha":"2eaf051ae2cb3f4871be2cb78d3c9edec2da212e"}]},{"name":"sample-app-frontend-acme-asg","children":[{"name":"README.md","path":"main/us-east-1/prod/services/sample-app-frontend-acme-asg/README.md","sha":"ab9db3714676828cb0b766b5a3329f37115b1729"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/sample-app-frontend-acme-asg/terragrunt.hcl","sha":"2d6811f17d17c94bdf9f06c74bf74a3424555c3b"}]},{"name":"sample-app-frontend-acme","children":[{"name":"README.md","path":"main/us-east-1/prod/services/sample-app-frontend-acme/README.md","sha":"c0bc1f93aef1ab1bcf3e22aaec14a1744da74dfb"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/sample-app-frontend-acme/terragrunt.hcl","sha":"84c663da537b9e7485f4e3eff18ffaabfc90ff4b"}]},{"name":"static-website","children":[{"name":"README.md","path":"main/us-east-1/prod/services/static-website/README.md","sha":"16d262eab6ca158ae60d84010bc4804a948673cf"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/services/static-website/terragrunt.hcl","sha":"bb0530a96785e00136cb13da4dd2aca6583ba393"}]}]},{"name":"vpc","children":[{"name":"README.md","path":"main/us-east-1/prod/vpc/README.md","sha":"eb0cfd86345b2983b4a9c9572501728493bfcde4"},{"name":"terragrunt.hcl","path":"main/us-east-1/prod/vpc/terragrunt.hcl","sha":"5a5f20f83d3935f43b48c71b88c0f44443eb11ed"}]}]},{"name":"region.yaml","path":"main/us-east-1/region.yaml","sha":"d56afa3d82e6cea0d792e84748de56dafb0bad70"},{"name":"stage","children":[{"name":"README.md","path":"main/us-east-1/stage/README.md","sha":"b24ba21bf01baf19ff84a2de457697a757d905c5"},{"name":"cloudwatch-dashboard","children":[{"name":"README.md","path":"main/us-east-1/stage/cloudwatch-dashboard/README.md","sha":"766cff97af8b2bbbdb90c2262c150b4d0bc88c62"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/cloudwatch-dashboard/terragrunt.hcl","sha":"feb471fd97d340798fd7ea565195faf4c4328f82"}]},{"name":"data-stores","children":[{"name":"elasticsearch","children":[{"name":"README.md","path":"main/us-east-1/stage/data-stores/elasticsearch/README.md","sha":"de10ddf77c3ae0b341ebbd7152f8d3c086d7ba20"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/data-stores/elasticsearch/terragrunt.hcl","sha":"b65b647edff6298b3a5a010d8ebe13f022b7c54d"}]},{"name":"kafka","children":[{"name":"README.md","path":"main/us-east-1/stage/data-stores/kafka/README.md","sha":"3681db5950b18676e92d6f00df190ff553c06404"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/data-stores/kafka/terragrunt.hcl","sha":"5ba7184e22ee433462c2d05c97ad6bb47c13786b"}]},{"name":"mysql","children":[{"name":"README.md","path":"main/us-east-1/stage/data-stores/mysql/README.md","sha":"3ff802dea2beeb94b34a9d2087fa1ce332702ba0"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/data-stores/mysql/terragrunt.hcl","sha":"d5d7ac741e73afbce47d99af1cbb16219e8af208"}]},{"name":"redis","children":[{"name":"README.md","path":"main/us-east-1/stage/data-stores/redis/README.md","sha":"7f5426659066280ce18fad93eb14dd573e3de1b0"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/data-stores/redis/terragrunt.hcl","sha":"224dc41a716053b231af5c557d7fe95a67af6d51"}]},{"name":"zookeeper","children":[{"name":"README.md","path":"main/us-east-1/stage/data-stores/zookeeper/README.md","sha":"3aa643354b946d75610e3a8d10e616e1080717bc"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/data-stores/zookeeper/terragrunt.hcl","sha":"c084625c9b909a6e5c7cc45995752645e1a9a577"}]}]},{"name":"env.yaml","path":"main/us-east-1/stage/env.yaml","sha":"5767506e27e978f52524dadbbd8fb9f8ad115599"},{"name":"kms-master-key","children":[{"name":"README.md","path":"main/us-east-1/stage/kms-master-key/README.md","sha":"0fc848e518ff6551caae5f234b89f3f2c2a3b015"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/kms-master-key/terragrunt.hcl","sha":"49762d286ee1ed5b999973a5f82688c01bdcf679"}]},{"name":"lambda","children":[{"name":"long-running-scheduled","children