https://serverless-stack.com/ logo
Join Slack
Powered by
Hey! Any guidance for larger teams hoping to use S...
# help
b
Hey! Any guidance for larger teams hoping to use SST as part of a mono repo? not the mono-repo specifically, but when looking at the cloud resources deployed, I do see that it’s based on stage - not say, an individual developer. How do we avoid developers stepping on eachothers toes? ie. multiple developers working locally/testing on the same service?
s
hey Blake! I went with one AWS account per developer. so I add a new AWS account to our organization, and then go in there & add an IAM user for the developer
b
In the serverless framework world, I coded a plugin that would generate dynamic stage names - so each developer would get their own stack (based on some hash of their current branch)
ahh.. yes
ok
that was my thinking as well @Sam N
you use TF to manage the AWS org/account management? (at scale?)
s
TF?
b
terraform
s
nope, just using SST/CDK
b
lol dog-food it, right
s
😄 I manually add the new AWS account via the AWS Console
b
ahh.. ok
s
I also have it set up so each sub-account can access SSM parameters in the primary account
so I can set global values for everyone to use
b
Interesting
yeah
anything else? this is all super great lol
been wanting to move to 1 aws account per dev, do have some materials on it - but having first-hand experience of pitfalls or short-cuts is 👌
s
that’s about it 😄 all devs just work on the default “dev” stage.. and for the front end, they have their own 
.env.development.local
which sets the API URL to their own local instance
b
makes a ton of sense
thanks @Sam N really useful stuff!
s
sure!
b
(my first question on here has been officially answered lol)
s
BTW You want to thank @Sam Hulick, not me. But thanks to both of you for this discussion. We might try multiple accounts as well.
s
the only major drawback I’ve noticed so far is that paid tech support is tricky. each account is 100% separate, so you can’t easily get Business level support in your sub accounts, even if your main account pays for it.
so that’s annoying
b
lol
yes, thanks @Sam Hulick hahah
s
like, yo AWS.. I’m not paying you $100/mo/dev account!
b
that’s a great note re: support - I just assumed support would be linked to org, but account is a bit of a work-around.
shouldn’t be an issue for our org, but good to know.
For completed-ness to future searchers posting here - my initial thoughts on handling multi-developer scenarios was actually going to be doing an item already on SST roadmap. https://github.com/serverless-stack/serverless-stack/issues/691 that being said, I think individual AWS accounts has better fit for my org.
s
@Blake E yeah, the multi-account thing is nice..and can also prevent mistakes. 😉 our SST stacks also include a bastion host setup for each dev, so they can securely tunnel into it & access the RDS database behind the VPC
b
Interesting.. @Sam Hulick an openvpn? or.. some more machine-to-machine centric tunnel? (for the bastion)
s
b
simple enough? you setup ssh at the client level I imagine, vs. a host proxy or routing tables etc.
s
yeah, you configure ssh so that if you connect to a hostname starting with 
i-*
, it proxies it through AWS Session Manager
b
Interesting
we tend to use dynamodb, so not as much of an issue (or at least not really an SSH control flow) - but our data team does have RDS/Redshift in their arch, could be valuable for them.
Open in Slack
PreviousNext
Powered by