I built a serverless app on an AWS account (S3, API Gateway, Lambda, DynamoDB, IAM). I need to deploy this on another AWS account that is part of the same AWS organization. Is there a CLI/CloudFormer solution where I can select existing AWS resources and replicate them on different AWS account.
You can use CloudFormation stacks sets: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html But the resources need to be maintained by CloudFormation also in first account.
Related
Does it use AWS CloudFormation, the AWS CLI, or does it do something else like directly make AWS API calls without going through the CLI?
No, it not using the AWS CLI or cloud formation.
AWS terraform use the AWS SDK and here you can see the complete list of dependency for the AWS Terraform provider.
It also uses aws-sdk-go https://github.com/aws/aws-sdk-go
https://github.com/hashicorp/terraform-provider-aws
We have a Build account(AccountA) that is hosting all the AWS codepipelines(with source and Build current), planning to use codeDeploy for ECS deployment(ECS cluster is on Account B), I'm not sure whether to create CodeDeploy deployment group in Account A or Account B? How do we do this?
Yes, the CodeDeploy should be in Account B.
The cross-account setup requires a bit of exercise and it can't be fully done in AWS Console. The most important and probably the most confusing part is setting up all the cross-account IAM roles that are required for that.
Below are some AWS resources that should help with this task:
Deploy an application in a different AWS account
Building a Secure Cross-Account Continuous Delivery Pipeline
Create a pipeline in CodePipeline that uses resources from another AWS account
I have an application developed using AWS Serverless components ( Lambda, API Gateway, DynamoDB, Cognito, etc.)
I want to deploy this application to customer's AWS Accounts.
I am thinking to create a CloudFormation stack and give the CF file to the customers. They should be able deploy the application in their AWS account by using this CF stack.
Are there any examples, pointers, best practices for this approach?
How the binaries of the lambda functions are delivered? ( S3 bucket ?)
can the ClodFormation stackSets be used for this?
I am trying to clone my aws account(prod) to another account(test) with all resources and configuration I have set up on prod. Is there any best practice to replicate the aws account to another?
This is not possible.
Nor is there an easy way to list all resources in an AWS account.
Each AWS Service (eg EC2, S3, Lambda) have their own API calls to list resources and describe configurations. There is no universal way to request this information.
Best Practice is to only create resources using AWS CloudFormation templates, thereby having full documentation of resources created and the ability to deploy similar infrastructure in other AWS accounts or regions.
Some third-party services (eg https://www.hava.io/) can extract configuration information and automatically create AWS CloudFormation templates. However, these templates only record the configuration of AWS resources -- they do not replicate the content of storage on disks, Amazon S3 or databases.
Does AWS Java SDK have an api that could help me to retrieve list of resources (vpc, dynamodb, volumes, ec2 etc...) for a given AWS account number?
I have gone through AWS Java SDK docs at a higher level but everything is related to one specific AWS client for a given resource.
I would like to have an abstract AWS client so that it could provide me just couple attributes of associated AWS resources to an aws account.
Any help is appreciated. Thanks!!
All AWS API calls are related to specific services. For example, you can request a list of Amazon VPCs, a list of Amazon DynamoDB tables, a list of Amazon EBS volumes -- but each would require a different API call.
Another option would be to use AWS Config:
AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.
AWS Config can deliver a Configuration Snapshot into an Amazon S3 bucket at regular intervals (eg daily). This snapshot (example) is a JSON file that contains information about VPCs, Amazon EC2 instances and related resources.
However, the configuration snapshot only contains information related to a limited number of services, such as EC2, VPC, Amazon Redshift, Amazon RDS and Amazon S3. (See Supported AWS Resource Types)