Infrastructure Overview

The infrastructure is defined as two AWS CDK stacks in TypeScript, located in infra/.

Stacks

`docs-swamp-infra`

Defined in infra/lib/infra-stack.ts.

Provisions the S3 bucket used as the central store for all documentation assets.

`docs-swamp-github-oidc-stack`

Defined in infra/lib/github-oidc-stack.ts.

Provisions the GitHub OIDC provider and two IAM roles that allow GitHub Actions workflows to authenticate with AWS without storing long-lived credentials.

Deployment

Both stacks are deployed by the deploy-infra.yml GitHub Actions workflow, or manually:

cd infra
npm install
cdk deploy --all \
  --context account=YOUR_ACCOUNT_ID \
  --context region=eu-west-1

Context variables

The CDK app in infra/bin/infra.ts reads the following context values (from cdk.json or --context flags):

Variable	Default	Description
`account`	`CDK_DEFAULT_ACCOUNT`	AWS account ID
`region`	`CDK_DEFAULT_REGION`	AWS region
`githubOrg`	`neulabscom`	GitHub organisation name
`githubRepo`	`*`	Repo allowed to use the upload role (`*` = all repos in org)
`githubDeployRepo`	`neulabs-docubuilder`	Only this repo can assume the deploy role
`githubBranch`	`main`	Branch restriction for OIDC trust

Stacks​

docs-swamp-infra​

docs-swamp-github-oidc-stack​

Deployment​

Context variables​

Architecture diagram​

Stacks

`docs-swamp-infra`

`docs-swamp-github-oidc-stack`

Deployment

Context variables

Architecture diagram