By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

pass stack output from one stack in account_A to another stack in Account_B

0

Hi team,

I have a list of CDK stacks I can deploy in my dev, stage and prod AWS accounts.

one of my stacks (the ECR stack) is deployed only in the DEV account (as a single source of docker images), how can I pass the ECR repository URI to my other stack (the EcsfargateStack) when I deploy to the other accounts: prod and stage?

in dev I do like this :

const ecsfargateStack= new EcsfargateStack(app, "EcsfargateStack", {
  env: env,
  ecrRepoUri: ECRRepositoryStack.repositoryUri, //repositoryUri exported value from the ECRRepositoryStack
});

but in stg and prod ECRRepositoryStack is not deployed but I still need to deploy ecsfargateStack in prod and stg and give them ECRRepositoryStack.repositoryUri, like above

how can I get ECRRepositoryStack.repositoryUri to pass it in my ecsfargateStack in stg and prod knowing that ECRRepositoryStack is uniquely deployed in DEV ?

==>

stack_A(generate repoUri property) is deployed only in account 123, then the property generated in StackA in account 123 needs to be used by Stack_B in accounts 456 and 789.

thank you!!!

Topics
Developer ToolsManagement & GovernanceDevOpsMicroservices
Tags
AWS CodePipelineAWS CloudFormationDevOpsMicroservices
Language
English
Jess
asked 2 years ago1076 views
1 Answer
0
Accepted Answer

Hello,

Hope you are doing well!

I understand that you want to know if in a single CDK project, you can pass stack output from one stack in account_A to another stack in Account_B. In the CDK example provided, like you said, it is creating exports from "ECRRepositoryStack" stack, which will be imported by Stack "ecsfargateStack" to consume.

The answer is no, CDK does not support this use-case due to underlying Service AWS CloudFormation has limitation around stack exports and imports.

Although CDK is a more programmatic service, but limitations from the heavy lifting service CloudFormation still apply. The Exports/Imports feature of CloudFormation is for cross-reference so stacks that are in the same AWS account and region can import the exported values[1]. Therefore, the CDK cross-stack reference like this are still leveraging the same feature so not even cross region can be achieved:

# Base infrastructure stack, Lambda Functions, DynamoDB Tables, etc....
infra = InfraStack(app, "CDK-L3-infrastructure", env=env)

# Application stack that generally changes independently of the underlying infrastructure stack
application = ComputeStack(app, "CDK-L3-application", referenced_function=infra.main_function, referenced_vpc=infra.main_vpc, env=env)

Please consider store your values need to be retrieved in another regions/accounts in a SecreteManager Secret along with necessary trust policies. So other stack in different region can just get its value by utilizing

static fromSecretNameV2(scope, id, secretName)[2]

Best regards

References:

[1] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html

[2] https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-secretsmanager.Secret.html#methods

AWS
Clive_Ying
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content