Multi-environment deployments of AWS CDK apps

winglang / wing

A programming language for the cloud ☁️ A unified programming model, combining infrastructure and runtime code into one language ⚡

https://winglang.io

Other

4.59k stars 180 forks source link

Multi-environment deployments of AWS CDK apps #6361

Open eladb opened 2 weeks ago

eladb commented 2 weeks ago

Use Case

I am building a custom AWS CDK platform provider and would like to roll out my application across multiple AWS environments (accounts/regions).

Proposed Solution

I think an interesting approach to consider is to automatically create a copy of the application construct tree for each target environment (same way we are doing for testing).

Implementation Notes

No response

Component

No response

Community Notes

Please vote by adding a 👍 reaction to the issue to help us prioritize.
If you are interested to work on this issue, please leave a comment.
If this issue is labeled needs-discussion, it means the spec has not been finalized yet. Please reach out on the #dev channel in the Wing Slack.

garysassano commented 2 weeks ago

How are you going to source the credentials for the different AWS accounts?

eladb commented 2 weeks ago

This is handled by the AWS CDK CLI. It already has support for multiple deployment environments (with cross account roles and all the shebang).

garysassano commented 2 weeks ago

The CDK CLI supports multi-account deployments, but it requires some setup. You need to bootstrap a primary "master" account first. Then, you bootstrap additional "slave" accounts, including a trust policy that allows the master account to deploy to them.

To enable this workflow in Wing, we could probably add support for specifying the target AWS account IDs and regions in the wing.toml config file.

Alternatively, we could use different AWS profiles for each environment. With this approach, the user would still need to bootstrap each environment individually and specify the name of each profile in the wing.toml, but you would be able to skip the chain of trust between the CDK bootstrap stacks.

eladb commented 2 weeks ago

As I see it, deployment is currently the responsibility of the target provisioning engine and not the Wing CLI. This comes with with some constraints and limitations but also allows users to leverage existing downstream tools and workflows for deployment and orchestration.

To that end, we should make sure it's possible to model these multi-environment systems in Wing (with some degrees of freedom but not all), and let the AWS CDK handle the rest.