search

aws-samples / aws-serverless-airline-booking

Airline Booking is a sample web application that provides Flight Search, Flight Payment, Flight Booking and Loyalty points including end-to-end testing, GraphQL and CI/CD. This web application was the theme of Build on Serverless Season 2 on AWS Twitch running from April 24th until end of August in 2019.
MIT No Attribution
2.2k stars 1.3k forks source link

AWS Amplify - Question #8

Closed PetarGK closed 5 years ago

PetarGK commented 5 years ago

Hi Heitor,

I have a question for AWS Amplify... Is it possible the pipelines created for master/develop branches to be associated with separate AWS Accounts? From security perspective and not only it is good idea the resources associated to every one environment to be located in separate AWS Accounts in AWS Organization.

heitorlessa commented 5 years ago

Hi Heitor,

I have a question for AWS Amplify... Is it possible the pipelines created for master/develop branches to be associated with separate AWS Accounts? From security perspective and not only it is good idea the resources associated to every one environment to be located in separate AWS Accounts in AWS Organization.

Hey Petar,

AWS Amplify uses feature branch for deployment and it dynamically constructs a pipeline based on that. If you want prod only deployed in a Prod account, you'd set Amplify Console in that account and connect that Branch specifically.

In terms of restriction, you can create a Service Role tied to a particular branch using IAM policies as Resource Types are supported.

Alternatively, we could have an episode focusing on multi-account deployments as the bonus episode if you could add them here for voting: https://github.com/aws-samples/aws-serverless-airline-booking/issues/1

I don't have an example at hand but maybe @swaminator has one :)

PetarGK commented 5 years ago

Hi again,

Thank you for the answer!

I think I will be able to reproduce what you are saying... There are so many topics which are interesting to be seen on the bonus episode. I wish if there was more than one bonus episodes :)

What you suggest is very interesting topic to rework multi table approach in single table. I voted for that.

It will be interesting for me to see step functions in action for the Payment service and implement something similar to the approach here: https://medium.com/dazn-tech/serverless-and-step-functions-at-dazn-5c66fc7fd549. Of course just prototyping but it will be nice. If we can do that with CDK it will be perfect :)

Good topic could be to implement multi accounts setup with policy restrictions applied to Amplify ServiceRole...

There are so many choices