if I wanted to follow the model where each dev has...
# helps
Sam Hulick
08/04/2021, 8:31 PMif I wanted to follow the model where each dev has their own AWS account as part of our organization, how would I set up SST so that any resources they deploy use the SSL certificate in the primary account? (in other words, cross-account access)
Sam Hulick
08/04/2021, 8:38 PMI suppose this would be the only way. maybe an HTTP API in one account can’t use another account’s certificate directly, and it has to be imported.
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-certificatemanager.Certificate.html#static-fromwbrcertificat[…]nscope-id-certificatearn
Sam Hulick
08/04/2021, 8:44 PMhmm. or maybe devs in their own sandboxes shouldn’t be using the application’s domain.. probably just using AWS’s plain URLs is fine
a
Ashishkumar Pandey
08/04/2021, 8:46 PMyou can share certificates and other major resources using AWS RAM.
s
Sam Hulick
08/04/2021, 8:46 PMwow, never even heard of that one!
f
Frank
08/04/2021, 8:46 PM
Yeah I haven’t tried importing a certificate across account. If u end up trying it.. let me know how that works..
a
Ashishkumar Pandey
08/04/2021, 8:48 PMyou can share a lot many resources such as vpcs, subnets, certificates, route53 configs, etc. It’s great.
Ashishkumar Pandey
08/04/2021, 8:49 PMyou’ll have to add your dev accounts into your organisation using AWS organisations.
s
Sam Hulick
08/04/2021, 8:50 PM@Ashishkumar Pandey thanks for bringing it to my attention! 👍
a
Ashishkumar Pandey
08/04/2021, 9:02 PM@Sam Hulick of course. 🙏
t
thdxr
08/04/2021, 9:32 PMDo dev accounts need official domains or can you make do with aws generated domains
s
Sam Hulick
08/04/2021, 9:33 PMyeah probably the latter, I think. trying to think ahead.. 🤔 our app has a lot of moving parts. there are CloudFront signed cookies, which require CloudFront distributions.. but they can use the AWS generated CloudFront URL (*.cloudfront.net)
3 Views