From 609edf38b7cc864eb576279f28db32ff76ed75ad Mon Sep 17 00:00:00 2001 From: milldr Date: Thu, 22 Jan 2026 13:05:42 -0500 Subject: [PATCH 1/7] docs: Add setup guidance for SuperAdmin auth, account IDs, and placeholders * Add SuperAdmin Atmos Auth configuration step after creating SuperAdmin user - Instructions for setting ATMOS_PROFILE and creating .env file - Testing connection with atmos auth login - Guidance for persisting profile and switching after cold start * Add account ID placeholder replacement step after deploying accounts - Steps to retrieve account IDs from Terraform output - Common configuration locations to update - grep command to find placeholder patterns * Add info box explaining placeholder values in reference architecture - Account IDs, underscored values, domains, ARNs - Clarifies when and where to replace values during setup Co-Authored-By: Claude Haiku 4.5 --- docs/layers/accounts/deploy-accounts.mdx | 29 +++++++++++++ .../accounts/prepare-aws-organization.mdx | 41 +++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/docs/layers/accounts/deploy-accounts.mdx b/docs/layers/accounts/deploy-accounts.mdx index 9944864d7..d137e4b49 100644 --- a/docs/layers/accounts/deploy-accounts.mdx +++ b/docs/layers/accounts/deploy-accounts.mdx @@ -104,6 +104,35 @@ This step-by-step process outlines how to deploy AWS accounts using `atmos` work + + ## Update Account ID Placeholders + + After creating accounts, you need to update any placeholder account IDs in your configuration with the actual account IDs. + + + 1. Get the list of account IDs from Terraform output: + ```bash + atmos terraform output account -s core-gbl-root + ``` + 1. Update account IDs in your stack configuration files. Common locations include: + - `stacks/orgs//_defaults.yaml` — The `account_map` variable + - `stacks/catalog/tfstate-backend.yaml` — The `allowed_principal_arns` if referencing specific accounts + - Any component configurations referencing account IDs directly + 1. Verify your changes by running a plan: + ```bash + atmos terraform plan tfstate-backend -s core-gbl-root + ``` + + + :::tip Finding Placeholders + Search your configuration for placeholder patterns like `111111111111`, `123456789012`, or `000000000000`. These are common placeholder values that should be replaced with real account IDs. + + ```bash + grep -r "111111111111\|123456789012\|000000000000" stacks/ + ``` + ::: + + ## Deploy Accounts Settings diff --git a/docs/layers/accounts/prepare-aws-organization.mdx b/docs/layers/accounts/prepare-aws-organization.mdx index ba2f35570..1897d6331 100644 --- a/docs/layers/accounts/prepare-aws-organization.mdx +++ b/docs/layers/accounts/prepare-aws-organization.mdx @@ -17,6 +17,19 @@ The set up process for the "baseline" or "account" layer is commonly referred to ::: +:::info About Placeholder Values + +The reference architecture includes placeholder values that you'll need to replace with your actual configuration. Common placeholders include: + +- **Account IDs** like `111111111111`, `123456789012`, or `000000000000` — Replace with your actual AWS account IDs after creating accounts +- **Underscored values** like `_example_` or `__REPLACE_ME__` — These indicate values that require your input +- **Example domains** like `example.com` or `acme.com` — Replace with your actual domain names +- **Sample ARNs** — Update with ARNs from your environment + +You'll update these values at different points during setup. Each guide will call out when specific replacements are needed. + +::: + ## Before Running