Hi everyone!
We started to use SST and so far we l...
# helpm
Mirco Cipriani
03/29/2021, 2:02 PMHi everyone!
We started to use SST and so far we love it, but we are wondering what are the best practices for deploying to production.
We used to define specific IAM policy and users when dealing with deploy of old serverless services. But with CDK and SST it seems that it's impossible to not give it administrative access. Is using a dedicated production account for the service a good option? Are there any other options?
p
Pål Brattberg
03/29/2021, 2:34 PMNot sure I follow, but I use separate accounts for each environment (one AWS account for test and another AWS account for production). As for deployment itself, I use a role-based approach and https://github.com/99designs/aws-vault
f
Frank
03/29/2021, 5:46 PM
Hi @Mirco Cipriani the same approach of defining IAM policy and users applies to SST as well. That said, using a dedicated prod account is a good idea.
c
claudioc
03/31/2021, 11:27 AM+1 for dedicated prod account. Using AWS Organizations (if not even Control Tower) is quite simple to keep things tidy and separated
claudioc
03/31/2021, 11:29 AM(if you are not doing it already, I also suggest using AWS SSO for access, which allows you to give people what they need from a centralized point)