":[{"name":"README.md","path":"main/us-east-1/stage/lambda/long-running-scheduled/README.md","sha":"a6a7503b1168dd015618028f30b74aeb1ba7baf3"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/lambda/long-running-scheduled/terragrunt.hcl","sha":"c05243749ec7d3bd386c0563936b0f5e0b4bbbe6"}]},{"name":"s3-image-processing","children":[{"name":"README.md","path":"main/us-east-1/stage/lambda/s3-image-processing/README.md","sha":"1b149a62078c71549d77e59b0ea995f7181a7d8b"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/lambda/s3-image-processing/terragrunt.hcl","sha":"2ab4fe1b159bfe0797662dee0c24aba8b9b3e106"}]}]},{"name":"networking","children":[{"name":"alb-internal","children":[{"name":"README.md","path":"main/us-east-1/stage/networking/alb-internal/README.md","sha":"c1c8edd637ebd686cc5d7675013d750b8ca4ad52"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/networking/alb-internal/terragrunt.hcl","sha":"d90749b2f63ce2187c0fb1ee95723a57fb7e4097"}]},{"name":"alb-public","children":[{"name":"README.md","path":"main/us-east-1/stage/networking/alb-public/README.md","sha":"c1c8edd637ebd686cc5d7675013d750b8ca4ad52"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/networking/alb-public/terragrunt.hcl","sha":"fc8f137af22da522f85614dc22de19f962bdb285"}]},{"name":"route53-private","children":[{"name":"README.md","path":"main/us-east-1/stage/networking/route53-private/README.md","sha":"9160c66a0b04a407981db7bf9ee40dad8c5d9434"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/networking/route53-private/terragrunt.hcl","sha":"df4f82c4dc568fbe251eef10adbc28f1b1ccc263"}]}]},{"name":"services","children":[{"name":"ecs-cluster","children":[{"name":"README.md","path":"main/us-east-1/stage/services/ecs-cluster/README.md","sha":"94916a4be4208e4c1e1e7b7ee0d6dfa2fbfaf38c"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/ecs-cluster/terragrunt.hcl","sha":"744840965cbe10f02eb8d363ee2407201be2baf9"}]},{"name":"eks-cluster","children":[{"name":"README.md","path":"main/us-east-1/stage/services/eks-cluster/README.md","sha":"6db608bd68f9b1d4ee2741d72b2949d0dcf3e33d"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/eks-cluster/terragrunt.hcl","sha":"40da930fe85423d42896eac63f0a084847d85f53"}]},{"name":"eks-core-services","children":[{"name":"README.md","path":"main/us-east-1/stage/services/eks-core-services/README.md","sha":"0311f74f5aca78b831407ac5396907ae792d2297"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/eks-core-services/terragrunt.hcl","sha":"b8d6845c4bbca33df0a3cde51cbe1ef597095050"}]},{"name":"k8s-applications-namespace","children":[{"name":"README.md","path":"main/us-east-1/stage/services/k8s-applications-namespace/README.md","sha":"c96645baedf7aba16fc04d003608c61f9353ff4a"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/k8s-applications-namespace/terragrunt.hcl","sha":"dbd60d465e5cbb46c8a9d21620dca06f9b70dd63"}]},{"name":"k8s-sample-app-backend-acme","children":[{"name":"README.md","path":"main/us-east-1/stage/services/k8s-sample-app-backend-acme/README.md","sha":"430e8d870a1f1895093df8cb4e88e0bf2bb82bc1"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/k8s-sample-app-backend-acme/terragrunt.hcl","sha":"479f85df9855c21e4f095d6251ce4ca6d127b08c"}]},{"name":"k8s-sample-app-frontend-acme","children":[{"name":"README.md","path":"main/us-east-1/stage/services/k8s-sample-app-frontend-acme/README.md","sha":"3efad94b3379996e29355319fbe2de5c426c71dc"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/k8s-sample-app-frontend-acme/terragrunt.hcl","sha":"e0035433fce291da1ce64e77370c20790a4f063d"}]},{"name":"sample-app-backend-acme-asg","children":[{"name":"README.md","path":"main/us-east-1/stage/services/sample-app-backend-acme-asg/README.md","sha":"e2d00c960fa47118b3010550ecddf1133518d5fa"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/sample-app-backend-acme-asg/terragrunt.hcl","sha":"91940573b9a