Is there a recommended pattern when dealing with m...
# general
Is there a recommended pattern when dealing with multiple AWS accounts in a single organization? Is it better for the state to live in a single bucket in the root account or should the state for each account be in a bucket in that account?
we have a "ops" account where we put devops related stuff. Our single state bucket is in that account
👍 1
keep in mind that if you do separate buckets, or even the same bucket separated by folders, you can't do `StackReference`s across projects
🙏 1
This is the critical factor imo. Using a single backend URL for all stacks allows sharing of (e.g.) resourceIds between stacks. If the stacks are completely unrelated, or you want to limit info exchange between them to just the Pulumi config or similar, then separate backend URLs is the way to go. This will result in smaller state files, with faster operation times (e.g. actions like export/modify/import) resulting.
However this is rarely the case in my experience. E.g. app stacks often refer to many values in shared infra stacks, and StackReferences make that easy.
good points. thanks for your inputs!
Great points from tenwit, I worked in a similar environment with multiple AWS accounts shared by different dev teams. Instead of using 1 state bucket for each team we recommended to simply use some values as configuration, eg
vpc id
subnet id
. The decision here very much depends on how dynamic your environment so you'll need to decide which resources you want to cause the updates.