Improve Deployment Ordering Documentation

[Dan Miller (milldr)]

what

• Move ECR to after GitHub
• Add planners and necessary steps to reapply aws-teams

why

• Improve the documentation ordering for deploying github oidc related components

references

• https://github.com/orgs/cloudposse/discussions/57
• requires ♻️ Improve Deployment Ordering #745
• requires https://github.com/cloudposse/refarch-scaffold/pull/749

[mergify]

⚠️ The sha of the head commit of this PR conflicts with #745. Mergify cannot evaluate rules on this PR. ⚠️

[Cyrus (dukarc)]

FYI when we run this now Dan Miller (@milldr) we just tried running this .. fyi with our version of workflows delivered we don't have this workflow

 √ : [superadmin] (HOST) workspace ⨠ atmos workflow deploy/cloudtrail -f baseline
 Invalid Workflow Name 

No workflow exists with the name  deploy/cloudtrail 

[Dan Miller (milldr)]

Yes you wont have any workflow updates your version of workflows since they exist in your repo. This is all you need to add

dont forget to change the environment to your default

# stacks/workflows/baseline.yaml
       - command: workflow vendor -f baseline
       - command: workflow init/tfstate -f baseline
       - command: workflow deploy/tfstate -f baseline
-      - command: workflow deploy -f baseline
+      - command: workflow deploy/cloudtrail -f baseline
+      - command: workflow deploy/ecr -f baseline
 
   vendor:
     description: Vendor baseline layer components.
 @@ -36,9 +37,13 @@ workflows:
     steps:
       - command: terraform deploy tfstate-backend --stack core-use1-root
 
-  deploy:
+  deploy/cloudtrail:
     description: Start AWS Cloudtrail in audit and root accounts to track changes across the org.
     steps:
       - command: terraform deploy cloudtrail-bucket -s core-use1-audit
       - command: terraform deploy cloudtrail -s core-gbl-root
 
+  deploy/ecr:
+    description: Deploy ECR in the artifacts account to use as our container registry
+    steps:
       - command: terraform deploy ecr -s core-use1-artifacts

here's the whole thing

workflows:
  all:
    description: run all workflows
    steps:
      - command: workflow vendor -f baseline
      - command: workflow init/tfstate -f baseline
      - command: workflow deploy/tfstate -f baseline
      - command: workflow deploy/cloudtrail -f baseline
      - command: workflow deploy/ecr -f baseline

  vendor:
    description: Vendor baseline layer components.
    steps:
      - command: vendor pull --component account
      - command: vendor pull --component account-map
      - command: vendor pull --component account-quotas
      - command: vendor pull --component account-settings
      - command: vendor pull --component cloudtrail
      - command: vendor pull --component cloudtrail-bucket
      - command: vendor pull --component ecr
      - command: vendor pull --component tfstate-backend

  init/tfstate:
    description: Provision Terraform State Backend for initial deployment.
    steps:
      - command: terraform deploy tfstate-backend -var=access_roles_enabled=false --stack core-use1-root --auto-generate-backend-file=false
      - command: until aws s3 ls acme-core-use1-root-tfstate; do sleep 5; done
        type: shell
      - command: terraform deploy tfstate-backend -var=access_roles_enabled=false --stack core-use1-root --init-run-reconfigure=false

  deploy/tfstate:
    description: >-
      Deploy Terraform State Backend.

      Finalize Terraform State Backend access, which requires AWS Teams to be deployed first.
    steps:
      - command: terraform deploy tfstate-backend --stack core-use1-root

  deploy/cloudtrail:
    description: Start AWS Cloudtrail in audit and root accounts to track changes across the org.
    steps:
      - command: terraform deploy cloudtrail-bucket -s core-use1-audit
      - command: terraform deploy cloudtrail -s core-gbl-root

  deploy/ecr:
    description: Deploy ECR in the artifacts account to use as our container registry
    steps:
      - command: terraform deploy ecr -s core-use1-artifacts