I’m trying to automate a cross account codepipeline in three aws accounts. Setting this up manually would be easy since I could control when and which resource gets created at which time. However, I’m having difficulty automating this using TF/TFE.
Account A needs:
- kms key
- artifact bucket
- codepipeline
Account B needs:
- 3 x iam roles
- S3 deploy bucket
Account C needs:
- 3 x iam roles
- S3 deploy bucket
The problem here is that the IAM roles for account B and C needs the ARNs for the kms key and artifact bucket. I cant create the codepipeline in account A until all these resources have been created. On top of that, the actual codepipeline needs the name of the of the s3 deploy buckets in B and C for a ‘deploy step’ where an artifact gets extracted to these s3 buckets.
How can I solve this in an efficient manner?