Using configuration files

You can use version control for your configuration like you would for source code. You can introduce feature branching and other commonly-used strategies to ensure changes to the environment meet your standards.

You can audit the change history of the configuration files.

The files serve as declarative manifests for your environment’s configuration. The AWSAccelerator-Pipeline sources changes to the main branch of the repository and orchestrates your defined configuration properties with CodeBuild projects and the AWS CDK toolkit. Users who make edits to these configuration files aren’t required to know how to write code.

Because the repository is hosted in CodeCommit, you can use IAM to define which users and roles can view or make changes to the repository. You can use this strategy as a gate to allow members in your organization to make changes to the environment.

accounts-config.yaml – Used to manage all of the AWS accounts within the AWS Organization. Adding a new account to this configuration file invokes the account creation process from Landing Zone Accelerator on AWS.

customizations-config.yaml (optional) – Used to manage configuration of custom applications, third-party firewall appliances, and CloudFormation stacks.

global-config.yaml – Used to manage all of the global properties that can be inherited across the AWS Organization.

iam-config.yaml – Used to manage all of the IAM resources across the AWS Organization.

network-config.yaml – Used to manage and implement network resources to establish a WAN/LAN architecture to support cloud operations and application workloads in AWS.

organization-config.yaml – Used to manage all of the organization units in the AWS Organization.

replacements-config.yaml (optional) – Used to manage all of the replacement values across the configuration files, see Parameter Store reference variable for more details.

security-config.yaml – Used to manage configuration of AWS security services.