Domains are a mechanism for protecting one service (or group of services) from others. You may create as many as you like. Creating and subsequent updates are simple: Run substrate-create-account -domain="..." -environment="..." -quality="..."
with the name of your (new) domain and a declared environment and quality. This will create a new AWS account in your organization, add it to substrate.accounts.txt
, and create all the necessary IAM roles to allow administrators to access the account.
In almost every case, you'll create an account for every domain in every environment. Sometimes you may create accounts with multiple qualities to allow changes (even changes to AWS resources) to be deployed gradually within the domain.
Especially in the early build-out of your Substrate-managed AWS organization, you may need to add an environment (or two) to create space for a new data set, perhaps to support a new phase in your development process, a quality-assurance function, disaster recovery, or something else.
Environments primarily create separation amongst themselves at the network level. Thus environments are created by substrate-bootstrap-network-account
. To create a new one (or two), simply respond as follows to its prompts:
substrate-bootstrap-network-account
substrate-bootstrap-network-account
exits successfully, your new environment is ready for useLikewise, you may need to add a quality (or two) to reduce the blast radius of changes, especially changes to AWS resources like load balancers, auto scaling groups, and higher-level clusters.
Qualities provide a means to reduce the blast radius of changes within an environment and, just like environments themselves, operate primarily at the network level. Thus qualities, too, are created by substrate-bootstrap-network-account
. To create a new one (or two), simply respond as follows to its prompts:
substrate-bootstrap-network-account