Skip to main content

Step 7 — Deploy to AWS

Pro, Team, and Enterprise plans.

When the architecture has been validated through simulation and optimisation, the Deploy workflow provisions it as real AWS infrastructure.

The four-step deploy process

Step 1 — Connect

Link your target AWS account using cross-account IAM Role assumption via STS. PinPole generates a CloudFormation stack that creates a least-privilege role in your account.

  • No long-lived credentials are stored — only temporary session credentials are used for the duration of the deployment
  • Select your target deploy region at this step

Step 2 — Review

Inspect the generated infrastructure plan before any resources are created. Verify that the services, configurations, and connections match your validated canvas.

Do not skip the review step

This is the final gate before infrastructure is provisioned. Always review the plan even for architectures you have reviewed extensively on the canvas — the review step confirms that the generated plan matches your intent at the IaC level.

Step 3 — Deploy

Provision the architecture into the connected AWS account. Monitor progress in the deploy panel.

Step 4 — Live

Confirm deployed resources are active and reachable.

IaC Export

If your organisation uses Terraform or CDK as its standard IaC tooling, use Export before or instead of direct deployment. The exported definition integrates with existing pipelines and provides an additional review layer.

IaC export format

IaC export currently produces an architecture definition file compatible with Terraform and CDK. Full Terraform HCL generation (code, not just definition) is planned for Phase 1 — see Upcoming Features.

Deploy best practices

  • Deploy to non-production environments first. Use ST (System Test) or UAT environments before targeting PR (Production). This validates that the architecture behaves in a real AWS account before it handles production traffic.
  • Record the simulation run number that corresponds to the deployed architecture. This creates a traceable link between the validated simulation state and the live infrastructure.
  • Confirm region settings match your canvas endpoint configuration before deploying.