Ontopix Infrastructure
Cloud infrastructure management for the Ontopix platform — DNS, IAM, ECR, CodeArtifact, and cost monitoring.
Production
Central infrastructure management for the Ontopix platform using Terraform.
What This Repo Manages
This repository provisions foundational cloud infrastructure that all Ontopix services depend on:
| Module | Purpose | Status |
|---|---|---|
| Route53 | DNS zones and records for all Ontopix domains | Active |
| IAM | Roles, policies, and GitHub OIDC provider | Active |
| ECR | OIDC roles for container registry access | Active |
| CodeArtifact | Private npm and PyPI package registry | Active |
| Cost Alerts | Monthly budget monitoring and email alerts | Active |
| Amplify | Amplify app DNS (deprecated — apps manage their own) | Deprecated |
Who Should Use These Docs
- Employees requesting DNS records, IAM roles, or understanding cost alerts
- AI agents working across Ontopix repos that need infrastructure context
- New team members onboarding to the Ontopix platform
How to Request Infrastructure Changes
All changes follow the same workflow:
- Create a feature branch from
master - Edit the relevant Terraform files
- Run
task infra:planto preview changes - Open a PR with the plan output
- After approval, changes are applied with
task infra:apply
See the Guides section for step-by-step instructions for common operations.
Quick Links
- Architecture Overview — How modules fit together
- Module Reference — What each module manages
- Operational Guides — Step-by-step instructions
- Runbooks — Troubleshooting procedures
- Architecture Decisions — ADRs and rationale
Maintaining These Docs
This .context/docs/ directory is published to the Ontopix Documentation Portal as the Infra collection. Changes merged to master trigger an automatic portal rebuild.
Sensitive Data Policy
These docs are public. Never include:
- AWS account IDs — use
{ACCOUNT_ID}placeholder - ARNs with account IDs — use
${{ secrets.AWS_ACCOUNT_ID }}or{ACCOUNT_ID} - API keys, tokens, or credentials
- Internal IP addresses or endpoint URLs not meant for public access
Sensitive values that are needed for operations should reference their source (e.g., "see global/variables.tf") instead of being inlined.
Adding or Updating Pages
- Follow the existing structure:
.context/docs/{section}/{number}.{slug}.md - Every page needs frontmatter with
title,description,badge, andnavigation.icon - Section index pages are named
1.index.md - Use portal badge presets:
Production,New,Draft,Deprecated,Approved,RFC - Run
task infra:validateif the docs reference Terraform resources — ensure accuracy against current state