I am planning to deploy dev and prod stacks to separate aws accounts. The environments will also have separate stacks. What would be the best way to enforce that dev stacks (there could be many of these) go to the dev account and that the prod stack (of which there should be at most one) goes to the prod aws account? The only thing I can think of is using policy packs. In terraform you would achieve this by having separate provider files for example. Is anybody else doing this in a better way? Or am I wrong in the entire approach?
11/27/2019, 5:07 PM
The simplest thing is just setting the AWS provider configuration via stack configuration. Then only the prod stack would use the pros account a configuration, and similar for dev.
Is there some aspect of what you want to ensure that this does not achieve? There are several other tools/patterns you can use - but depend a bit on more details of what you want to accomplish.