hassaku63 Takuya Hashimoto (Serverworks Co., Ltd.) Serverworks is; System Integrator & AWS Premier Tier Service Partner (since 2014) 1st Japanese Company to acquire MSP Competency in AWS Partner Network (APN)
Guide” 2. What “cdk bootstrap” command actually doing 3. Con f igure cross-account deployment for CDK project This is my f irst time outputting in English. I'm looking forward to discussing with all of you today, but I apologize if my English is hard to understand.
CDK deployments [2] DefaultStackSynthesizer CDK’s default approach Fewer permissions are required for the principal who is initiating CDK deployment action than [1] [1] CliCredentialsStackSynthesizer Simple deployment pattern Do not use AssumeRole for deployment
Deployment target account(s) (1) CDK’s default approach makes it easier to migrate to cross-account architecture because deployment are based on AssumeRole & PassRole (2) These resources (in orange box) are constructed ”cdk bootstrap” (3) Need to con f igure IAM Roles to “trust” the principals in another account if con f igure cross-account deployment (by execute “cdk bootstrap” command)
ined resources are; (only covering those relevant to my talk theme) Allow AssumeRole to AWS Account principal if “TrustedAccouts” given IAM Role resource de f ined in bootstrap template 1. S3 Bucket for storing f ile assets 2. ECR Repository for upload container assets 3. IAM Role for Upload f ile assets 4. IAM Role for push container assets 5. IAM Role for lookup resources
“cdk bootstrap” command 2. Use “trust” option with bootstrap command to con f igure cross-account deployment 3. Allow the actor that starts deployment (such as CodeBuild Project) to execute the AssumeRole action to the Roles that are constructed by bootstrap