Cross-account deployement in AWS through Code-deploy service

Question

We have two AWS account say as Dev and Prod. In Dev account,our code build,code-pipelines and Code-deploy services is configured with S3. However, In Prod account an auto-scaling group is running for the production websites. As per our requirement, We want to deploy the code from dev account to Prod account with cross-account deployment. Basically, The code-build and code-pipelines will execute the code and by using code-deployment it will deploy in the Prod account's Auto-scaling group.

Can someone give us some insight about to achieve the same.

Thanks

Answer 1

CodePipeline supports cross-account actions, however it's not currently configurable via the console and requires some extra roles to be configured.

Here's a guide on how to make it work: https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-cross-account.html

Answer 2

As of today, CodeDeploy doesn't support cross-account deployments. Depending on what your goal is, you might be able to achieve it another way.

I want to deploy a bundle in one account to another account

If your S3 bucket allows access to the second account, CodeDeploy doesn't care what account your bundle is in as long as everything can access it. Per @TimB, it looks like CodePipelines can support that behavior.

I need to initiate a deployment in one account to another

If you have a reason why the deployment must be in one account to another, you could set up the instances in the second account to be on-premise instances, though this is not a great solution.