rsyring
commented
3 months ago I deleted my app and recreated with the app living in the prod account. When I initialized my dev env, I saw:
❯ copilot env init --name dev --profile app-dev-admin
...[snip]...
✔ Shared DNS permissions for this application to account 12345678.
...[snip]...and I was then able to create services in the dev environment and have the DNS managed by copilot.
It does seem like some additional documentation could be helpful. But there are already other issues open about that, so I'm going to close this one.
Refs: https://github.com/aws/copilot-cli/issues/3786, https://github.com/aws/copilot-cli/issues/3602
Context: load balanced web service
We have separate AWS accts for each of our environments (prod, qa, dev). However, they all share the same base domain, e.g. "acme.com" and we have DNS setup like:
The configuration for the domain/zone has to exist in a single account and in our case that's our "prod" account. I've created an http cert for the application in each account and web service's manifest is configured per environment like:
When working with the dev environment, I use an aws config profile associated with the dev account. Not unexpectedly, when trying to deploy the web service, I get the following error:
So what's the proper way to give the cloudformation execution role access to manage DNS records in a different AWS acct? Or, the higher level question, what's the way to manage this type of setup with copilot?
I found an issue comment which describes copilot being created for cross-account/cross-region usage, but couldn't find anything more specific on the DNS.
Now that I'm thinking specifically about that comment, maybe my problem here is that I should have created the application in the prod account instead of dev. DNS would then have been managed in the prod account where the domain is registered?
Thanks in advance for any clarity you can provide.