Bootstrapping targets
Last updated
Was this helpful?
Last updated
Was this helpful?
Typically, you use a CI/CD pipeline to deploy stacks to your deployment targets. That usually means creating an IAM role for the CI/CD tool to assume and then use to perform the deployment. Of course, as a best practice, the deployment role should have only the minimum set of permissions.
The next question is how you create that deployment role in the first place. Takomo's approach to this problem is to divide config sets into two categories: standard and bootstrap.
The standard config sets are the ones you would deploy using the deployment role with a minimum set of permissions. The bootstrap config sets are, like the name implies, for bootstrapping resources needed to deploy the standard config sets, e.g., creating the deployment role. Deploying the bootstrap config sets should be a lightweight operation that you can run from your personal laptop with full admin permissions secured with MFA, or using some other automated but more restricted and secure option.
At the file system level, there is no difference between the standard and bootstrap config sets. Take a look at to learn how you create config sets.
The way you attach a config set to a deployment group or target makes it either a standard or bootstrap config set. To attach bootstrap config sets, you use the bootstrapConfigSets
property instead of the configSets
property that you use to attach the standard config sets. Take a look at to learn how to attach config sets.
Setting the target account works the same way as with the . There are two options to specify to which account Takomo should deploy stacks defined in deployment target's bootstrap config sets.
Provide a complete IAM role ARN in the bootstrapRole
property.
Provide the target account's id in the accountId
property and the name of the IAM role in the bootstrapRoleName
property.
The first option takes precedence over the second one.
Here's an example showing how to deploy bootstrap config sets to all targets under the all/application group:
Here's an example demonstrating how to remove bootstrap config sets from the sandbox target:
You use the to deploy stacks configured in bootstrap config sets that are attached to deployment targets. For detailed information about the command, please see .
You use the to remove stacks configured in bootstrap config sets that are attached to deployment targets. For detailed information about the command, please see .