Skip to main content

Configuring a project

This documentation is under review

Please ensure the following prerequisites are met before proceeding:

  • Everything from AWS Setup has been completed
  • You've pulled the submodule into your project's backend repository and the /iac/ folder's been populated
    • Run git submodule update --init --recursive if not, then go into the submodule's folder and checkout to a branch with the project's name, creating it if it doesn't exist.
  • You have at least a superficial understanding of what's written in Infrastructure at a glance

Basics

To start configuring a freshly clone project, go to iac/Pulumi.yaml. The file should look roughly like this

iac/Pulumi.yaml
name: template
description: Our project template
backend:
  url: s3://pulumi-cl-infrastructure?region=us-east-1&profile=codeleap
runtime:
  name: python
  options:
    toolchain: poetry
config:
  aws:region: us-east-1
  aws:profile: codeleap
  application_description: Our project template

There are a couple options you may need to change:

name

Change this for your project name. It should ideally be short, but avoid using too much abbreviation

description

A description for the project

backend.url

This is where pulumi will store it's state files. If you don't have an s3 bucket configured for it, log into the the AWS account and create it manually. Then replace the applicable values in the url (don't forget to change the profile!)

config.aws.region

Set this to region where resources will be created. Since most of our apps cater to the UK market and our clients are from there, it should ususally be eu-west-2. You can override the value per environment later, this is just a default.

config.aws.profile

The profile that will be used to authenticate resource modification requests.

config.application_description

The description for your elastic beanstalk application

You can also provide other settings here if you want to use them in code. Don't set secrets here though!

Setting an encryption password for secrets

Pulumi allows secret values to be stored in source code without being exposed through it's secrets feature. It does this through a password, which is used to encrypt the secret values inside of the yaml file.

You'll need to create a password for this. Add it in onepassword.

After doing that, create a file named '.pulumi_pass'

Configuring the environments

Now, move on to Pulumi.shared.yaml. Here's what it looks like:

Pulumi.shared.yaml
encryptionsalt: v1:kZQTqv38DpE=:v1:zTeKeWin4+uuVAPK:SLT4LVk13a/RcH3kDTe2fQQ7AgjlwQ==
config:
  template:database_password:
    secure: v1:FNy1YXAMm/yM2ev1:oPaz2wLX1gqX9XrzpPuuxe2vq3FfVgCwcyB59mtNaqcTXwty
  template:onepassword_vault:
    secure: v1:FuatK0ZL4ZGm/zJN:lS2LroSm1rmioCjNoQ5ckGes/muKw5cLynGZwdd2ByzVMg6krkzl9DgQ