AWS CDK 堆栈根据环境定位账户或区域,详细信息 here 。以下是将一个堆栈部署到多个目标帐户的应用示例:
const envEU = { account: '2383838383', region: 'eu-west-1' };
const envUSA = { account: '8373873873', region: 'us-west-2' };
new MyFirstStack(app, 'first-stack-eu', { env: envEU });
new MyFirstStack(app, 'first-stack-us', { env: envUSA });
我的问题是如何部署这两个堆栈 - 是否可以将它们部署为单个操作?如果是,这两个帐户使用什么凭据以及需要什么角色?
理想情况下,我希望能够执行单个命令来跨所有帐户部署所有堆栈:
cdk deploy ...
或者部署只能通过 2 个步骤进行吗?
cdk deploy first-stack-eu --profile=profile_for_account_2383838383
cdk deploy first-stack-us --profile=profile_for_account_8373873873
最佳答案
我最终使用了 cdk-assume-role-credential-plugin执行任务。该插件的描述指出:
This plugin allows the CDK CLI to automatically obtain AWS credentials from a stack's target AWS account. This means that you can run a single command (i.e. cdk synth) with a set of AWS credentials, and the CLI will determine the target AWS account for each stack and automatically obtain temporary credentials for the target AWS account by assuming a role in the account.
我在这里编写了有关如何使用此插件通过 CDK 执行 AWS 跨账户部署的详细教程:https://johntipper.org/aws-cdk-cross-account-deployments-with-cdk-pipelines-and-cdk-assume-role-credential-plugin/
关于amazon-web-services - 如何将AWS CDK堆栈部署到多个账户?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61501910/