https://github.com/cn-docker/control-tower
Control Tower Docker Image
https://github.com/cn-docker/control-tower
aws-cli bosh concourse concourse-ci continuous-delivery control-tower docker docker-image gcp operations
Last synced: 4 months ago
JSON representation
Control Tower Docker Image
- Host: GitHub
- URL: https://github.com/cn-docker/control-tower
- Owner: cn-docker
- License: apache-2.0
- Created: 2019-08-28T13:46:43.000Z (almost 6 years ago)
- Default Branch: main
- Last Pushed: 2025-03-17T09:03:01.000Z (4 months ago)
- Last Synced: 2025-03-17T10:25:57.131Z (4 months ago)
- Topics: aws-cli, bosh, concourse, concourse-ci, continuous-delivery, control-tower, docker, docker-image, gcp, operations
- Language: Dockerfile
- Homepage: https://hub.docker.com/r/cnservices/control-tower
- Size: 177 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# Control Tower Docker Image
[](https://hub.docker.com/r/cnservices/control-tower/)
[](https://hub.docker.com/r/cnservices/control-tower/)
[](https://hub.docker.com/r/cnservices/control-tower/)
[](https://hub.docker.com/r/cnservices/control-tower/)
[](https://github.com/cn-docker/control-tower)
[](https://github.com/cn-docker/control-tower)
[](https://github.com/cn-docker/control-tower)
[](https://github.com/cn-docker/control-tower)
[](https://github.com/cn-docker/control-tower)
## Control Tower for AWS
If you want to run control-tower with it's own IAM account, create a user with the following permissions:
- AmazonRDSFullAccess
- AmazonEC2FullAccess
- IAMFullAccess
- AmazonS3FullAccess
- AmazonVPCFullAccess
- AmazonRoute53FullAccess
- IAMUserSSHKeys
Run the container
docker run --tty --interactive --env AWS_ACCESS_KEY_ID='' --env AWS_SECRET_ACCESS_KEY='' --name control-tower cnservices/control-tower bash
## Control Tower for GCP
On GCP you must also ensure the following APIs are activated in your project:
- Compute Engine API (gcloud services enable compute.googleapis.com)
- Identity and Access Management (IAM) API (gcloud services enable iam.googleapis.com)
- Cloud Resource Manager API (gcloud services enable cloudresourcemanager.googleapis.com)
- SQL Admin API (gcloud services enable sqladmin.googleapis.com)
If using a dedicated GCP IAM member, a IAM Primitive role of roles/owner for the target GCP Project is required.
Run the container:
docker run --tty --interactive --volume $(GCP_KEY_FILE_PATH):/tmp/ --env GOOGLE_APPLICATION_CREDENTIALS=/tmp/$(GCP_KEY_FILE_NAME) cnservices/control-tower bash
## Available commands
After running the docker container, you will prompted to the container environment shell where you can run the following Control Tower commands:
- **deploy**: Deploys or updates a Concourse ([Documentation](https://github.com/EngineerBetter/control-tower/blob/master/docs/deploy.md))
- **destroy**: Destroys a Concourse ([Documentation](https://github.com/EngineerBetter/control-tower/blob/master/docs/destroy.md))
- **info**: Fetches information on a deployed environment ([Documentation](https://github.com/EngineerBetter/control-tower/blob/master/docs/info.md))
- **maintain**: Handles maintenance operations in control-tower ([Documentation](https://github.com/EngineerBetter/control-tower/blob/master/docs/maintain.md))
- **help**: Get help for commands
More information [here](https://github.com/EngineerBetter/control-tower)