Infrastructure Overview
DocuStack infrastructure is managed using Terraform modules deployed via Terragrunt, following the Gruntwork two-repository pattern.
Repository Structure
| Repository | Purpose |
|---|---|
docustack-infrastructure-modules | Reusable, versioned Terraform modules |
docustack-infrastructure-live | Environment-specific configurations |
Module Categories
Core Infrastructure
Foundation modules that other components depend on:
- Bootstrap - S3 + DynamoDB for Terraform state
- VPC - HIPAA-compliant networking
- ECS Cluster - Fargate compute platform
- ECR - Container registry
- RDS - PostgreSQL database
Database & Workflows
- DB Init Lambda - Database initialization
- Temporal - Workflow orchestration
Secure Access
- Bastion - On-demand SSM bastion hosts
- Bastion Orchestrator - Lifecycle management
Cost Management
- Nightly Scheduler - Automated stop/start
- Infra Orchestrator - Central control plane
ChatOps
- Slack Bot - Infrastructure commands
- IP Whitelist - Dynamic IP management
Security & Compliance
- Compliance - AWS Config rules
- SCP Policies - Organization controls
- GitHub Actions OIDC - CI/CD authentication
Deployment Order
Infrastructure must be deployed in dependency order:
Layer 0: bootstrap
↓
Layer 1: vpc, github-actions-oidc
↓
Layer 2: ecr, ecs-cluster, rds
↓
Layer 3: bastion, ip-whitelist, nightly-scheduler
↓
Layer 4: db-init-lambda, temporal
↓
Layer 5: slack-bot, bastion-orchestrator, infra-orchestrator
Quick Commands
# Navigate to module in live repo
cd docustack-infrastructure-live/dev/us-east-1/<module>
# Plan changes
terragrunt plan
# Apply changes
terragrunt apply
# Via Terrateam (in PR comments)
terrateam plan
terrateam apply
Next Steps
- Module Documentation - Detailed module guides
- Deployment Guide - How to deploy infrastructure
- Terrateam Workflow - CI/CD process