Question: What are the best practices for managing different different environments?

Currently we are building a multi tenant application … I’ve created namespaces and leveraged Cognito/IAM roles for my users. What is the best practices for managing a PROD/QA/DEV environment?

A) Should I prefix my namespace/Cognito User Pools/IAM roles with prod-___, qa-___, & dev-___? This could get a little noisy and even though I tagged my resources … it doesn’t look like arn:aws:quicksight:__ resources are available to filter in the AWS Resource Explorer (potential bug or feature request)

B) Should I create a new account? This seems overkill and managing 3 seperate accounts for my company can be cumbersome. (I really like the idea of “Projects” in GCP to group / manage resources, but it’s not a feature of AWS)

C) Other solution I’m not thinking of :slight_smile:

Any help on this would be appreciated.

1 Like

You can do A or B but those come with the downsides that you listed.

A new feature that they just released could also pose a solution. This is the idea of “Assets As Code”

I haven’t gotten too deep into it, but there could be opportunities for you too allow for environmental management via these features.

Thanks @Max - Appreciate the response. I don’t know if “Assets as Code” is what we are looking for. It seems to use the QuickSight API to Export/Import resource metadata. While we could store that in some kind of bucket/git repo … this doesn’t help with organization once it is in QuickSight. In other words when I call list_[ResourceType] I get all resource for all environments. I was thinking of using resource tags; but then again I don’t have a good way of using the search_[ResourceType] API to pull back resources where my env tag equals prod for example.

Related to: Feature Request: Search resources by Tag
Which I see you have answered :slight_smile:

1 Like