This message was deleted.
# awss
sparse-intern-71089
02/13/2024, 2:09 AMThis message was deleted.
l
little-cartoon-10569
02/13/2024, 4:53 AMYes. There are a very few resources that are one-per-account only (Default VPC, region activation, etc.). Apart from those resources, there's no reason for resources in one project to touch resources in another, unless you want them to.
c
crooked-barista-29607
02/13/2024, 5:58 AMThank you so much for the explanation!
g
gentle-application-59272
02/13/2024, 8:39 AMwe have like 20 pulumi projects and they each configure up to 8 aws accounts
👀 1
gentle-application-59272
02/13/2024, 8:40 AMsome of the pulumi projects are foundational, eg our 'networking' project that configures a single VPC with subdomains, NAT, firewall, routes etc.. in our 'shared services' aws account, then does vpc sharing to the other accounts by providing those accounts with specific subnets that they can deploy into. This way networking is controlled & routed in 1 account which can set up rules, and other accounts can deploy their stuff only into the subnets they are meant to
gentle-application-59272
02/13/2024, 8:41 AMso some projects have a sort of 'wide' low level application, whereas other projects might do the resources that a specific app may need, both in production & non-production
gentle-application-59272
02/13/2024, 8:41 AMfor those apps we may have 'production' and 'staging' stacks, but for our foundational stuff we mostly have 'default' stack which configures everything
gentle-application-59272
02/13/2024, 8:42 AManyway it's super flexible, and that flexibility means you can tie yourself up in knots if you're not careful
c
crooked-barista-29607
02/13/2024, 8:50 AMThank you so much for the detailed explanation. It was super helpful to me and I really appreciate you taking the time to explain it so thoroughly.
2 Views