This repository contains the Terraform code to deploy the SaaS version of Nextflow Tower into a multi-account AWS environment. This is a work in progress and is not yet ready for production use.
- Stores Terraform state securely in a KMS encrypted S3 bucket in a terraform management account.
- Creates AWS user, credentials, and access keys work buckets for the Nextflow Tower application to use.
- Creates one or more Tower workspaces within a Tower organization.
- Directly passes the AWS credentials to a Nextflow Tower workspaces without manual copying and pasting.
-
Use a best-practices AWS account structure such as biotech-blueprint-multi-account with AWS Control Tower enabled.
-
Create separate dedicated accounts for each nf-tower environment (dev, prod, etc.) and have a terraform management account.
-
Deploy a Terraform Backend to the management account using this cloudformation template.
-
Fork and clone this repository.
-
When opening the repository in VS Code, select "Open Repository in Container" to use the included development environment.
-
Use
aws configure ssoto setup AWS cli profiles for the management account and each Seqera Platform environment account.
-
Create a Seqera Platform account.
-
Create one organization in Seqera Platform for each environment (dev, prod, etc.).
-
Create an authorization token for your Seqera Platform account.
-
Set the following environment variable in your dev environment (e.g. using Codespaces secrets):
export TF_VARS_NFTOWER_API_KEY=<Insert-API-Key-Here>
- Review the subdirectories of the
livedirectory and adjust the variables in the files:
aws_account.hclenv.hclnftower.hcl
- Deploy the Terraform code for each environment:
cd live/dev
terragrunt run-all init
terragrunt run-all plan
terragrunt run-all apply