Is there a recommended pattern when dealing with m...
# generals
steep-toddler-94095
07/22/2021, 9:27 PMIs there a recommended pattern when dealing with multiple AWS accounts in a single organization? Is it better for the state to live in a single bucket in the root account or should the state for each account be in a bucket in that account?
b
bored-oyster-3147
07/22/2021, 9:31 PMwe have a "ops" account where we put devops related stuff. Our single state bucket is in that account
👍 1
bored-oyster-3147
07/22/2021, 9:32 PMkeep in mind that if you do separate buckets, or even the same bucket separated by folders, you can't do `StackReference`s across projects
🙏 1
l
little-cartoon-10569
07/22/2021, 9:38 PMThis is the critical factor imo. Using a single backend URL for all stacks allows sharing of (e.g.) resourceIds between stacks.
If the stacks are completely unrelated, or you want to limit info exchange between them to just the Pulumi config or similar, then separate backend URLs is the way to go. This will result in smaller state files, with faster operation times (e.g. actions like export/modify/import) resulting.
little-cartoon-10569
07/22/2021, 9:39 PMHowever this is rarely the case in my experience. E.g. app stacks often refer to many values in shared infra stacks, and StackReferences make that easy.
s
steep-toddler-94095
07/22/2021, 11:31 PMgood points. thanks for your inputs!
g
great-sunset-355
07/23/2021, 8:54 AMGreat points from tenwit, I worked in a similar environment with multiple AWS accounts shared by different dev teams.
Instead of using 1 state bucket for each team we recommended to simply use some values as configuration, eg
vpc idsubnet id6 Views