Deployments Overview
Deployments are the end user hub of ESH, this is where Templates get deployed to Target environments. A user is granted access to a library of Certified Templates and Targets and can choose where to deploy the Template.
Users are granted access to Tenants, and Tenants are authorized to deploy to specific regions so if a region you wish to deploy to is not available, ask the Tenant Administrator to grant access to that region.
The Deployments console is show below. We'll go over a few of the features.
Tenant Selector
The Deployments console works within the context of a Tenant. If you have more than one Tenant assigned to you, you will see the Tenant selector as in above screenshot.
Deployments Table
Search and filterable table of all the Tenants Deployments. Select a row for details about specific deployment. See Deployments Viewer for details.
Deployments Map
See Tenants Deployments and their geographical locations at a glance.
Deployment Viewer and Editor
Selecting any row in table will display details of a specific deployment and allow changes to be made such as re-deploying with different parameters, changing Deployment name and deleting an existing deployment.
Deployment Viewer
Deployment Editor
-
Redploy
-
Allows you to update Deployment parameters such as changing a virtual machine instance size.
-
Allows re-deploying an existing deployment that was temporarily deleted. ESH has the ability to retain Deployment parameters even though the resources have been deleted. This is useful where the resource is not always required.
-
-
Delete
Delete has 3 options. The screenshot below shows the options available.
-
Edit
Edit provides the option to change a deployment name and to change protection setting.
Deployment Approvals
There are 3 types of approvals that may be required.
-
Template Approval
Some templates need approval before they can be deployed due to some characteristic about the Template such as it deploys an expensive resource, or a resource that needs naming approval such as an AWS account.
-
Policy Approval
Deployment plans are scanned by Open Policy Agent to ensure the plan adheres to the organizations standards. Where a Template breaches an organization policy, it is refered to an administrator for approval. An example of an organization policy that may a Deployment may not pass without approval would be where the Template creates an IAM role. It may be perfectly acceptable to create the role but it requires review due to the privilege level it grants. It maybe that a Template should allow creation of a public S3 bucket if that option is selected, but, before that option is allowed it will require review by a security administrator.
-
Cost Approval
A threshold can be set on the Tenant level such that any Deployments that will exceed this monthly cost will be directed for Tenant admin approval.
Where an approval is required, the Deployment will turn yellow and will be in the Approvals console of an authorized user. When they approve or reject, the status will update in your Deployments table and if rejected, there will be a reason so the user can adjust or cancel the Deployment accordingly.