MILESTONE THAT ALLOWS END-2-END DEPLOYMENT / ACCESS TO MANAGEMENT CONSOLE

1. Project AWS account identified for onboarding into Unity (Bring your own Account).

2. Project (U-CS does this part for now) launches PartnerSolution from project AWS account, which deploys Management Console EC2, and an ALB

3. As part of the automated bootstrap of the Management Console,

   • any pre-setup steps like creating an empty API GW take place
     populate the SSM endpoint (API Gateway)
   • A specific route to the MC Load Balancer URL is created in API GW (enables access to the MC via the API GW). This will use the default authorizer.

4. Create proxy routes manually (in the future maybe automated) created by Unity team in the shared service API GW, that point to project AWS account API Gateway.

   • This connection can be created by running the terraform script. The parameters should be modified (I added some comments in the TF files)
   • https://github.com/unity-sds/unity-cs-infra/blob/main/terraform-shared-services-api-gateway-updater_module/main.tf

5. Project User logs into MC via Shared Services API Gateway (this is the public domain address)
   SS API GW proxy routes to the proj-level API GW
   Access via SS API GW that supports Cognito auth, and web-socket support, also passes the JWT along to MC backend

6. Project User deploys further marketplace items, which result in further API GW routes being created.

   • For example SPS deploy, creates SPS routes in project API GW, and these will need to point to the authorizer.