AWS re:Invent 2021 - Automating cross-account CI/CD pipelines [REPEAT]
HTML-код
- Опубликовано: 28 сен 2024
- When building a deployment strategy for your applications, using a multi-account approach is a recommended best practice. This limits the area of impact for changes made and results in better modularity, security, and governance. In this session, dive deep into an example multi-account deployment using infrastructure-as-code (IaC) services such as the AWS CDK, AWS CodePipeline, and AWS CloudFormation. Also explore a real-world customer use case that is deploying at scale across hundreds of AWS accounts.
Learn more about re:Invent 2021 at bit.ly/3IvOLtK
Subscribe:
More AWS videos bit.ly/2O3zS75
More AWS events videos bit.ly/316g9t4
ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.
AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers-including the fastest-growing startups, largest enterprises, and leading government agencies-are using AWS to lower costs, become more agile, and innovate faster.
#AWS #AmazonWebServices #CloudComputing
Thanks for sharing
Hi everyone! Natalie here. I've tried to post the GitHub link here several times but it keeps getting removed. It's automate-cross-account-cicd-cfn-cdk under the aws-samples repo.
Hey Natalie, this is amazing. Thank You for this.
qq, would cdk bootstrapping the cross accounts alley the initial need to run the cf templates to create that pipeline iam role.
I’ve built a project for the same purpose in a slightly different approach, I’d like to get you feedback.
CDK Bootstrapping CrossAccounts:
github.com/raajheshkannaa/cdk-booty-strappin
Cross Account Deployment using CDK pipelines: github.com/raajheshkannaa/fleet-access
Yes you could bootstrap across accounts to deploy the roles with CDK instead of CloudFormation. But you're trading a single deploy for the overhead of a CI/CD pipeline to deploy roles, then the repo, then the application.. Bootstrapping using organizations also works but not everyone uses Organizations. :) There are lots of ways to accomplish it, I just wanted to tell the story of choosing the tool you use based on different personas versus using the CDK for everything.
@@nataliewhite5731 Thank You, you are right about using what works for the current time and personas.
... and where is the github link?
That was my question as well
@@blanky_nap I've tried to post the GitHub link here several times but it keeps getting removed. It's automate-cross-account-cicd-cfn-cdk under the aws-samples repo.
@@nataliewhite5731 OK thanks a lot! I will check it 👍
This was an excellent presentation. Give it 5-10 years and this flow will be a standard across all companies. It just makes sense.
My favorite session of all ReInvent 2021. Thank you so much!
Thank you so much!
advanced CICD
love it
Amazing video! 🤩
This is overwhelming.
How does rollback work in this pipeline?
Thanks for sharing
Glad you enjoyed it, Diego! 🤝 ^BD
Great content, I'm amazed how well you integrated CI/CD & IaaC and created the whole environment, ready for production use. Would be great to access all the resources
I've tried to post the GitHub link here several times but it keeps getting removed. It's automate-cross-account-cicd-cfn-cdk under the aws-samples repo.
No Cloudformation, thank you very much. It cannot handle the re-deployment of resources as simple as a S3 bucket due to not being empty and Lambda due to ENI. CDK is just a wrapper around Cloudformation so it is almost as flawed. Why pick up a technology which will make your life difficult, there are much better alternatives, such as Terraform. Let alone that Cloudformation redeployment does not detect manual changes in the account, and is slower than a tortoise. I think that there is not a worse tool to pick than Cloudfirmation for IaC right now.
If you’re doing manual changes in the account you’re doing it wrong.
@@ihmpall I am not, however it is difficult to enforce this to everyone, and anyone. There are cases where you need to make sure there are no changes, or to undo a manual patch done due to a disaster recovery or so many other reasons. Why limit yourself to a to tool that simply does not cut it, when there are better ones?