659202289c6815bd9871e50ac4d20"}]},{"name":"sample-app-backend-acme","children":[{"name":"README.md","path":"main/us-east-1/stage/services/sample-app-backend-acme/README.md","sha":"4d0bc076e9d8a51bde996c7c9f77e91bcc3e6125"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/sample-app-backend-acme/terragrunt.hcl","sha":"e240269caa4c5e60e932ebed487cf688a4c22227"}]},{"name":"sample-app-beanstalk","children":[{"name":"README.md","path":"main/us-east-1/stage/services/sample-app-beanstalk/README.md","sha":"1b3f68cb5baac277414f45585221f7048b801c26"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/sample-app-beanstalk/terragrunt.hcl","sha":"4deb3dbc95ed927e33211e473868915c1f86b5b3"}]},{"name":"sample-app-frontend-acme-asg","children":[{"name":"README.md","path":"main/us-east-1/stage/services/sample-app-frontend-acme-asg/README.md","sha":"c4df19131aafdf152f08998a2d1121ccd58c4207"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/sample-app-frontend-acme-asg/terragrunt.hcl","sha":"1d8aaccc8608aa1c2b46338c592a10f27e5b3aea"}]},{"name":"sample-app-frontend-acme","children":[{"name":"README.md","path":"main/us-east-1/stage/services/sample-app-frontend-acme/README.md","sha":"20e39909320df4775e21dd2cea70f3dabdd94c1e"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/sample-app-frontend-acme/terragrunt.hcl","sha":"2597d32b7c9d865e9f3701aa7c02a30ee4deeb01"}]},{"name":"static-website","children":[{"name":"README.md","path":"main/us-east-1/stage/services/static-website/README.md","sha":"16d262eab6ca158ae60d84010bc4804a948673cf"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/services/static-website/terragrunt.hcl","sha":"9a9cb3c9830902ef05fd497bfd21028a7fac38df"}]}]},{"name":"vpc","children":[{"name":"README.md","path":"main/us-east-1/stage/vpc/README.md","sha":"d1e3f82de82c4b8f4eaca81b3a8ec63ed040a0b5"},{"name":"terragrunt.hcl","path":"main/us-east-1/stage/vpc/terragrunt.hcl","sha":"c2429ca5412fd6f0ff00e89dc4a1541e46b07d00"}]}]}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"adding-new-environments-regions-and-accounts\">Adding New Environments, Regions, and Accounts</h1><div class=\"preview__body--border\"></div><p><strong>NOTE: This doc assumes you have read through <a href=\"/repos/v0.0.1-01072020/infrastructure-live-acme/_docs/13-deploying-the-reference-architecture-from-scratch.md\" class=\"preview__body--description--blue\">Deploying the Reference Architecture from scratch</a>. Many concepts would not make sense until you have read through that document!</strong></p>\n<p>Up until now we have focused on the initial code that Gruntwork has provided in the Reference Architecture. However,\nthis Reference Architecture is meant to be used in production and will evolve over time. This document is meant to act\nas a guide to lay out the steps necessary to evolve the Reference Architecture by taking a look at a few common\nscenarios:</p>\n<ul>\n<li><a href=\"#adding-a-new-component\" class=\"preview__body--description--blue\">Adding a new component or service</a></li>\n<li><a href=\"#adding-a-new-environment-region-or-account\" class=\"preview__body--description--blue\">Adding a new environment, region, or account</a></li>\n</ul>\n<h2 class=\"preview__body--subtitle\" id=\"adding-a-new-component\">Adding a new component</h2>\n<p>One of the most common things you might want to do with the Reference Architecture is to extend it with additional\nservices or data stores (an <em>infrastructure component</em>). Here are the rough steps for adding a new component to the\nReference Architecture:</p>\n<ol>\n<li><a href=\"#plan-the-necessary-work\" class=\"preview__body--description--blue\">Plan the necessary work</a></li>\n<li><a href=\"#add-a-new-library-module-to-deploy-the-infrastructure-for-the-component-if-necessary\" class=\"preview__body--description--blue\">Add a new library module to deploy the infrastructure for the