Skip to content

Clean up AWS docs development posture #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
keithataylor merged 1 commit into from
May 23, 2026
Merged

Clean up AWS docs development posture #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -544,7 +544,7 @@ Planned hardening should remain tied to production-relevant gaps.

Credible next improvements include:

- extend immutable image tagging consistently across manual and Terraform-driven deployment paths
- add a manual rollback workflow for redeploying a previous known-good ECS task definition or image SHA
- HTTPS listener with ACM certificate
- optional HTTP-to-HTTPS redirect
- optional NAT Gateway or controlled egress path only if future app behaviour requires general external access
Expand Down Expand Up @@ -579,4 +579,5 @@ Current status:
- deployed MCP allow and deny paths have been smoke-tested
- IAM Identity Center admin access is configured for normal AWS console work
- manual GitHub Actions CD is implemented using OIDC, ECR image push, ECS task definition revision deployment, ECS service rollout, and `/health` smoke check
- manual GitHub Actions CD checks that the `test` check passed for the exact commit SHA before deploying
- deployed ECS task definitions now use immutable Git commit SHA image tags rather than relying on `latest`
4 changes: 2 additions & 2 deletions docs/TRACKER.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,8 @@ Verified AWS checks:
- The ECS service is updated to a new task definition revision during CD.
- The deployed ECS task definition uses the Git commit SHA image tag, not `latest`.
- The CD workflow waits for ECS service stability and checks `/health` after deployment.
- Manual CD requires the `test` check to have passed for the exact commit SHA before deployment proceeds.
- Terraform uses a bootstrap image tag for initial ECS task definition creation while GitHub Actions CD owns SHA-based runtime deployment revisions.

Current AWS networking posture:

Expand All @@ -286,8 +288,6 @@ Deferred AWS hardening:
- Terraform remote state backend
- migration version tracking
- production-grade credential registration/rotation workflow
- CI-before-deploy safety clarification and deployment guardrails
- Terraform image tag handling alignment with SHA-based CD

---

Expand Down
227 changes: 0 additions & 227 deletions docs/aws_cli_reference.md
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion docs/aws_terraform_deployment_sequence.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -751,7 +751,6 @@ Deferred production hardening:
- Terraform remote state
- production credential registry/admin process
- migration version table
- CI-before-deploy safety clarification and deployment guardrails

---

Expand Down