Architecture patterns for IaC (Terraform, Ansible, CloudFormation) pipelines on AWS.
┌─────────────────────────────────┐ ┌─────────────────────────────────┐
│ NON-PROD ACCOUNT │ │ PROD ACCOUNT │
│ │ │ │
│ 10-dev 20-qat │ │ 40-stg 70-prod 90-dr │
│ │ │ │
│ ca-central-1 │ │ ca-central-1 / ca-west-1 (DR) │
└─────────────────────────────────┘ └─────────────────────────────────┘
flowchart LR
A[CI/CD Runner] --> B[cicd-oidc-role<br/>minimal perms]
B --> C[cicd-admin-role<br/>full perms]
C --> D[Deploy]
Why: OIDC handles auth, admin role handles permissions. See docs/authentication.md
| Event | Runs? | Why |
|---|---|---|
| Feature branch push | NO | No value until PR |
| PR/MR opened | YES | Ready for review |
| Main branch | YES | Merged code |
| Manual | YES | Explicit action |
NON-PROD ACCOUNT PROD ACCOUNT
──────────────── ────────────
10-dev → 20-qat → 40-stg → 70-prod → 90-dr
↑
requires CR
Use AI with your org context + these docs:
Generate a [GitHub/GitLab/Jenkins] pipeline for Terraform:
- Follow docs/pipeline-rules.md for triggers
- Follow docs/authentication.md for role chaining
- 2 AWS accounts: non-prod, prod
- 5 environments: dev, qat (non-prod) | stg, prod, dr (prod account)
- Regions: ca-central-1, ca-west-1 (DR)
| Platform | Guide |
|---|---|
| GitHub Actions | .github/workflows/README.md |
| GitLab CI | gitlab-ci/README.md |
| Jenkins | jenkins/README.md |
- Pipeline Rules - triggers, deployment patterns
- Authentication - role chaining
- Conventions - naming standards