Open dannyrandall opened 2 years ago
craigjbass
commented
1 year ago @iamhopaul123 https://github.com/aws/copilot-cli/issues/2939#issuecomment-949031717 mentions in this issue that multiple accounts is possible/encouraged, but it's not clear to me how to do this.
paragbhingre
commented
1 year ago @craigjbass Let's take the same example from the issue that you have mentioned above to help you understand multiple accounts implementation with Copilot.
copilot app init --name example, then your application's infrastructure role stack will be created in your tooling(default) AWS account.copilot env init --name prod --app example --profile prod and then copilot env deploy --name prod --app example and your environment will be setup under prod account and it will be linked to your example app in the tooling account. In this environment you can deploy your choice of services, jobs etc.copilot svc init --app example --env prod followed by copilot svc deploy --app example --env prod and it will create a service inside prod environment.Please let us know if you have any more questions.
craigjbass
commented
1 year ago Thanks for the reply, that's interesting! It did not occur to me that the application infrastructure role stack could exist in a different account (I didn't really understand how this component worked).
Hmm, I wonder how this would work with e.g. AWS SSO (now IAM Identity Center). I presume the profile prod needs access to resources in the tooling account?
dannyrandall
commented
1 year ago jumping in to link https://github.com/aws/copilot-cli/issues/3786 - there are a few multi account options discussed over there!
From Gitter.
It would be helpful for the copilot docs to include some documentation around deploying to multiple accounts, for example, having a separate
testand aprodaccount. Some useful details to include:Related issue: https://github.com/aws/copilot-cli/issues/2939