By using AWS re:Post, you agree to the Terms of Use

Migrating production amplify/appsync workload to multi-account structure.


I have a production web app created with AWS Amplify/Appsync Cognito working in one account. To improve security I am going to migrate to multi-account. I will use AWS control tower to create the new account structure and will re-create test and staging environments in a new account. That leaves production....

*** I have two ways forward for the production account and was wondering what the community thinks?***

**Option A ** - Create the new account structure then enroll the current production account into the new structure. The benefit being it is already working and ready to go, will just be a case of tightening up the permissions once the account is under the new structure. The risk is that I migrate it into the new structure and our production users cannot access the webapp anymore, and if that occurs how quickly can the account be un-enrolled from control tower?

Option B - Create a whole new replica of production in the new account structure. Migrate dynamodb, cognito, lambdas, S3. Once the new environment is up and running simply switch over to the new-production and retire the old. This allows a quick reversion to the prior state if required. There is a chance something could be missed and it is time and complex to migrate all elements like DynamoDB and Cognito.

What would you do?

1 Answer

I think Option A is the best one. Create a new multi-account deployment with Control Tower, and then enroll the production account. The mandatory guardrails are unlikely to affect the production workload, as they are designed to protect the Control Tower configurations. What would be recommended is to create a dev environment account within the new environment that replicates production. You could then test the tightening of security configurations and guardrails, before applying them to production

answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions