Working on a Team
Modern cloud-based applications usually rely on a whole host of platform services, requiring remote resources for reliable integration testing. When a team of developers works on the same application, it’s necessary to somehow isolate remote resources, especially for testing purposes, so people can avoid overwriting each other’s work.
There are several possible ways of isolating resources with AWS SAM:
- Create multiple stacks in a single account.
- Use different virtual private clouds.
- Use different AWS accounts.
CloudFormation brings up an entire application using a single command, including remote resources and all the required configurations. To create an individual copy of the application, just change the name of the stack in the
sam deploy command, and SAM will bring up a completely new instance of everything instead of updating an old environment. Using separate stacks for development, testing, and production is a very common way to organise resources for a small team. This approach also makes it easy for developers to set up their own copies of the application for testing, in effect creating a CloudFormation stack for each developer.
Small teams usually keep everything under the same AWS account, sometimes even using the same access keys for development and deployment. That is easy and convenient but doesn’t really prevent people from messing up. AWS supports complex authentication and authorisation policies, so larger organisations often want to isolate developer resources directly on AWS. Many organisations want to isolate production environment access, so that developer keys can’t be used to arbitrarily poke around the deployed application for end-users. The usual reasons for this are data security and auditability. Even if you do not work in a regulated environment requiring strong data protection, it’s good practice to isolate production keys to prevent accidental errors.