rl-docs-hub

Home · Apps · rl-main-infra · todo_api · todo_mobile

---

rl-main-infra

Pulumi TypeScript platform Infrastructure-as-Code repo for the production AWS estate (account 982233224911).

It covers both:

• shared platform foundation and imports/references for existing AWS resources, and
• workload infrastructure composition for services such as PBX, fed-proxy, and data-download.

It should be documented and evolved as a platform repo with clear separation between:

• shared platform foundation
• shared ingress / edge capabilities
• workload modules
• docs / runbooks / status notes
• inventory / discovery / migration artifacts

Stack Summary

• IaC runtime: Pulumi (@pulumi/pulumi, TypeScript)
• Cloud provider: AWS (@pulumi/aws)
• Primary region: ap-southeast-1
• Import strategy: staged, operator-gated, protect-first
• Current environment model: production-only account (no staging account)

Current Infrastructure Baseline (from discovery/audit)

• VPC: vpc-02eda3dee7714fe3d (main-vpc, 10.0.0.0/16)
• Subnets: 25
• Route Tables: 4
• Security Groups: 8
• NAT Gateways: 1
• EC2 instances: 3 (jumphost, ad01, openvpn-egress)
• ECS clusters: 1 (main-cluster)
• API Gateway REST APIs: 1 (rlmc-bcnc-api)
• ECR repos: 8
• Lambda functions: 7
• DynamoDB tables: 13
• S3 buckets: 21 (global)
• CloudFront distributions: 8 (global)
• Route53 hosted zones: 1 private zone (roylee.co.)

Operational Import Posture

• infra:enableManagedImports=false is the safe default for read-only previews.
• Imports are only activated for explicit scopes with infra:enableManagedImports=true.
• All imported resources are protected via infra:protectImported=true + Pulumi protect: true.
• EC2 import is batched with infra:ec2ImportBatch to reduce blast radius.

Documentation Sections

• Structure Standard
• Architecture
• Shared Ingress and Edge Patterns
• Workload Registry
• API Specs
• DB Schema

Source of Truth

• Pulumi code: /Users/admin/.openclaw/workspace/rl-main-infra/src
• Pulumi config: /Users/admin/.openclaw/workspace/rl-main-infra/Pulumi.yaml, /Users/admin/.openclaw/workspace/rl-main-infra/Pulumi.dev.yaml
• Discovery inventory: /Users/admin/.openclaw/workspace/rl-main-infra/inventory/discovery.json
• AWS audit artifacts: /Users/admin/.openclaw/workspace/aws-infra-audit/

Naming rule

• Use PBX in docs and any new workload folders/modules.
• Keep OpenCX only as a legacy alias tied to existing code/config names until a safe cleanup window exists.

DNS Migration

• Route53 Migration Status