component (if necessary)</a></li>\n<li><a href=\"#add-a-new-infrastructure-module-and-live-config-to-deploy-the-component\" class=\"preview__body--description--blue\">Add a new infrastructure module and live config to deploy the\ncomponent</a></li>\n</ol>\n<h3 class=\"preview__body--subtitle\" id=\"plan-the-necessary-work\">Plan the necessary work</h3>\n<p>The first step in adding a new component to the Reference Architecture is actually to decide what you will need to\ndeploy the component. For example, suppose you want to add a new data service (e.g Kafka). Some questions that you\nshould be asking yourself are:</p>\n<ul>\n<li>Is there a managed service offering that simplifies the deployment?</li>\n<li>Do I want to run the service using Docker or VMs?</li>\n<li>Does the service have any dependencies such as S3?</li>\n<li>Do I need any IAM roles for the service?</li>\n</ul>\n<p>You can see the full range of questions in our <a href=\"https://gruntwork.io/guides/foundations/how-to-use-gruntwork-infrastructure-as-code-library/#production_grade_infra_checklist\" class=\"preview__body--description--blue\" target=\"_blank\">Production Grade Infrastructure\nChecklist</a>.</p>\n<p>Once you have a sense of the components that should be deployed, the next thing to figure out is what modules you will\nneed to build in order to maintain all that code. You should start by taking a look at <a href=\"https://gruntwork.io/infrastructure-as-code-library/\" class=\"preview__body--description--blue\" target=\"_blank\">the Gruntwork catalog of\ninfrastructure modules</a> and seeing if Gruntwork has a library\nmodule for the components that you need. You can also slack us using your private channel (if you are on our\nProfessional Support plan), or the community channel to get help deciding which library modules are relevant for your\ncomponent. Alternatively, you can email <a href=\"mailto:support@gruntwork.io\" class=\"preview__body--description--blue\" target=\"_blank\">support@gruntwork.io</a>.</p>\n<p>You should come out of this step with an itemized list of the modules that you plan on using, and any modules that you\nwill need to build from scratch. You will also want to make sure Terraform has resources available for managing the\ncomponents you wish to use. Be sure to familiarize yourself with existing modules and resources if any of the\ninfrastructure components you plan on deploying is new to you!</p>\n<h3 class=\"preview__body--subtitle\" id=\"add-a-new-library-module-to-deploy-the-infrastructure-for-the-component-if-necessary\">Add a new library module to deploy the infrastructure for the component (if necessary)</h3>\n<p>If you find out that Gruntwork does not have a module for the infrastructure components you wish to deploy, you will\nneed to build the relevant modules from scratch. You can either build the relevant module directly in\n<a href=\"/repos/infrastructure-modules-acme\" class=\"preview__body--description--blue\">infrastructure-modules-acme</a> where all the\nblueprint modules exist, or have a dedicated repository to build out the module. The advantage of using a dedicated\nrepository is that you can write targetted "unit" tests for the module to ensure correctness by using <a href=\"/repos/terratest\" class=\"preview__body--description--blue\">the Terratest\nframework</a>, that run faster than testing the whole component being launched\nas a part of the <code>infrastructure-modules</code> structure. This may make it easier for you to test a range of input variables\nto the module.</p>\n<p>You also have the option to <a href=\"https://gruntwork.io/guides/foundations/how-to-use-gruntwork-infrastructure-as-code-library/#contributing-to-the-gruntwork-infrastructure-as-code-library\" class=\"preview__body--description--blue\" target=\"_blank\">contribute this code back to the Gruntwork\nlibrary</a>.