-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CustomResources: Allow usage across accounts #180
Comments
@pgarbe thanks for the proposal. I am transferring this issue to the RFC repo. Please consider submitting an RFC for this as it requires a bit or design work. |
Marking this RFCs as |
Allow CustomResources to be used across accounts. This needs an additional SNS topic as it makes it easier to set up permissions correctly. Also, the message from SNS topic must be unwrapped in order to work with existing CustomResource provider.
Use Case
My use-case is to provide CloudFormation custom resources for external SaaS solutions. I know that there are also custom types, but it still leaves the problem how to handle secrets (like api keys) properly. The set up I have in mind is to have the custom resource provider in a single account which also knows the secrets. Other accounts in the organization should be allowed to create custom resources in their own stacks using the provider in the shared account.
Another use-case might be the Rout53 example described here
Proposed Solution
serviceToken
changesOther
Similar solution with plain cfn:
https://aws.amazon.com/blogs/mt/multi-account-strategy-using-aws-cloudformation-custom-resources-to-create-amazon-route-53-resources-in-another-account/
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: