I am creating a multi tenant architecture. I need to duplicate my recources whenever a new tenant registers my platform.
I created a stackset in my SAM project like this:
StackSet:
Type: AWS::CloudFormation::StackSet
Properties:
Capabilities:
- "CAPABILITY_IAM"
- "CAPABILITY_NAMED_IAM"
- "CAPABILITY_AUTO_EXPAND"
AdministrationRoleARN: !GetAtt AdministrationRole.Arn
ExecutionRoleName: !Ref ExecutionRole
OperationPreferences:
FailureToleranceCount: 0
MaxConcurrentCount: 1
PermissionModel: 'SELF_MANAGED'
StackInstancesGroup:
- DeploymentTargets:
Accounts:
- !Ref AWS::AccountId
Regions:
- !Ref AWS::Region
- DeploymentTargets:
Accounts:
- !Ref AWS::AccountId
Regions:
- !Ref AWS::Region
Tags:
-
Key: 'PROJECT'
Value: 'imaclegal'
StackSetName: 'imaclegal'
TemplateURL: 'https://s3.amazonaws.com/a-child-s3/output.yaml'
When I execute sam deploy I get this error:
Properties validation failed for resource StackSet with message: #: #: only 1 subschema matches out of 2 #/StackInstancesGroup: array items are not unique
So it seems I can not get to deploy more than 1 instance in the same AWS account and region, is there any way to accomplish multiple instances in the same AWS account and region? Or is there any other better way to duplicate my resources for my new tenants?
CodePudding user response:
If you want to keep all resources in a single account/region, CloudFormation StackSets currently won't do what you need. If your resources aren't named within your template, you could just create multiple CloudFormation stacks. This could get messy to maintain though, and you're more likely to hit service quotas if you're running the applications at scale.
Personally, I recommend using AWS Organizations to create an account for each tenant. CloudFormation StackSets can then be used to automatically duplicate your resources to new accounts.
This solution also has the added benefit of more precise cost-allocation for each tenant.