\nThe advantage of contributing your code is that you can rely on Gruntwork to manage the code going forward, including\nperforming updates to newer versions of terraform, implementing new features, or fix bugs that are filed against it. It\nis also a good way to get it battle tested across multiple different scenarios from the Gruntwork community, leading to\na better module overall.</p>\n<h3 class=\"preview__body--subtitle\" id=\"add-a-new-infrastructure-module-and-live-config-to-deploy-the-component\">Add a new infrastructure module and live config to deploy the component</h3>\n<p>Once you have a library module for your component, the next step is to integrate it into your architecture. This\ninvolves adding a wrapper module in <a href=\"/repos/infrastructure-modules-acme\" class=\"preview__body--description--blue\">infrastructure-modules-acme</a>\nthat can be deployed using your live config in <a href=\"/repos/v0.0.1-01072020/infrastructure-live-acme\" class=\"preview__body--description--blue\">infrastructure-live-acme</a>.</p>\n<p>You can find detailed instructions to integrate the module in the <a href=\"https://gruntwork.io/guides/foundations/how-to-use-gruntwork-infrastructure-as-code-library/#using_terraform_modules\" class=\"preview__body--description--blue\" target=\"_blank\">Using Terraform Modules section of the Gruntwork\nfoundations guide: How to use the Gruntwork Infrastructure as Code\nLibrary</a>.</p>\n<h2 class=\"preview__body--subtitle\" id=\"adding-a-new-environment-region-or-account\">Adding a new environment, region, or account</h2>\n<p>The steps for adding a new environment, region, or account to the Reference Architecture are largely similar. At its\ncore, each of these scenarios involves deploying a new stack, comprising a logical group of components. The key difference is the\nmagnitude of the stack: environments typically start at the VPC and include everything inside it, while a region might\nbe multiple VPCs, and finally accounts would include multiple regions as well as global resources like IAM. Nevertheless\nat the end of the day, each of these scenarios are deploying a group of components where you should already have most of\nthe code ready. As such, the steps for each of these scenarios are largely the same:</p>\n<ol>\n<li><a href=\"#plan-the-necessary-work\" class=\"preview__body--description--blue\">Plan the necessary work</a></li>\n<li><a href=\"#add-necessary-module-components\" class=\"preview__body--description--blue\">Add necessary module components</a></li>\n<li><a href=\"#copy-or-add-the-live-config\" class=\"preview__body--description--blue\">Copy or add the live config</a></li>\n<li><a href=\"#deploy\" class=\"preview__body--description--blue\">Deploy</a></li>\n</ol>\n<h3 class=\"preview__body--subtitle\" id=\"plan-the-necessary-work\">Plan the necessary work</h3>\n<p>Before attempting to add a new environment, region, or account, you should have a sense of all the steps required to\nstand up the infrastructure from scratch. You should know things like what secrets you will need to generate (e.g\npasswords, certificates, etc), whether or not you need to purchase resources that are difficult to manage with Terraform\n(e.g DNS domains), or whether or not you have all the code to deploy the entire stack (e.g if you are provisioning a new\nenvironment with a completely different stack structure). You should also familiarize yourself with the dependencies of\neach component in the stack, and the rough order of operations. You can use the guide <a href=\"/repos/v0.0.1-01072020/infrastructure-live-acme/_docs/13-deploying-the-reference-architecture-from-scratch.md\" class=\"preview__body--description--blue\">Deploying the Reference\nArchitecture from scratch</a> as a reference for finding out the\nrough order of operations.