I am sure this has been asked before. I’d like to ...
# sstt
Timothée Clain
06/17/2022, 7:01 PMI am sure this has been asked before. I’d like to separate my stacks in multiple repos (for compliance / access control) but deploy to the same account / stage (for instance my sensitive credentials stack is separated in another repo but I need to deploy to stage prod with the same credentials. Is there any caveat / considerations ?
f
Frank
06/21/2022, 4:51 PM
Hey @Timothée Clain, just make sure the app name + stack name pair are unique. For example, if two apps are both called
my-sst-appsst.jsonMyStackFrank
06/21/2022, 4:51 PM
Apart from that.. it should be fine
t
Timothée Clain
06/21/2022, 4:57 PMokay. and I guess I might need to ensure that shared resources (like VPC) are managed by one repo distinctly and retrieved by methods like:
Timothée Clain
06/21/2022, 4:57 PM Copy code
# Retrieve VPC information
vpc = ec2.Vpc.from_lookup(stack, "VPC",
# This imports the default VPC but you can also
# specify a 'vpcName' or 'tags'.
is_default=True
)f
Frank
06/21/2022, 5:10 PM
Yeah, this should work for the default vpc
t
Timothée Clain
06/21/2022, 5:11 PMthx
f
Frank
06/21/2022, 5:11 PM
but if u r creating a VPC in 1 app, and then try to
from_lookupFrank
06/21/2022, 5:11 PM
Otherwise the 2nd app would fail to build b/c it can’t find the VPC.
t
Timothée Clain
06/21/2022, 5:13 PMgotcha. I am wondering if it might not be easier to go full monorepo and leverage codeowners controls on github to limit access / write access to sensitive services. Because they still need to be integrated with the rest of infra. Example: an encrpytion lambda should be the only one with access to a kms key and any change should be scrutinized accordingly, but still needs to be accessed in the private VPC
4 Views