Question: is it possible to create resources in multiple accounts as part of the same SST project? Context: We’re setting up some cross-account EventBridge architecture and would like consuming domain projects to be able to add EventBridge rules to a central event bus in another account without needing to manually do this in the console or in some other out-of-band project. So we basically need a single resource/construct in an SST project to be built in another account when deploying.

I suspect not - but I’m not sure why. In a normal CDK app you can specify the desired account under the

env

stack props. In SST this is explicitly disallowed. Related ticket: https://github.com/serverless-stack/serverless-stack/issues/1140 It can probably be bodged by running multiple passes of CI/CD but I’m interested in this one myself as I’ve been wrestling with multi-account deploys this afternoon.

@Frank @thdxr Could this perhaps be achieved by requiring another profile or key / secret variable names as part of overwriting the default account? I can also see some more use cases here - e.g. • cross account data access (S3 from other account) • cross account code publishing with code pipeline were 2 scenarios we had in the past

If you mean deploying resources in a single stack into multiple accounts, not allowed in CDK or SST (unless you use the SDK to do so, but defeats the point of CDK). If you mean deploying stacks to multiple accounts, both CDK and SST support this.

@Austin @Klaus just to clarify, are you thinking to have multiple stacks, ie. the EventBus rule in one stack deployed to the central account; and the rest stacks to the app’s account?

@Frank yeah the ideal setup would be as follows: A single sst app/project containing the following: • Stack A built in Account A containing an event bus with targets to things like queues/functions/etc • Stack B built in Account B containing another event bus with a target rule to the event bus in Stack A / Account A Since the rule is referencing the event bus in a stack in another account, this is the tricky part. And ideally this can be deployed in a single operation. I’m not sure it is possible currently.

@Frank I think currently we would need 2 Apps to achieve such setup, as the App-constructor seem the only place to define account / region if I read the SST code correctly.