Reputation: 11831
How to deploy AWS CDK stacks to multiple accounts?
AWS CDK stacks target an account or region based on an evironment, details here. Here is an example of an app that deploys one stack into multiple target accounts:
const envEU = { account: '2383838383', region: 'eu-west-1' };
const envUSA = { account: '8373873873', region: 'us-west-2' };
new MyFirstStack(app, 'first-stack-eu', { env: envEU });
new MyFirstStack(app, 'first-stack-us', { env: envUSA });
My question is how to deploy these 2 stacks - is it possible to deploy them as a single operation? If so, what credentials are used and what roles are required on the 2 accounts?
Ideally, I'd like to be able to do a single command to deploy all stacks across all accounts:
cdk deploy ...
Or is the deployment only possible via 2 steps?
cdk deploy first-stack-eu --profile=profile_for_account_2383838383
cdk deploy first-stack-us --profile=profile_for_account_8373873873
Upvotes: 13
Views: 16947
Answers (4)
Reputation: 17933
As of v2 of CDK this is available by default:
Now by default when you bootstrap an AWS account it will create a set of IAM roles for you, which the CDK will assume when performing actions in that account.
Upvotes: 3
Reputation: 11831
I ended up using the cdk-assume-role-credential-plugin to perform the task. The description of that plugin states:
This plugin allows the CDK CLI to automatically obtain AWS credentials from a stack's target AWS account. This means that you can run a single command (i.e. cdk synth) with a set of AWS credentials, and the CLI will determine the target AWS account for each stack and automatically obtain temporary credentials for the target AWS account by assuming a role in the account.
I wrote up a detailed tutorial on how to use this plugin to perform AWS cross-account deployments using CDK here: https://johntipper.org/aws-cdk-cross-account-deployments-with-cdk-pipelines-and-cdk-assume-role-credential-plugin/
Upvotes: 10
Reputation: 1171
If you have multiple stacks in your app you have to pass every stack into the cdk deploy command e.g. cdk deploy WmStackRouteCertStack004BE231 WmStackUploadStackF8C20A98
I don't know of a way to deploy all stacks in an app, I don't like this behavior and it's the reason I try to avoid creating multiple stacks
Upvotes: -1
Reputation: 238209
In cloudformation you can use Stack Sets for multi-account and multi-region deployments.
However, this is not yet supported in CDK according to the GitHub issue:
Upvotes: 5
Related Questions
- AWS CDK - role and policy creation
- AWS CDK: How can I deploy multiple stack from a single stack
- Create several AWS accounts and populate them with services using CDK
- How to deploy the same stack across multiple regions using AWS CDK
- How to deploy application stack for a cross accounts pipeline
- How to pass values between CDK stacks deployed in different accounts within a CDK app?
- AWS CDK deployment for multiple tenants
- How to deploy AWS CDK app multiple times?
- AWS CDK: how to deploy resources to different accounts?
- How to provide multiple account credentials to `cdk bootstrap`?