Terraform (ClickOps) First, you'll need to perform some ClickOps to ensure things are set up before we use Terraform to manage AWS accounts. @@ -42,6 +55,34 @@ From the root account: 1. Create a single Access Key 1. Store credentials in 1Password: Access Key ID, Secret Access Key, Assigned MFA device ARN, and TOTP key +1. ### Configure Atmos Auth for SuperAdmin + Configure the `superadmin` profile to authenticate via Atmos during cold start. This allows you to run Atmos commands to deploy the foundation. + + 1. Set the `ATMOS_PROFILE` environment variable: + ```bash + export ATMOS_PROFILE=superadmin + ``` + 1. Create a `.env` file in your project root with the SuperAdmin credentials from 1Password: + ```bash + # .env (do NOT commit this file) + AWS_ACCESS_KEY_ID= + AWS_SECRET_ACCESS_KEY= + AWS_MFA_SERIAL=arn:aws:iam:::mfa/SuperAdmin + ``` + 1. Test the connection by running: + ```bash + atmos auth login + ``` + 1. Verify you can access the root account: + ```bash + aws sts get-caller-identity + ``` + + :::tip Atmos Profile Persistence + Add `export ATMOS_PROFILE=superadmin` to your shell configuration (`~/.zshrc` or `~/.bashrc`) to persist the setting across terminal sessions during cold start. + + After cold start is complete and Identity Center is configured, you'll switch to a different profile (e.g., `devops` or `managers`) as described in [Configure Atmos Auth](/layers/identity/atmos-auth/). + ::: 1. ### Enable IAM Access for Billing For billing users, you need to enable IAM access to billing information. From 0296ed81ee3373d7a275ecc0190232a9d31deb77 Mon Sep 17 00:00:00 2001 From: milldr Date: Thu, 22 Jan 2026 13:49:36 -0500 Subject: [PATCH 2/7] docs: Use Steps component for nested list in account ID placeholder section Co-Authored-By: Claude Haiku 4.5 --- docs/layers/accounts/deploy-accounts.mdx | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/layers/accounts/deploy-accounts.mdx b/docs/layers/accounts/deploy-accounts.mdx index d137e4b49..59412eb23 100644 --- a/docs/layers/accounts/deploy-accounts.mdx +++ b/docs/layers/accounts/deploy-accounts.mdx @@ -115,9 +115,11 @@ This step-by-step process outlines how to deploy AWS accounts using `atmos` work atmos terraform output account -s core-gbl-root ``` 1. Update account IDs in your stack configuration files. Common locations include: - - `stacks/orgs//_defaults.yaml` — The `account_map` variable - - `stacks/catalog/tfstate-backend.yaml` — The `allowed_principal_arns` if referencing specific accounts - - Any component configurations referencing account IDs directly + + 1. `stacks/orgs//_defaults.yaml` — The `account_map` variable + 1. `stacks/catalog/tfstate-backend.yaml` — The `allowed_principal_arns` if referencing specific accounts + 1. Any component configurations referencing account IDs directly + 1. Verify your changes by running a plan: ```bash atmos terraform plan tfstate-backend -s core-gbl-root From 59dfe4b5e7c9deaf575bc8dc3205199338618374 Mon Sep 17 00:00:00 2001 From: milldr Date: Fri, 23 Jan 2026 13:25:10 -0500 Subject: [PATCH 3/7] docs: Use TaskList component for non-sequential checklist items Co-Authored-By: Claude Opus 4.5 --- docs/layers/accounts/deploy-accounts.mdx | 10 ++-- .../accounts/prepare-aws-organization.mdx | 3 ++ package-lock.json | 48 ++----------------- 3 files changed, 12 insertions(+), 49 deletions(-) diff --git a/docs/layers/accounts/deploy-accounts.mdx b/docs/layers/accounts/deploy-accounts.mdx index 59412eb23..b8017ace6 100644 --- a/docs/layers/accounts/deploy-accounts.mdx +++ b/docs/layers/accounts/deploy-accounts.mdx @@ -115,11 +115,11 @@ This step-by-step process outlines how to deploy AWS accounts using `atmos` work atmos terraform output account -s core-gbl-root ``` 1. Update account IDs in your stack configuration files. Common locations include: - - 1. `stacks/orgs//_defaults.yaml` — The `account_map` variable - 1. `stacks/catalog/tfstate-backend.yaml` — The `allowed_principal_arns` if referencing specific accounts - 1. Any component configurations referencing account IDs directly - + + - `stacks/orgs//_defaults.yaml` — The `account_map` variable + - `stacks/catalog/tfstate-backend.yaml` — The `allowed_principal_arns` if referencing specific accounts + - Any component configurations referencing account IDs directly + 1. Verify your changes by running a plan: ```bash atmos terraform plan tfstate-backend -s core-gbl-root diff --git a/docs/layers/accounts/prepare-aws-organization.mdx b/docs/layers/accounts/prepare-aws-organization.mdx index 1897d6331..71097580b 100644 --- a/docs/layers/accounts/prepare-aws-organization.mdx +++ b/docs/layers/accounts/prepare-aws-organization.mdx @@ -6,6 +6,7 @@ sidebar_position: 2 import Intro from '@site/src/components/Intro'; import KeyPoints from '@site/src/components/KeyPoints'; import Steps from '@site/src/components/Steps'; +import TaskList from '@site/src/components/TaskList'; import ActionCard from '@site/src/components/ActionCard'; import PrimaryCTA from '@site/src/components/PrimaryCTA'; @@ -21,10 +22,12 @@ The set up process for the "baseline" or "account" layer is commonly referred to The reference architecture includes placeholder values that you'll need to replace with your actual configuration. Common placeholders include: + - **Account IDs** like `111111111111`, `123456789012`, or `000000000000` — Replace with your actual AWS account IDs after creating accounts - **Underscored values** like `_example_` or `__REPLACE_ME__` — These indicate values that require your input - **Example domains** like `example.com` or `acme.com` — Replace with your actual domain names - **Sample ARNs** — Update with ARNs from your environment + You'll update these values at different points during setup. Each guide will call out when specific replacements are needed. diff --git a/package-lock.json b/package-lock.json index 8a2b882a0..5f50bdded 100644 --- a/package-lock.json +++ b/package-lock.json @@ -284,7 +284,6 @@ "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.46.2.tgz", "integrity": "sha512-ZsOJqu4HOG5BlvIFnMU0YKjQ9ZI6r3C31dg2jk5kMWPSdhJpYL9xa5hEe7aieE+707dXeMI4ej3diy6mXdZpgA==", "license": "MIT", - "peer": true, "dependencies": { "@algolia/client-common": "5.46.2", "@algolia/requester-browser-xhr": "5.46.2", @@ -526,7 +525,6 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.5.tgz", "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==", "license": "MIT", - "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.5", @@ -2382,7 +2380,6 @@ } ], "license": "MIT", - "peer": true, "engines": { "node": ">=18" }, @@ -2405,7 +2402,6 @@ } ], "license": "MIT", - "peer": true, "engines": { "node": ">=18" } @@ -2515,7 +2511,6 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.1.tgz", "integrity": "sha512-orRsuYpJVw8LdAwqqLykBj9ecS5/cRHlI5+nvTo8LcCKmzDmqVORXtOIYEEQuL9D4BxtA1lm5isAqzQZCoQ6Eg==", "license": "MIT", - "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -2937,7 +2932,6 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.1.tgz", "integrity": "sha512-orRsuYpJVw8LdAwqqLykBj9ecS5/cRHlI5+nvTo8LcCKmzDmqVORXtOIYEEQuL9D4BxtA1lm5isAqzQZCoQ6Eg==", "license": "MIT", - "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -3754,7 +3748,6 @@ "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.9.2.tgz", "integrity": "sha512-HbjwKeC+pHUFBfLMNzuSjqFE/58+rLVKmOU3lxQrpsxLBOGosYco/Q0GduBb0/jEMRiyEqjNT/01rRdOMWq5pw==", "license": "MIT", - "peer": true, "dependencies": { "@docusaurus/babel": "3.9.2", "@docusaurus/bundler": "3.9.2", @@ -3990,7 +3983,6 @@ "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.9.2.tgz", "integrity": "sha512-C5wZsGuKTY8jEYsqdxhhFOe1ZDjH0uIYJ9T/jebHwkyxqnr4wW0jTkB72OMqNjsoQRcb0JN3PcSeTwFlVgzCZg==", "license": "MIT", - "peer": true, "dependencies": { "@docusaurus/core": "3.9.2", "@docusaurus/logger": "3.9.2", @@ -4273,7 +4265,6 @@ "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.9.2.tgz", "integrity": "sha512-IGUsArG5hhekXd7RDb11v94ycpJpFdJPkLnt10fFQWOVxAtq5/D7hT6lzc2fhyQKaaCE62qVajOMKL7OiAFAIA==", "license": "MIT", - "peer": true, "dependencies": { "@docusaurus/core": "3.9.2", "@docusaurus/logger": "3.9.2", @@ -4519,7 +4510,6 @@ "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-svg-core/-/fontawesome-svg-core-6.6.0.tgz", "integrity": "sha512-KHwPkCk6oRT4HADE7smhfsKudt9N/9lm6EJ5BVg0tD1yPA5hht837fB87F8pn15D8JfTqQOjhKTktwmLMiD7Kg==", "license": "MIT", - "peer": true, "dependencies": { "@fortawesome/fontawesome-common-types": "6.6.0" }, @@ -4907,7 +4897,6 @@ "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.0.1.tgz", "integrity": "sha512-9ZrPIU4MGf6et1m1ov3zKf+q9+deetI51zprKB1D/z3NOb+rUxxtEl3mCjW5wTGh6VhRdwPueh1oRzi6ezkA8A==", "license": "MIT", - "peer": true, "dependencies": { "@types/mdx": "^2.0.0" }, @@ -5235,7 +5224,6 @@ "resolved": "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz", "integrity": "sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==", "license": "MIT", - "peer": true, "dependencies": { "@babel/core": "^7.21.3", "@svgr/babel-preset": "8.1.0", @@ -6113,7 +6101,6 @@ "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.3.tgz", "integrity": "sha512-hti/R0pS0q1/xx+TsI73XIqk26eBsISZ2R0wUijXIngRK9R/e7Xw/cXVxQK7R5JjW+SV4zGcn5hXjudkN/pLIw==", "license": "MIT", - "peer": true, "dependencies": { "@types/prop-types": "*", "csstype": "^3.0.2" @@ -6478,7 +6465,6 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "license": "MIT", - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -6564,7 +6550,6 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", "license": "MIT", - "peer": true, "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", @@ -6610,7 +6595,6 @@ "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.46.2.tgz", "integrity": "sha512-qqAXW9QvKf2tTyhpDA4qXv1IfBwD2eduSW6tUEBFIfCeE9gn9HQ9I5+MaKoenRuHrzk5sQoNh1/iof8mY7uD6Q==", "license": "MIT", - "peer": true, "dependencies": { "@algolia/abtesting": "1.12.2", "@algolia/client-abtesting": "5.46.2", @@ -7247,7 +7231,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "baseline-browser-mapping": "^2.9.0", "caniuse-lite": "^1.0.30001759", @@ -8310,7 +8293,6 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.1.tgz", "integrity": "sha512-orRsuYpJVw8LdAwqqLykBj9ecS5/cRHlI5+nvTo8LcCKmzDmqVORXtOIYEEQuL9D4BxtA1lm5isAqzQZCoQ6Eg==", "license": "MIT", - "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -8626,15 +8608,14 @@ "license": "MIT" }, "node_modules/custom-loaders": { - "resolved": "plugins/custom-loaders", - "link": true + "version": "0.0.0", + "resolved": "file:plugins/custom-loaders" }, "node_modules/cytoscape": { "version": "3.33.1", "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.1.tgz", "integrity": "sha512-iJc4TwyANnOGR1OmWhsS9ayRS3s+XQ185FmuHObThD+5AeJCakAAbWv8KimMTt08xCCLNgneQwFp+JRJOr9qGQ==", "license": "MIT", - "peer": true, "engines": { "node": ">=0.10" } @@ -9044,7 +9025,6 @@ "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz", "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==", "license": "ISC", - "peer": true, "engines": { "node": ">=12" } @@ -10340,7 +10320,6 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", - "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -15425,7 +15404,6 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", - "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -16016,7 +15994,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", @@ -16920,7 +16897,6 @@ "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.1.tgz", "integrity": "sha512-orRsuYpJVw8LdAwqqLykBj9ecS5/cRHlI5+nvTo8LcCKmzDmqVORXtOIYEEQuL9D4BxtA1lm5isAqzQZCoQ6Eg==", "license": "MIT", - "peer": true, "dependencies": { "cssesc": "^3.0.0", "util-deprecate": "^1.0.2" @@ -17825,7 +17801,6 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", - "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -17899,7 +17874,6 @@ "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", "license": "MIT", - "peer": true, "dependencies": { "loose-envify": "^1.1.0" }, @@ -17912,7 +17886,6 @@ "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", "license": "MIT", - "peer": true, "dependencies": { "loose-envify": "^1.1.0", "scheduler": "^0.23.2" @@ -18028,8 +18001,7 @@ "version": "3.5.1", "resolved": "https://registry.npmjs.org/stylis/-/stylis-3.5.1.tgz", "integrity": "sha512-yM4PyeHuwhIOUHNJxi1/Mbq8kVLv4AkyE7IYLP/LK0lIFcr3tRa2H1iZlBYKIxOlf+/jruBTe8DdKSyQX9w4OA==", - "license": "MIT", - "peer": true + "license": "MIT" }, "node_modules/react-hubspot-form/node_modules/stylis-rule-sheet": { "version": "0.0.10", @@ -18073,7 +18045,6 @@ "resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz", "integrity": "sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ==", "license": "MIT", - "peer": true, "dependencies": { "@types/react": "*" }, @@ -18118,7 +18089,6 @@ "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz", "integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==", "license": "MIT", - "peer": true, "dependencies": { "@babel/runtime": "^7.12.13", "history": "^4.9.0", @@ -18866,7 +18836,6 @@ "resolved": "https://registry.npmjs.org/sass/-/sass-1.77.8.tgz", "integrity": "sha512-4UHg6prsrycW20fqLGPShtEvo/WyHRVRHwOP4DzkUrObWoWI05QBSfzU71TVB7PFaL104TwNaHpjlWXAZbQiNQ==", "license": "MIT", - "peer": true, "dependencies": { "chokidar": ">=3.0.0 <4.0.0", "immutable": "^4.0.0", @@ -18921,7 +18890,6 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", - "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -19140,7 +19108,6 @@ "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.1.0.tgz", "integrity": "sha512-74Wpe+hhPx4V8NFe00I2Fu9gTJopKoH5vE7nCqFzVgKOXV8AnN23T58K79QLYQotzGpH93UZ+UN2Y11j9huZJg==", "license": "MIT", - "peer": true, "engines": { "node": ">=10" } @@ -20295,8 +20262,7 @@ "version": "2.6.3", "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==", - "license": "0BSD", - "peer": true + "license": "0BSD" }, "node_modules/tunnel-agent": { "version": "0.6.0", @@ -20727,7 +20693,6 @@ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "license": "MIT", - "peer": true, "dependencies": { "fast-deep-equal": "^3.1.1", "fast-json-stable-stringify": "^2.0.0", @@ -21017,7 +20982,6 @@ "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.104.1.tgz", "integrity": "sha512-Qphch25abbMNtekmEGJmeRUhLDbe+QfiWTiqpKYkpCOWY64v9eyl+KRRLmqOFA2AvKPpc9DC6+u2n76tQLBoaA==", "license": "MIT", - "peer": true, "dependencies": { "@types/eslint-scope": "^3.7.7", "@types/estree": "^1.0.8", @@ -21640,7 +21604,6 @@ "resolved": "https://registry.npmjs.org/zod/-/zod-4.3.5.tgz", "integrity": "sha512-k7Nwx6vuWx1IJ9Bjuf4Zt1PEllcwe7cls3VNzm4CQ1/hgtFUK2bRNG3rvnpPUhFjmqJKAKtjV576KnUkHocg/g==", "license": "MIT", - "peer": true, "funding": { "url": "https://github.com/sponsors/colinhacks" } @@ -21654,9 +21617,6 @@ "type": "github", "url": "https://github.com/sponsors/wooorm" } - }, - "plugins/custom-loaders": { - "version": "0.0.0" } } } From e5882d6b879c531a099d0465e1b7db32e4491a17 Mon Sep 17 00:00:00 2001 From: milldr Date: Mon, 26 Jan 2026 11:46:45 -0500 Subject: [PATCH 4/7] docs: Simplify account ID placeholder guidance Co-Authored-By: Claude Opus 4.5 --- docs/layers/accounts/deploy-accounts.mdx | 27 +++++------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/docs/layers/accounts/deploy-accounts.mdx b/docs/layers/accounts/deploy-accounts.mdx index b8017ace6..740483746 100644 --- a/docs/layers/accounts/deploy-accounts.mdx +++ b/docs/layers/accounts/deploy-accounts.mdx @@ -107,32 +107,15 @@ This step-by-step process outlines how to deploy AWS accounts using `atmos` work ## Update Account ID Placeholders - After creating accounts, you need to update any placeholder account IDs in your configuration with the actual account IDs. + Now that accounts are created, you have real account IDs to work with. The reference architecture may contain placeholder account IDs (like `111111111111` or `000000000000`) that need to be replaced with your actual values. - - 1. Get the list of account IDs from Terraform output: - ```bash - atmos terraform output account -s core-gbl-root - ``` - 1. Update account IDs in your stack configuration files. Common locations include: - - - `stacks/orgs//_defaults.yaml` — The `account_map` variable - - `stacks/catalog/tfstate-backend.yaml` — The `allowed_principal_arns` if referencing specific accounts - - Any component configurations referencing account IDs directly - - 1. Verify your changes by running a plan: - ```bash - atmos terraform plan tfstate-backend -s core-gbl-root - ``` - - - :::tip Finding Placeholders - Search your configuration for placeholder patterns like `111111111111`, `123456789012`, or `000000000000`. These are common placeholder values that should be replaced with real account IDs. + To get your account IDs, run: ```bash - grep -r "111111111111\|123456789012\|000000000000" stacks/ + atmos terraform output account -s core-gbl-root ``` - ::: + + As you continue through the setup process, keep an eye out for placeholder values in your stack configurations and replace them with the actual account IDs as needed. From 06037deef278cdd1a4564d97026b604ffc79ad32 Mon Sep 17 00:00:00 2001 From: milldr Date: Mon, 26 Jan 2026 11:54:59 -0500 Subject: [PATCH 5/7] docs: Update SuperAdmin Atmos Auth setup with correct commands Co-Authored-By: Claude Opus 4.5 --- .../layers/accounts/prepare-aws-organization.mdx | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/layers/accounts/prepare-aws-organization.mdx b/docs/layers/accounts/prepare-aws-organization.mdx index 71097580b..7ba2ec4ce 100644 --- a/docs/layers/accounts/prepare-aws-organization.mdx +++ b/docs/layers/accounts/prepare-aws-organization.mdx @@ -61,26 +61,26 @@ From the root account: 1. ### Configure Atmos Auth for SuperAdmin Configure the `superadmin` profile to authenticate via Atmos during cold start. This allows you to