</p>\n<p>You should take this opportunity to write out a playbook of the deployment order of the components in the stack you are\nabout to roll out. This document will come in handy when you are ready to start provisioning the infrastructure.</p>\n<h3 class=\"preview__body--subtitle\" id=\"add-necessary-module-components\">Add necessary module components</h3>\n<p>Once you have a sense of what components are included in the stack, you should decide if you need to add any new\nmodules to <a href=\"/repos/infrastructure-modules-acme\" class=\"preview__body--description--blue\">infrastructure-modules-acme</a>. Follow\nthe guide <a href=\"#adding-a-new-component\" class=\"preview__body--description--blue\">Adding a new component</a> to add the necessary module code for deploying the stack.</p>\n<h3 class=\"preview__body--subtitle\" id=\"copy-or-add-the-live-config\">Copy or add the live config</h3>\n<p>Once you have all the module code ready, it is time to start setting up the live config to deploy your infrastructure.\nIf you are replicating an existing stack, the easiest approach is to copy paste the directory tree for the stack. For\nexample, suppose you had the following directory tree:</p>\n<pre>.\n└── <span class=\"hljs-built_in\">dev</span>\n └── us-east<span class=\"hljs-number\">-2</span>\n ├── <span class=\"hljs-built_in\">dev</span>\n │ ├── eks\n │ ├── elasticache\n │ ├── rds\n │ └── vpc\n └── mgmt\n ├── vpc\n └── vpn\n</pre>\n<p>The first level is the account, followed by the region, followed by environments, and finally components at the bottom\nlevel.</p>\n<p>If you wanted to replicate the <code>dev</code> environment into a new environment <code>preview</code> in the same region, you would copy\npaste the <code>dev</code> folder at that level:</p>\n<pre>.\n└── <span class=\"hljs-built_in\">dev</span>\n └── us-east<span class=\"hljs-number\">-2</span>\n ├── preview\n │ ├── eks\n │ ├── elasticache\n │ ├── rds\n │ └── vpc\n ├── <span class=\"hljs-built_in\">dev</span>\n │ ├── eks\n │ ├── elasticache\n │ ├── rds\n │ └── vpc\n └── mgmt\n ├── vpc\n └── vpn\n\n</pre>\n<p>Or if you wanted to deploy to a new region <code>eu-west-1</code>, you would copy the whole region tree:</p>\n<pre>.\n└── <span class=\"hljs-built_in\">dev</span>\n ├── eu-west<span class=\"hljs-number\">-1</span>\n │ ├── <span class=\"hljs-built_in\">dev</span>\n │ │ ├── eks\n │ │ ├── elasticache\n │ │ ├── rds\n │ │ └── vpc\n │ └── mgmt\n │ ├── vpc\n │ └── vpn\n │\n └── us-east<span class=\"hljs-number\">-2</span>\n ├── <span class=\"hljs-built_in\">dev</span>\n │ ├── eks\n │ ├── elasticache\n │ ├── rds\n │ └── vpc\n └── mgmt\n ├── vpc\n └── vpn\n</pre>\n<p>The key thing to note here is that references to dependencies in the terragrunt folder structure are made using relative\npaths. For example, the <code>vpc</code> in the <code>dev</code> environment will setup peering with the <code>vpc</code> in the <code>mgmt</code> environment of\nthe same region. This reference is made by using the relative path from that <code>vpc</code> folder to the <code>mgmt</code> environment\n<code>vpc</code> folder (<code>../mgmt/vpc</code>). When you copy paste to a new environment, this path doesn't change!</p>\n<p>Once you copy paste the new stack, you will want to rename the inputs to ensure correctness with the new environment.\nYou will want to take a closer look at variables such as:</p>\n<ul>\n<li>\n<p><strong>Names</strong>: Some global resources require unique names, such as S3 buckets and IAM roles and groups. Although these are\nnamespaced using variables, you can't reuse the copied values since they have already been deployed in your other\nstack. Make sure you update any variables that set names and name prefixes for the components.