Source & Binary

Substrate manual

Substrate is an opinionated suite of tools for managing secure, reliable, and compliant cloud infrastructure in AWS. It’s offered only as part of an engagement with Source & Binary.

Installation and tutorial

Follow these sections to install and configure Substrate and then use it to provision a toy service.

  1. Getting started with Substrate
  2. Provision the demo service in staging
  3. Provision the demo service in production

Concepts and definitions

Substrate layers a few new concepts on top of tried and true Terraform. These sections will help you master them.

  1. Diagrams of your Substrate-managed AWS organization
  2. Domains, environments, and qualities
  3. Architecture within your Substrate-managed AWS organization
  4. Global versus regional modules
  5. Your Substrate-managed AWS organization
  6. Your Substrate repository

References for frequent tasks

Substrate will become a part of your daily workflow. Some days, it’s merely a conduit into various AWS accounts. Other days, it’s a powerful code and resource generator that expands your AWS infrastructure in security-preserving and reliability-improving ways. These sections walk you through the tasks you’re likely to perform frequently.

  1. Your daily workflow in your Substrate-managed AWS organization
  2. Referencing Substrate parameters in Terraform
  3. Adding a service account
  4. Adding domains, environments, and qualities
  5. Enumerating all your AWS accounts
  6. Adding a region
  7. Additional Terraform providers
  8. Deploying software
  9. Protecting internal websites
  10. Onboarding and offboarding users
  11. Auditing your Substrate-managed AWS organization
  12. Cost management
  13. Substrate release notes
  14. Upgrading Substrate

Topics for a rainy day

You may never need to open any of these sections. If you do, they’ll save you time and stress.

  1. AWS support
  2. CloudWatch sharing
  3. Changing identity providers
  4. Closing an AWS account
  5. Removing an AWS region
  6. Regaining access if Credential and Instance Factories are broken