Substrate manual

Substrate manages secure, reliable, and compliant cloud infrastructure in AWS. Email hello@src-bin.com for a demo or to subscribe!

Getting started

1. Overview
2. Opening a fresh AWS account
3. Installing Substrate and Terraform
4. Configuring Substrate shell completion
5. Bootstrapping your Substrate-managed AWS organization
6. Integrating your identity provider to control access to AWS
7. Deleting unnecessary root access keys
8. Integrating your original AWS account(s)
9. Managing your infrastructure in service accounts

Concepts and terms

• Accounts in a Substrate-managed AWS organization
• Domains, environments, and qualities
• Networking
• Diagram of a Substrate-managed AWS organization
• Global and regional Terraform modules
• Root Terraform modules
• Substrate filesystem hierarchy

Architectural guidance

• Technology choices
• Multi-tenancy
• Multi-region strategy
• Diagram of a multi-quality, multi-region service
• Deciding where to host internal tools

Working in your Substrate-managed AWS organization

• Accessing AWS in your terminal
• Accessing the AWS Console
• Moving between AWS accounts
• Using AWS CLI profiles
• Jumping into private networks
• Writing Terraform code with an assist from Substrate
• Using Amazon EC2 when IMDSv2 is required
• Additional Terraform providers
• Adding a domain
• Adding an environment or quality
• Adding a region
• Deploying software
• Protecting internal websites

Automating operations with Substrate

• Enumerating all your AWS accounts
• Enumerating all your root Terraform modules

Administering your Substrate-managed AWS organization

• Onboarding and offboarding users
• Adding non-Administrator (and non-Auditor) roles for humans
• Allowing third parties to access your AWS organization
• Adding administrators to your AWS organization
• Customizing EC2 instances from the Instance Factory
• Cost management

Compliance

• Addressing SOC 2 criteria with Substrate
• Auditing your Substrate-managed AWS organization

Runbooks for emergency and once-in-a-blue-moon operations

• Subscribing to AWS Support plans
• Closing an AWS account
• Removing an AWS account from your organization (without closing it)
• Removing an AWS region
• Changing identity providers
• Sharing CloudWatch data between accounts
• Regaining access in case the Credential and Instance Factories are broken

Release notes and upgrading

• Release notes
• Upgrading Substrate

Meta

• About Source & Binary
• Source & Binary Software License and Subscription Terms
• Telemetry Substrate posts to Source & Binary