Currently we are building a multi tenant application … I’ve created namespaces and leveraged Cognito/IAM roles for my users. What is the best practices for managing a PROD/QA/DEV environment?
A) Should I prefix my namespace/Cognito User Pools/IAM roles with prod-___, qa-___, & dev-___? This could get a little noisy and even though I tagged my resources … it doesn’t look like arn:aws:quicksight:__ resources are available to filter in the AWS Resource Explorer (potential bug or feature request)
B) Should I create a new account? This seems overkill and managing 3 seperate accounts for my company can be cumbersome. (I really like the idea of “Projects” in GCP to group / manage resources, but it’s not a feature of AWS)
Thanks @Max - Appreciate the response. I don’t know if “Assets as Code” is what we are looking for. It seems to use the QuickSight API to Export/Import resource metadata. While we could store that in some kind of bucket/git repo … this doesn’t help with organization once it is in QuickSight. In other words when I call list_[ResourceType] I get all resource for all environments. I was thinking of using resource tags; but then again I don’t have a good way of using the search_[ResourceType] API to pull back resources where my env tag equals prod for example.
