Open tj opened 6 years ago
kaihendry
commented
6 years ago I prefer having isolated dev and prod accounts to restrict resources. I use "staging" in prod as a way of quickly testing a prod deployment, before actually making the production deployment. Or if I am lazy, I ignore production entirely and treat staging as the canonical. Hence I'd rather focus on the AWS_PROFILE level stuff. e.g. https://github.com/apex/up/issues/654 Just my 2c.
tj
commented
6 years ago Yeah I prefer account-level isolation with teams too, with serverless I find things are generally not too bad in one account but yeah no point risking deleting databases or something by accident if you can avoid it.
I'll see if I can figure out a way to support both more transparently, sounds like they do support cross-account cloudformation. I just wouldn't want to add something half-assed which just leads to confusion
Currently there's only one, ideally we have one per stage so you can restrict access to staging resources only etc.