- 최신
- 최다 투표
- 가장 많은 댓글
I have used cloudformation to deploy EB environments with a lot of success. I didn't use cross account but see no obvious technical blockers however there is some additional iam complexity. Here is some steps.
- build your application artifact as normal eg WAR file
- Create a deploy action to copy WAR file to cross account bucket - see here
- Trigger a cross account cloudformation stack with the updated WAR artifact as a parameter - see here. When cloudformation detects the ApplicationVersion source files have changed this will trigger a new resource which will trigger the version attribute with the environment resource to be updated triggering the deployment
CloudFormation manages all the calls to the backend AWS APIs for you. You can run the same CloudFormation template in multiple accounts or multiple regions, and it will create identical environments across them.
Resolved, support gave me some help.
Basically for the action stage you can set a RoleARN, this role should be on the account you wish to deploy to, then the beanstalk app and environment is scoped to that account rather than the account where the pipeline is running.
I found you will need to allow the target account to have access to the pipeline account artifact bucket.
Also it's best to set your own KMS key for the source stage as you can then allow the target accounts use this KMS key
Support gave me some links as well
https://aws.amazon.com/blogs/devops/cross-account-ci-cd-pipeline-single-tenant-saas/
관련 콘텐츠
AWS 공식업데이트됨 2년 전
Think is I cannot find what properties I would need to update in the cloudformation stack that would deploy that code, which attribute do I need to change? I've taken a look at my existing environments and cannot find any reference to the application version.