I there a way to create a single CDK/SST app that ...
# helpd
Dan Van Brunt
12/08/2021, 6:46 PMI there a way to create a single CDK/SST app that can deploy two (slightly different) stacks each stack to a different AWS account? I assume no.
Dan Van Brunt
12/08/2021, 6:47 PMAssuming StackSets can’t help here since I think they need to be identical stacks
d
Dan Greaves
12/08/2021, 10:38 PMYour CDK stacks are just javascript, so you can pass in environment variables which will be available to your javascript at the point of synthesising the stack. For example, let’s say your first stack needs an ElastiCache cluster but your second one doesn’t, when synthesising the second one, you can do.
Copy code
DISABLE_ELASTICACHE=true sst deploy Copy code
if (!process.env.DISABLE_ELASTICACHE) ...add constructDan Greaves
12/08/2021, 10:39 PMYou can also use CloudFormation Parameters in CDK which allows you to set let’s say an S3 bucket name which you want different in each stack. Doing it this way allows you to deploy the exact same stack to both apps, but in Cloudformation, you can see what the parameter is set to. In this case, SST has nothing to do with it, it’s Cloudformation that actually merges your parameter value at the point it deploys.
f
Frank
12/09/2021, 8:06 AM
@Dan Van Brunt this is doable in CDK, you can specifiy different AWS account and region for each stack. It’s not currently possible with SST. Do you mind sharing your use case?
d
Dan Van Brunt
12/09/2021, 2:40 PM@Frank Ya, its a bit complex and might be overkill.
Stack Cleanup Webhook (Github => Lambda)
• when feat branches are deleted in github, this lambda goes out and tears down the associated enviroment. This can be across two AWS accounts. Sandbox (DEV envs) and Prod (RC envs)
• In order for that Lambda to have permissions, I need to have already created a Role in the Sandbox account it can assume in order to delete stacks in that account.
Cross-Account-Site Lambda@Edges
• we have an Edge lambda that is used on all our sites both dev (AWS account 1) and prod (AWS account 2) this lambda needs access to that site’s bucket to access it’s routing file. This access is given via that site’s bucket policy.
• I wasn’t sure if I could easily give a cross-account role access in a bucket policy so we create duplicate Lambda@Edge functions in both sandbox and production accounts as well as roles.
Dan Van Brunt
12/09/2021, 2:44 PMHappy to talk in detail over huddle/zoom if you have time sometime. In the process of re-writing this infra as we speak.
SLS => SST
Dan Van Brunt
12/10/2021, 3:28 AM@Frank How far off is it for me to be able to get SST to deploy to two AWS accounts?
Otherwise I will likely just create two SST apps and deploy each separately.
Dan Van Brunt
12/11/2021, 12:14 AMThanks @Dan Greaves I was curious if there was a way to deploy to two AWS accounts with a single App/SingleDeployCommand. However, it doesn’t sound possible with SST? However, I am doing as you suggested and just using the same app for both accounts, deploying once to each, and letting JS / ENV Vars dictate how different the stacks need to be.
So far, it’s working nicely.
d
Dan Greaves
12/11/2021, 12:58 AMI think that seems cleaner than trying to do it in a single deployment. Much less complexity.
f
Frank
12/11/2021, 4:18 AM
Hey @Dan Van Brunt, sorry I was caught up in a few meetings today. Yeah the two scenarios you laid out make sense. Supporting deploying to multiple account needs some work to be able to assume the credentials in use into other AWS accounts.
Frank
12/11/2021, 4:19 AM
We might not be able to get to this right away, but let me open an issue for this https://github.com/serverless-stack/serverless-stack/issues/1140
2 Views