search

newrelic / serverless-newrelic-lambda-layers

A Serverless plugin to install New Relic's AWS Lambda layers without requiring a code change.
Apache License 2.0
55 stars 48 forks source link

Cross-account deployments through AWS CodePipelines #371

Open maxlemieux opened 1 year ago

maxlemieux commented 1 year ago

When deploying cross-account through AWS CodePipelines, where there is a pipeline AWS account that sls deploy pushes to, and a destination AWS account on the other end of the AWS CodePipelines CI/CD, the Serverless plugin will create the license key secret in the pipeline account (not the destination).

This works great for the first deployment, but when adding another Serverless deployment with a different AWS subaccount and NR user key/account ID, there is a collision at NEW_RELIC_LICENSE_KEY secret in the AWS pipeline account.

As a possible approach to a new feature, if different serverless.yaml files for different apps/accounts could each specify a unique secret name, all the unique secrets would be created in the pipeline account.

I understand that the suggested resolution for now is to deploy the agent using New Relic Lambda CLI, instead of the Serverless plugin. Please let me know your thoughts about how we can improve support for cross-account AWS CodePipelines deployments with Serverless.

Related internal FR for Node Agent: https://issues.newrelic.com/browse/NR-144757

workato-integration[bot] commented 1 year ago

https://issues.newrelic.com/browse/NR-144758