-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-codepipeline-actions): Support cross-account ECS deployments with codepipeline actions #17558
Comments
Hey @kartickvijayakumar, the recommended CDK-team solution is to use the CDK Pipelines module for these cross-account deployments. CDK Pipelines handles Assets for you, automatically. Thanks, |
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
@skinny85 Is there any sample code on how to use the CDK Pipelines module to do this? |
I'm also interested in how exactly you would do this with @aws-cdk/pipelines. I've tried to solve this for a while now and it is really tricky. I endet up with an additional S3 source with my image tag that I want to deploy and a context-variable for the tag that I overwrite in the build phase. |
@stockf there's a pretty detailed explanation on how to achieve this by @tobytipton in #17917 (comment). |
@skinny85 thank you for the reference. Maybe I missed something. But as far as I can see @tobytipton does not use the |
Thx @tobytipton that is a helpful example. |
General Issue
Cross Account & Cross Region ECS
The Question
What is the recommended approach from CDK for cross account ECS deployments through codepipeline at present?
We have a code pipeline that needs to deploy a fargate service into multiple AWS accounts and regions.
The few things we considered were:
CodeBuildAction
that builds the actual service, pushes the container image to ECR and outputs animageTag
. AnotherCodeBuildAction
does acdk synth
for the service stack and outputs its template. We then useTagParameterContainerImage
with aCloudFormationCreateUpdateStackAction
to deploy this template with the appropriateimageTag
- An ECR resource policy issue described in (aws-codepipeline-actions): TagParameterContainerImage unusable cross-account #15070 blocks this approach to do this cross-account.EcsDeployAction
that takesaccount
andregion
as parameters and a `role' with appropriate cross-account and cross-region permissions - Something similar to this has been discussed in [aws-codepipeline-actions] support cross account/region ecs deployment #11199 but the issue has been closed with a pull request (fix(ecs): imported services don't have account & region set correctly #15944) without clarity on the final approach.Is there any elegant way of doing this today? Probably @skinny85 who has been active in most of these issues and discussions can help us with this.
CDK CLI Version
1.132.0
Framework Version
No response
Node.js Version
No response
OS
No response
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: