Multi-environment deployments of AWS CDK apps

[eladb]

Use Case

I am building a custom AWS CDK platform provider and would like to roll out my application across multiple AWS environments (accounts/regions).

Proposed Solution

I think an interesting approach to consider is to automatically create a copy of the application construct tree for each target environment (same way we are doing for testing).

Implementation Notes

No response

Component

No response

Community Notes

• Please vote by adding a 👍 reaction to the issue to help us prioritize.
• If you are interested to work on this issue, please leave a comment.
• If this issue is labeled needs-discussion, it means the spec has not been finalized yet. Please reach out on the #dev channel in the Wing Slack.

[garysassano]

How are you going to source the credentials for the different AWS accounts?

[eladb]

This is handled by the AWS CDK CLI. It already has support for multiple deployment environments (with cross account roles and all the shebang).

[garysassano]

The CDK CLI supports multi-account deployments, but it requires some setup. You need to bootstrap a primary "master" account first. Then, you bootstrap additional "slave" accounts, including a trust policy that allows the master account to deploy to them.

To enable this workflow in Wing, we could probably add support for specifying the target AWS account IDs and regions in the wing.toml config file.

Alternatively, we could use different AWS profiles for each environment. With this approach, the user would still need to bootstrap each environment individually and specify the name of each profile in the wing.toml, but you would be able to skip the chain of trust between the CDK bootstrap stacks.

[eladb]

As I see it, deployment is currently the responsibility of the target provisioning engine and not the Wing CLI. This comes with with some constraints and limitations but also allows users to leverage existing downstream tools and workflows for deployment and orchestration.

To that end, we should make sure it's possible to model these multi-environment systems in Wing (with some degrees of freedom but not all), and let the AWS CDK handle the rest.

[hasanaburayyan]

One workaround we found was to use a custom platform and create multiple stacks per env, and passing in configs per environment something like this in the app constructor:

Ive ommitted what the configs look like, just to show the idea here

super(cdkApp, props.rootId ?? "Default", props);
// ...
const Root = props.rootConstruct;
for (const [name, env] of Object.entries(config.environments ?? {})) {
      const stack = new MyStack(this, `wing-${name}`, {
        config: config,
        environment: env,
      });
      new Root(stack, name);
    }

We probably want to find some way to implement this multiple env support in the awscdk platform itself so custom platforms are not needed.