# Bootstrap

Account administration stack.

The bootstrap layer comprises security essentials, and foundational continuous delivery infrastructure.

* [Bootstrap](#bootstrap)
  * [Architecture](#architecture)
  * [Responsibilities](#responsibilities)
  * [Pre requisites](#pre-requisites)
  * [Creating CI/CD](#creating-cicd)

## Architecture

![](https://972248026-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPTLidBS6Vrblh1f6EYpk%2Fuploads%2Fgit-blob-54abfd479c2c12130eaec6b704c86162e3842955%2Fdiagram.png?alt=media)

## Responsibilities

* Provide a secure way for github actions to assume a short lived role.
* Create SSO permission sets to assign to the users within your AWS Organisation.

## Pre requisites

* Create AWS account.
  * You will need access keys to deploy the bootstrap
  * I recommend that you follow aws control tower guided setup to create:
    * A root account with a SSO and Control Tower management login.

## Creating CI/CD

In order to ship code continuously we can use GitHub actions.

This stack uses OpenID Connect to issue temporary tokens with a grant of trust.

> You can read this guide to understand why this stack was written the way it was: <https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect>

You need to put the cart before the horse at some point in deploying your AWS estate, you cannot start from a full CI/CD process.

In this instance, we want ot use GitHub to deploy a lot of AWS CDK Applications.

We first need to create a link between GitHub and the AWS Account using OpenID Connect.

We till want to control this, so a GitHub action which is manually dispatched.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://simonireilly.gitbook.io/micro-teams-practical-guide-to-the-aws-estate/packages/bootstrap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.