AWS BOT Deployment

Welcome to the AWS Bot Deployment phase. Here you will be tasked to use Github Actions and Terraform to provision a set of Neverfail Continuous Controls (NFCC) functions inside your AWS Lambda service to support your deployment. After function deployment, each will be automatically registered on the NFCC platform as a customer collection bot or as a customer remediation bot.

The collection bots are used to collect component (source system/application) populations and evidence from the Sandbox Deployment cloud infrastructure provisioned in the previous deployment. The customer remediation bots are used to ameliorate specific conditions within the Sandbox Deployment cloud infrastructure.

All assets created should have the NFCC-POC : true tag applied. The tags will make it easier to locate resources and to manage billing as tags can be used for spend tracking and budgeting.

The approximate time expected to complete this deployment task is 15 minutes.

Bot Deployment Prerequisites

Please be sure you have the following variables ready before proceeding:

  • AWS_DEFAULT_REGION: From previous Infrastructure step.

  • AWS_ACCESS_KEY_ID: From previous Infrastructure step.

  • AWS_SECRET_ACCESS_KEY: From previous Infrastructure step.

  • CUSTOMER_NAME: Provided in your task system ticket.

  • NFCC_NPM_TOKEN: Provided in your task system ticket.


1. Use the Github NFCC Functions Deployment Template

  1. In a new tab or window, visit the Neverfail AWS Functions Deployment Template Github repository and accept the invitation.

  1. Click Use this template to get to the “Create a new repository” screen.

  1. Change the Owner to your user.

  1. Use Repository Nameaws-functions-deployment-template”.

  1. Set to Private visibility.

  2. Click Create repository from template.

  1. Click on the Actions tab.

  2. If the Enable Actions on the repository screen appears, click on it.
    If this option does not appear, please proceed to next steps.

2. Add Secrets to the Github Repository

  1. In the UI, aws-functions-deployment-template repository view, click on Settings tab.

  1. Click on Secrets on the left-hand menu.

  1. Click on New secret to add a secret for each of the variables below.

  1. Add the following secrets, these should be the same secrets used in previous deployment step:






  2. Add the following new secrets, which should be inside your WIQ Task:


3. Trigger the Github Actions Workflow

To start the deployment process using GitHub Actions, create a file named "apply” in the root of the repository.

  1. Click on the < > Code tab.

  2. Click Add file, then Create new file.

  1. Input the new file name “applythen scroll down.

  1. Select Commit new file.

  1. Feel free to visit the Actions tab in the Github repository to view the deployment tasks.

Terraform Job General Troubleshooting

We have tried to capture and handle all possible scenarios during the infrastructure deployment, but due to the complexity of the operation, it is possible that something can go wrong. If you receive an error during the Terraform job, first, let the job complete, then afterwards, try re-running the job by clicking the Re-run jobs button on the top-right. If you still have problems, feel free to reach out to your engagement lead for assistance.

Terraform will run for approximately 3 minutes. Again take a moment to reflect on what's happening here.

We are taking the NPM Artifacts and deploying them as AWS Lambda functions, which will be registered as bots in our Continuous Controls platform.

4. Verification of Asset Creation (Optional)

The Terraform automation will provision a set of AWS Lambda functions listed below, which will be used to collect testing evidence from the deployment components. Lambda can be located from the main services console view.

Optionally, for a comprehensive list of actions taken, feel free to visit the AWS CloudTrail event history from the AWS console:

  • Allow 5-10 minutes after completion as it does not show up right away.

5. Power BI Dashboard Refresh

With the bots are registered, the Continuous Controls platform executed an initial test run for the AWS test suite. The Power BI dashboard needs to be refreshed in order to display the results of this initial test suite run.


  1. In Power BI, navigate to Apps.
    (in the left-hand menu)

  2. Select your newly created app.

  3. Click the pencil icon on the upper-right to edit settings tab.

  1. Click the Datasets tab, then the refresh icon, per screenshot.

  1. Navigate back to Apps (left-hand menu).

  2. Select your newly created app.

  1. If the report doesn't refresh, use the refresh button in the top sub-menu bar.

IMPORTANT NOTE: If you do not see updated data in the dashboard, it is possible that something is wrong with your WIQ team feature configuration. If this occurs, you should be sent a "WorkflowIQ Unavailable Requires Remediation" task. Please visit your Task system to see if this is the case. Assuming this occurred, you will need to update and test the configured File Team Feature for the “IT Team.”If the report doesn't refresh, use the refresh button in the top sub-menu bar.

It's a WRAP! Your final Sandbox onboarding deployment is done.

UP NEXT: Time to dive into your active state Sandbox Deployment. Your ticket for accessing the deployment environment is waiting for you in JIRA.