1

I have a multi-account strategy in AWS. All is deployed using the CDK. Each service has it's own account and I want to achieve this (recommended by this aws blog post): central api account

  • If I deploy the API account first, it needs the other account's lambda ARNs for integration, which are not yet created.
  • If I deploy a service account first, it needs the API methods ARNs for giving them permission to invoke the lambdas.

I think this is kind of a "deadlock" situation and I can't figure it out.

Putting it in other words, how can I integrate, using the CDK, the API account's methods with lambdas from another account?

Thanks!

atoledo
  • 435
  • 5
  • 12
  • See: [Cross stack-reference from different AWS accounts](https://stackoverflow.com/questions/66040228/cross-stack-reference-from-different-aws-accounts) – fedonev Nov 10 '21 at 13:38

1 Answers1

1

There's no "one size fits all" approach to problems like these. Common approach I have previously seen:

  1. Define the component with the least amount of dependencies on other components, let's say in this case it's the microservice

  2. Replace the dependency parameters with placeholders, for example, instead of allowing API account to invoke the lambda, allow microservice's account to invoke it first

  3. Now you have lambda ARNs of the microservice, which you can use in other components

  4. Repeat until all components are deployed (but not necessarily functional)

  5. Now you can replace placeholder values in the original microservice deployment

Oleksii Donoha
  • 2,911
  • 10
  • 22