Vision
Repository structure becomes the authoritative source of truth for cloud infrastructure organization and team permissions across supported cloud providers.
Direction
Move from manual cloud provider setup to automated synchronization with repository structure, supporting multiple cloud providers (GCP, AWS, Azure). Evolve from per-team manual permission assignments to CODEOWNERS-driven IAM provisioning. Establish folders containing project.json/package.json as cloud project/account boundaries.
Qualitative Description
| Aspect |
Current |
Target |
| Cloud hierarchy creation |
Manual per-team projects/accounts per provider |
Automated from repository folder structure; provider-agnostic |
| Project identification |
Arbitrary cloud projects/accounts unrelated to repo |
NX projects map 1:1 to cloud projects/accounts across providers |
| Folder hierarchy |
Manual folder/OU/management group creation per provider |
Auto-generated to match teams///[project.json OR nested folders leading to project] |
| Permission assignment |
Manual IAM role binding per team, per provider |
Generated from CODEOWNERS file structure; auto-synced to all supported providers |
| Synchronization |
One-time bootstrap scripts (provider-specific) |
Continuous CI validation on every PR; unified across providers |
| Single source of truth |
Inconsistent per provider |
Repository structure as authoritative source for all providers |
| Provider support |
Single provider (GCP) |
Multiple providers (GCP, AWS, Azure, ...) with unified patterns |
Outcome Metrics
| Metric |
Current |
Target |
| % of cloud hierarchy matching repo structure (across all providers) |
0% |
100% |
| Cloud projects/accounts orphaned (without corresponding NX project) |
5+ |
0 |
| Time to provision new team infrastructure across providers |
2-4 hours per provider (manual) |
< 15 minutes unified (fully automated) |
| Manual permission assignments per quarter across all providers |
20+ per provider |
0 (all from CODEOWNERS) |
| Teams with permissions matching CODEOWNERS across providers |
0% |
100% |
| Supported cloud providers with unified hierarchy provisioning |
1 (GCP) |
3+ (GCP, AWS, Azure) |
Process Metrics
| Metric |
Current |
Target |
| % of folders with project.json having matching cloud projects across providers |
0% |
100% |
| CODEOWNERS-to-cloud-IAM sync frequency |
Manual (on demand) per provider |
Every CI run (automated) across all providers |
| Bootstrap script coverage (% of path-to-project scenarios) |
~40% (GCP-only) |
100% (provider-agnostic) |
| CI validation gates for repo-to-cloud alignment |
None |
Blocking check on all PRs modifying folder structure; validates across providers |
| Folders validated to prevent orphaned cloud resources |
0 |
100% before bootstrap (per provider) |
| Provider-specific divergence in hierarchy patterns |
N/A |
0 (unified patterns across GCP/AWS/Azure) |
