One GitHub Org and REPO but multiple AWS accounts (one for each ENV)

[SimonCW]

Hi,
thank you for making and maintaining this construct! Saved us a ton of time already.

I have a question for our specific setup. We have 3 AWS accounts, one for each environment (DEV, STAGE, PROD) and our whole application is in a private VPC. We want to run tests on the application in each environment. How should we do that?

I think the easiest way would be to deploy the construct in each account and connect each deployment to our GitHub Org (github.com). How do I do that? Should I setup a new GH App for each account? I tried to use the existing App for my second deployment but didn't get it to work (I found the documentation for the "Existing GitHub App" lacking / missing. Happy to contribute once I understand it 😉)

[kichik]

thank you for making and maintaining this construct! Saved us a ton of time already.

I'm glad you find it useful!

I think the easiest way would be to deploy the construct in each account and connect each deployment to our GitHub Org (github.com). How do I do that? Should I setup a new GH App for each account? I tried to use the existing App for my second deployment but didn't get it to work (I found the documentation for the "Existing GitHub App" lacking / missing. Happy to contribute once I understand it 😉)

Off the top of my head, separate app is the way to go.

You should be able to re-use the app but there may be some unexpected behavior as this is not a tested use-case. It might work though. The biggest obstacle will be the webhook. You will need to point the webhook to a central one that then sends events to all three instances of the construct. But even after that, as each construct assumes full control, you may run into corner cases where you end up with duplicate runners. I'm not 100% sure about that last part.

For existing GitHub app instructions, see SETUP_GITHUB.md. Skip the parts about creating the app. Basically only steps 10 and 11.

All that said... Maybe we can come up with a more creative solution. 3 VPCs in your runners AWS account that peer with their perspective VPCs in the DEV, STAGE and PROD? Or maybe 3 subnets instead so you don't have to run into VPC limits. Another idea is updating the step function to use cross account steps. I wonder how feasible that is.

[SimonCW]

Hi,
we implemented it with separate GitHub Apps and it works like a charm. Pretty easy to set up by just following the same process (https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md#setup-wizard) for each deployment.

Thank you!