</p>\n</li>\n<li>\n<p><strong>Secrets</strong>: You will most likely want to use different passwords and certificates for the new components. If the\nsecrets are encrypted, you might also want a new KMS key to encrypt the secrets. You will want to make sure you update\nthem. Variable files: In terragrunt, it is common to store and source common variables in a yaml file in the tree.\nFor example, you might have the following folder structure:</p>\n<pre>.\n└── <span class=\"hljs-selector-tag\">dev</span>\n ├── <span class=\"hljs-selector-tag\">account</span><span class=\"hljs-selector-class\">.yml</span>\n └── <span class=\"hljs-selector-tag\">us-east-2</span>\n ├── <span class=\"hljs-selector-tag\">dev</span>\n │ └── <span class=\"hljs-selector-tag\">env</span><span class=\"hljs-selector-class\">.yml</span>\n └── <span class=\"hljs-selector-tag\">region</span><span class=\"hljs-selector-class\">.yml</span>\n</pre>\n<p>Each of these yaml files, <code>account.yml</code>, <code>region.yml</code>, and <code>env.yml</code> will contain contents that set common variables\nfor that level. For example, <code>region.yml</code> might contain an entry to set the <code>aws_region</code> input var to the region.\nThese are then sourced and merged into the <code>inputs</code> list to configure the variables when deploying. You will want to\nmake sure any variable files you copy are updated to point to the correct value for the new components in that tree.</p>\n</li>\n<li>\n<p><strong>Network addresses</strong>: Any Route53 domains and CIDR blocks should be updated to ensure they don't collide with existing\ninfrastructure.</p>\n</li>\n<li>\n<p><strong>Hardcoded region specific resources</strong>: AMIs can only be used within the region that they exist. This means that if\nyou are adding a new region or account, you will need to build new AMIs and update the AMI inputs. This is also true\nfor EC2 key pairs, KMS keys, SNS topics, and myriad other services.</p>\n</li>\n</ul>\n<p>You should also take this moment to add any live config files for new components to the stack that you will need.</p>\n<h3 class=\"preview__body--subtitle\" id=\"deploy\">Deploy</h3>\n<p>Once you have the live config for your entire stack, it is time to deploy the stack! In most cases, this will be a\n<code>terragrunt apply-all</code> at the top level of the stack. Sometimes, this will involve prerequisite steps like building new\nAMIs and setting up new domains.</p>\n<p>For best results in deploying the infrastructure, you will want to follow the playbook that you wrote out in <a href=\"#plan-the-necessary-work\" class=\"preview__body--description--blue\">the\nplanning step</a>.</p>\n<p><strong>Note on adding a new account</strong>: When adding a new account, you will most likely not have the state bucket setup for\nthe account. This can be problematic if you run a <code>terragrunt apply-all</code> for the first time, because all the modules\nwill prompt you if you want to create the state bucket, which breaks when there are multiple modules happening at the\nsame time. To avoid this, you can pass in <code>--terragrunt-non-interactive</code> to <code>apply-all</code> which will skip the prompt and\nautomatically create the bucket for you.</p>\n","repoName":"infrastructure-live-acme","repoRef":"v0.0.1-01172020","serviceDescriptor":{"serviceName":"Single-account Reference Architecture","serviceRepoName":"infrastructure-live-acme","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"End-to-end tech stack designed to deploy into a single AWS account. Includes VPCs, EKS, ALBs, CI / CD, monitoring, alerting, VPN, DNS, and more.","imageUrl":"grunt.png","licenseType":"subscriber","technologies":["Terraform","Go","Bash","Python"],"compliance":[],"tags":[""]},"serviceCategoryName":"Reference Architecture","fileName":"15-adding-new-environments-regions-and-accounts.md","filePath":"/_docs/15-adding-new-environments-regions-and-accounts.md","title":"Repo Browser: Single-account Reference Architecture","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}