Getting Started

AWS and Github Accounts

Github Account for Registration/Login
AWS IAM roles/keys¹ (only for onboarding)
- Create onboarding iam role
- Download iam keys

Fork Sample Launch Repository

Fork sample launch config0 repo here
- Click Fork on the top right corner of Github
- Unclick box that only copies the default (“main”) repository

overview — Forking launch-config0 - unclick box

Sign Up here
- Select Github to log in with.²
- Authorize Config0 on Github³
- Provide AWS iam credentials¹
  - AWS_ACCESS_KEY_ID
  - AWS_SECRET_ACCESS_KEY
- After onboarding (takes 5-10 minutes)⁶, then deactivate these AWS keys!¹

Adding Projects

The launch config0 repo contains branches that correspond to sample automations.
- Each branch contains a sample launch yml – e.g. config0/config0.yml
- For example, branch mongodb contains a sample config0/config0.yml to create and launch a MongoDb replica set on ec2.

IaC CI for existing Terraform/OpenTofu automation

This getting started guide is designed for users with existing Terraform and OpenTofu automation who wish to manage it using GitOps and streamline it through an Infrastructure as Code (IaC) continuous delivery pipeline.

It functions similarly to Atlantis but eliminates the need for you to set it up manually. This approach establishes a CI system on AWS using step functions, Lambda functions, DynamoDB for state management, and CodeBuild for applying Terraform/OpenTofu.

Features:

IaC CI
- TfSec,Infracost, and TF Plan in PR comment
- Build (evaluate and not apply) on PR/push
GitOps
- Apply on PR approvals

Outline:

Run IaC CI Setup and Register Repository to track and perform CI
- This step will create the IaC CI system.
Add Existing IaC to IaC CI system
- Add your existing Terraform/OpenTofu code to the registered repository in the setup. ⁷

For IaC only automation

First, run and execute vpc branch. The vpc is used by other automations like MongoDb and Codebuild CI. ⁴
Second, run and execute network_vars_set branch. This creates a variables set where other automations search and get network related variables.

For end-to-end developer solutions

For end-to-end developer solutions, there are three Tier examples that contain a network, database, and EKS cluster.

env-sql (mysql)
env-nonsql (mongodb)
env-streaming (kakfa)

AWS keys are used only for onboarding. It is not use for executing Terraform/OpenTofu code. You can disabled the IAM keys or remove the “Power” and “IAM” permissions immediately after onboarding. ↩↩↩
Bitbucket will be supported soon ↩
Jiffy is the registered company ↩
AWS automation - Some require vpc completed. ↩
For example,
```
vpc_name: selector:::network_vars::vpc_name
```
will use the selector network_vars (defined and not shown) and insert vpc_name of the selector for the variable vpc_name. This will be shown in the config0/config0.yml file in the branches. For EKS, you can find substitution by viewing:
```
cd launch-config0
git checkout eks
cat config0/config0.yml
```
↩
The onboarding process involves creating an AWS CodeBuild project and AWS Lambda functions to execute Terraform, OpenTofu, and shell scripts (e.g., Python, Go, Node.js). Additionally, a VPC and a NAT instance are provisioned to run the “runners” in a private subnet. Sensitive information and secrets are stored in the user’s AWS account, not in the Config0 platform. Config0 accesses and stores sensitive information through an assumed role, which allows it to upload secure strings to the user’s AWS Systems Manager Parameter Store. The sensitive information is often encrypted before being stored in the Parameter Store. ↩
For example, if you have an existing EKS cluster, create a branch named “eks” in the IaC CI repository (e.g., “iac-ci”). Place your existing IaC code there. Then, push it to the main branch for the existing IaC. Run the Add IaC code stack, which will track and record GitOps/CI for the IaC CI system ↩