Platform engineering is the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organizations in the cloud-native era.

Platform Engineering

I guess you need to break this into smaller chunks and build the solution. Just an initial thought that you need to use sts and iam role chaining (trust, cross account).

thanks for the response and thanks for bumping the question.

In the meantime I’ve gotten some input from other sources:

The situation where the tool ends up having full access is basically the same situation as for multi account pipelines, which seems fine as long as you lock down access (no user access to the account where the pipeline are running and only interaction through code commit or similar tools)

<@U0618PCB97E> if i understand the question correctly then you need AWS cross account role.

Here is the link to document <https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html|https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html> 

We use to create specific role with specific permission to access client accounts and manage things.



Thanks for the input! That’s the path I’m currently heading for :+1: