Life ConnectLife Connect
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
Wiki index
Architecture
Services
Concepts
Runbooks
Infra
Swagger Docs
GitHub
  • Infrastructure

    • Infrastructure
    • Pulumi project — infra/
    • Current AWS + MongoDB Atlas state
    • MongoDB Atlas — Realm CLI setup
Last updated 2026-05-03

Pulumi project — infra/

AI-generated content

This document was generated by an AI assistant. Verify accuracy before relying on the details.

Source of truth: infra/README.md on GitHub.

What lives in infra/

A greenfield Pulumi (JavaScript) project that replaces the Azure AKS / Helm / Bitbucket Pipelines stack with:

  • Multi-account AWS Organization: adb-root, adb-ops, adb-logs, adb-shared, adb-production, adb-staging, adb-preview.
  • Centralised IAM via AWS IAM Identity Center, with groups Admin, Engineer, Debug, Billing, Ops, and Jail (an audit-only deny-everything-else lockdown permission).
  • ECS Fargate workloads for production and staging. Per-PR ephemeral envs in adb-preview, with /deploy and /destroy PR comments as triggers.
  • Cloudflare Pages for the adb-ui Angular app.
  • Local docker-compose stack that runs all 9 Spring Boot services + UI + MongoDB + Keycloak + LocalStack with no external dependencies.
  • GitHub Actions for CI, PR previews, and branch deploys (main → staging, production → prod with manual approval).

Stacks

StackAccountRun when
orgadb-rootOnce, manually, by an admin
identityadb-opsOnce, then on group/permission changes
logsadb-logsOnce, then on retention changes
sharedadb-sharedOnce, then when adding ECR repos
stagingadb-stagingAuto on push to main
productionadb-productionAuto on push to production (with manual approval)
pr-<N>adb-previewAuto on /deploy on PR <N>, destroyed on /destroy or PR close

Layout (high-level)

infra/
├── Pulumi.yaml                  Pulumi project file
├── package.json                 JS deps (no TypeScript)
├── src/
│   ├── components/              Reusable Pulumi ComponentResources
│   ├── catalog/                 Service registry (single source of truth for services + events)
│   ├── stacks/                  Per-stack entry points
│   └── index.js                 Dispatch by stack name
├── stacks/                      Per-stack Pulumi.<stack>.yaml configs
├── scripts/                     Helper shell scripts (pr-deploy, pr-destroy, …)
└── docker/                      Local docker-compose stack

Local dev

cd infra
make up        # brings up MongoDB replica set, Keycloak, LocalStack, Mailpit, all services
make down

No external dependencies required.

Where to read more

  • infra/README.md — operations reference (kept up-to-date alongside the code).
  • Current AWS state — what's actually deployed today, and the gaps the Pulumi project is filling.
  • MongoDB Atlas — Realm CLI setup — needed to audit / change the producer side of the EventBridge fanout.
Edit this page
Last Updated:
Contributors: Yevhenii Khudolii
Prev
Infrastructure
Next
Current AWS + MongoDB Atlas state