Menu
We have two AWS account say as Dev and Prod. In Dev account,our code build,code-pipelines and Code-deploy services is configured with S3. However, In Prod account an auto-scaling group is running for the production websites. As per our requirement, We want to deploy the code from dev account to Prod account with cross-account deployment. Basically, The code-build and code-pipelines will execute the code and by using code-deployment it will deploy in the Prod account's Auto-scaling group.
Can someone give us some insight about to achieve the same.
Thanks
279
For cross-account actions, you can only use the key ID or key ARN to identify the key. In this walkthrough and its examples, AccountA is the account originally used to create the pipeline. It has access to the Amazon S3 bucket used to store pipeline artifacts and the service role used by AWS CodePipeline.
Make sure you have the account ID for the Dev account. Sign in to the Prod account as a user with administrator privileges. In the IAM console, create a new role and name it CrossAccountSignin . Choose the wizard option for creating cross-account access between accounts that you own.
CodeDeploy provides two deployment type options, in-place deployments and blue/green deployments. In-place deployment: The application on each instance in the deployment group is stopped, the latest application revision is installed, and the new version of the application is started and validated.
CodePipeline supports cross-account actions, however it's not currently configurable via the console and requires some extra roles to be configured.
Here's a guide on how to make it work: https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-cross-account.html
194
As of today, CodeDeploy doesn't support cross-account deployments. Depending on what your goal is, you might be able to achieve it another way.
I want to deploy a bundle in one account to another account
If your S3 bucket allows access to the second account, CodeDeploy doesn't care what account your bundle is in as long as everything can access it. Per @TimB, it looks like CodePipelines can support that behavior.
I need to initiate a deployment in one account to another
If you have a reason why the deployment must be in one account to another, you could set up the instances in the second account to be on-premise instances, though this is not a great solution.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
