Skip to main content
Synthetiq BYOI provisioning is declarative: you describe the desired state in a config file (_infra/synthetiq.yaml), generate a plan showing exactly what will change, and provision to apply it.

What you need

  • Two issued ACM certificates for the domain. See Certificates.
  • A domain you control — every app gets a subdomain under it (e.g. my-app.apps.yourcompany.com). See DNS for the records you’ll create.
  • The Synthetiq CLI — installed from the private npm registry. See Installation.
  • A Synthetiq service account for provisioning from CI (local runs use your own login). See Service Account.
  • An AWS account with appropriate permissions — a dedicated sub-account is recommended; see Networking and Permissions.
  • A git repository for the Synthetiq infrastructure configuration.
  • The right Synthetiq org permissions on your account — see below.

Required Synthetiq permissions

Which org scopes you need depends on how you provision:
FlowScopes the person needsWhy
CI (recommended)org:service-accounts, org:trustsTo create the CI service account (synthetiq service-account create) and its OIDC trust (synthetiq trust create). The service account runs the provision using the built-in CI Apply role, which already carries infra:provision — so no person needs that scope.
Local machineinfra:provisionYou run synthetiq infra provision yourself, so your own role must carry the scope the provisioning callback requires. (No service account or trust needed.)
Check what your current role grants: 
synthetiq whoami
The Scopes: list shows your effective org scopes. If any are missing, ask an organization Admin to grant them via a role (Admins have all scopes).

Finding your organization id

Several steps need your organization id — the CI workflow’s organization-id input and the OIDC token exchange. Get it from either:
  • ConsoleSettings → Account, the Organization ID row (with a copy button).
  • CLIsynthetiq whoami prints Org ID:.

The lifecycle at a glance

StepCommandWhat it does
1. Configuresynthetiq infra initInterview → writes _infra/synthetiq.yaml
2. Previewsynthetiq infra generateComputes a CloudFormation change set; writes a reviewable changeset file
3. Applysynthetiq infra provisionExecutes exactly the reviewed change set
For production, steps 2 and 3 run from CI — see CI Integration. For the full order of operations, follow a walkthrough: Local Machine or CI.