Handle simultaneous cross-region & cross-account CodePipeline Actions #3388
Labels
@aws-cdk/aws-codepipeline
Related to AWS CodePipeline
effort/large
Large work item – several weeks of effort
It can happen that an Action is both in a different account, and in a different region than the Pipeline. In that case, the replication Bucket needs to be either provided or generated with a KMS Key (that is required for cross-account access).
Also, the
artifactStores
property has to correctly include the reference to the KMS Key. We need to research whether it's possible to usealias
there instead of the ARN; if it turns out we cannot, we will have to design a custom CFN resource that will, at deploy time, query the Stack containing the replication Bucket and find out the ID of the KMS Key (Keys cannot have a physical name set), and pass it to the Pipeline Stack in order to correctly fill theartifactStores
property.Also, to be able to use imported replication Buckets in that use-case, we will have to solve related issue #3138 .
The text was updated successfully, but these errors were encountered: