https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
g
1. Separate AWS Organization Account and each developer gets their own AWS Account within this org. 2. Separate AWS Account with different IAM per user 3. Use Prod AWS Account with different IAM for 
development
4. 
development
  and prod workflow do not have much separation. 5. something else ?
b
So I usually suggest that people separate their dev and prod accounts (but can be under the same org) as this means you can allow different people to be able to deploy to the difference environments
g
and all the developers access the 
dev
account using same/different IAM users ?
b
each developer would have their won account / IAM
I 100% do not suggest sharing IAM roles
👍 1
g
are there any rules setup for isolation for the 
dev
account ?
i.e. is there a need to protect that changes in dev account should not affect the prod account ?
b
IAM roles and configuring Pulumi will already protect against that
you would need to specify different credentials for the prod account
and the state is segregated between each Pulumi stack
g
Ooo.. u bring another point i would like to discuss @broad-dog-22463 ? so for 
dev
stacks is the state shared between all developers or one 
dev
stack is potentially used by all developers ?
b
well that's up to you
personally I have my own stack from other devs
g
is there guidance from Pulumi on this ?
i have been a terraform developer where state is shared (quite a lot) and Pulumi is adding a new concept of independent stacks (which has advantages) but brings in the question on should stack state be per developer or per 
environment
?
i got a bit confused by ur comment @broad-dog-22463, would the distinction be more on the organization level ? (i.e. whether u should have a personal stack or its shared on 
dev
)
b
Pulumi stacks and Terrafrom workspaces are a similar construct
Terraform doesn't enforce them
we do
g
atleast the environment i was in 
workspace
was equivalent to an 
environment
so is that similar to how u have setup or recommend ?
since u made a comment that u have an individual state for ur stack , that is not the same as for an 
environment
b
correct
stack doesn't have to be environment
it is a representation of state only
so dev1, dev2, dev3, dev, staging, tenant1, tenant2, prod, dr
can all be stacks
g
is that a recommendation from Pulumi also ?
b
no
none of this is a recommendation from Pulumi
this is 100% your choice
g
so i guess , what are the downsides of having a per person stack ?
for context, we are setting Pulumi up and would like to make sure that we make decisions that DO NOT impact developer velocity
c
@gentle-account-13294 in regards to aws account setup, you should do this: https://aws.amazon.com/organizations/ Here is how you would setup IAM: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorials.html
👀 1
🙏 1
2 Views
Open in Slack
PreviousNext
Powered by