1

I have an AWS codpipeline created with CDK and I want to deploy to a codedeploy deployment group in another account. Any Idea how I can import an existing deployment group in another account into my stack?

Utibeabasi Umanah
  • 13
  • 5

2 Answers2

2

The current accepted answer is not wrong, but also only half the story.

Cloudformation itself cannot manage resources in multiple accounts. This is true.

However, your CodePipeline can assume a role in another account and deploy a Cloduformation Stack to that account. This is a common practice when having a Dev environment and a Prod Environment - you restrict access to changing anything in the prod account to just a single role that CodePipeline can assume and deploy for you - but no users can. (see https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-cross-account.html for some more info)

So if you have. CDK app for your Stack Group, then you can re-use that to deploy to the other account - this is widely accepted and one of the primary uses cases for CDK - multi account deployment of the same basic constructs.

Any resources that are being used cross account will need to have their own Lambdas or scripts in an EC2 instance that assumes another cross account role that gives them access to that resource to retrieve whatever it is you need.

You cannot however, with a single cloud formation stack (or cdk stack) deploy to both accounts - but you can do so with multiple stacks through a single CodePipeline

lynkfox
  • 2,003
  • 1
  • 8
  • 16
-1

You can't do that. CloudFormation is account and region based. You can't create a stack which manages resources in other account.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • Thanks, So can I create 2 stacks in different accounts which references resources from each other? – Utibeabasi Umanah Nov 18 '21 at 04:46
  • @UtibeabasiUmanah Sadly, you can't, as again stacks are account and region scoped. You have to pass any values from the first account as input parameters to the template in other account. – Marcin Nov 18 '21 at 04:49
  • Ok, say I have a code pipeline stack...I can pass in a code deploy deployment group from a stack in another account? – Utibeabasi Umanah Nov 18 '21 at 05:37
  • Technically it is possible to create a resource in another account: https://stackoverflow.com/a/72194202/961695 – Yuriy Galanter May 11 '22 at 00:57