Domains are a mechanism for protecting one service (or group of services) from others. You may create as many as you like. Creation and subsequent updates are simple: Run
substrate create-account -domain domain -environment environment -quality quality with the name of your (new) domain and a declared environment and quality. This will create a new AWS account in your organization, add it to
substrate.accounts.txt, and create all the necessary IAM roles to allow administrators to access the account.
If not immediately, you’ll eventually create this domain in all of your environment/quality pairs to enable a complete progression from e.g. development through production.
See domains, environments, and qualities for more discussion of these fundamental Substrate concepts.
All accounts with a given domain, across all environments and qualities, will be generated with Terraform code that references a generated Terraform module named the same as the domain. This is where you should put the vast majority of Terraform resources, possibly parameterized by
module.substrate.tags.quality as well as
If you choose to add
variable stanzas to that module, we recommend that you do not set a
default for those variables; this will force you to consider the appropriate values when creating this domain in different environments and/or qualities.