...
In the Operations account:
TODO: TF module for the following configs
Create a workspace named "Flightdeck'.
Enable SSO or SAML.
Use service-managed permissions.
Enable Managed Service for Prometheus and CloudWatch.
Enable Amazon SNS.
TODO: document about organization access type + OUs
Manual steps:
Set yourself as an admin of the workspace.
Add an SSO group to the workspace.
TODO: Order of operation for prometheus workspace, grafana workspace, auth and data sources
Setting up Dashboards
From the Grafana workspace in the AWS Management Console, sign into the managed Grafana instance.
Under Settings, select API Keys.
Create a new Admin API key named "Terraform" that expires after 30 days.
Copy the API key.
TODO: What to do with the copied API key
Once these modules are applied, the platform is fully deployed and you can proceed to build CI/CD pipelines.