run Atmos commands to deploy the foundation. - 1. Set the `ATMOS_PROFILE` environment variable: + 1. Set the `ATMOS_PROFILE` environment variable to select the superadmin profile: ```bash export ATMOS_PROFILE=superadmin ``` - 1. Create a `.env` file in your project root with the SuperAdmin credentials from 1Password: + 1. Configure your user credentials by running the following command. You'll be prompted to enter your Access Key ID, Secret Access Key, and MFA ARN from 1Password: ```bash - # .env (do NOT commit this file) - AWS_ACCESS_KEY_ID= - AWS_SECRET_ACCESS_KEY= - AWS_MFA_SERIAL=arn:aws:iam:::mfa/SuperAdmin + atmos auth user configure ``` - 1. Test the connection by running: + 1. Start an authenticated session. You'll be prompted to enter a one-time MFA token: ```bash atmos auth login ``` 1. Verify you can access the root account: ```bash - aws sts get-caller-identity + atmos auth exec -- aws sts get-caller-identity ``` + :::note Daily Usage + Once the profile is set and user credentials are configured, you only need to run `atmos auth login` each day to start a new authenticated session. + ::: :::tip Atmos Profile Persistence Add `export ATMOS_PROFILE=superadmin` to your shell configuration (`~/.zshrc` or `~/.bashrc`) to persist the setting across terminal sessions during cold start. From 7cd5c99163740ea1a1f5da4b1c76ff0bfeeab417 Mon Sep 17 00:00:00 2001 From: Dan Miller Date: Mon, 26 Jan 2026 14:15:40 -0500 Subject: [PATCH 6/7] Update docs/layers/accounts/prepare-aws-organization.mdx Co-authored-by: Ben --- docs/layers/accounts/prepare-aws-organization.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/layers/accounts/prepare-aws-organization.mdx b/docs/layers/accounts/prepare-aws-organization.mdx index 7ba2ec4ce..d9a83ef2f 100644 --- a/docs/layers/accounts/prepare-aws-organization.mdx +++ b/docs/layers/accounts/prepare-aws-organization.mdx @@ -24,7 +24,7 @@ The reference architecture includes placeholder values that you'll need to repla - **Account IDs** like `111111111111`, `123456789012`, or `000000000000` — Replace with your actual AWS account IDs after creating accounts -- **Underscored values** like `_example_` or `__REPLACE_ME__` — These indicate values that require your input +- **Underscored values** like `_example_` or `__REPLACE_ME__` — These indicate values that require your input. Search for `_ACCOUNT_NUMBER__` to find items to replace like `__DEV_ACCOUNT_NUMBER__` - **Example domains** like `example.com` or `acme.com` — Replace with your actual domain names - **Sample ARNs** — Update with ARNs from your environment From 28e9c17f48b55dec90b84f62f7892cc95a27fc67 Mon Sep 17 00:00:00 2001 From: Dan Miller Date: Mon, 26 Jan 2026 14:15:49 -0500 Subject: [PATCH 7/7] Update docs/layers/accounts/deploy-accounts.mdx Co-authored-by: Ben --- docs/layers/accounts/deploy-accounts.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/layers/accounts/deploy-accounts.mdx b/docs/layers/accounts/deploy-accounts.mdx index 740483746..5729a3732 100644 --- a/docs/layers/accounts/deploy-accounts.mdx +++ b/docs/layers/accounts/deploy-accounts.mdx @@ -113,6 +113,8 @@ This step-by-step process outlines how to deploy AWS accounts using `atmos` work ```bash atmos terraform output account -s core-gbl-root + ## or if on the latest version with instanced components: + atmos terraform output aws-account/core-artifacts -s core-gbl-root ``` As you continue through the setup process, keep an eye out for placeholder values in your stack configurations and replace them with the actual account IDs as needed.