60 lines
2.0 KiB
Markdown
60 lines
2.0 KiB
Markdown
---
|
||
title: "cross-account.json"
|
||
type: concept
|
||
tags: [Terraform, CI/CD, Jenkins, Deployment, IaC]
|
||
sources:
|
||
- ctp-topic-16-cross-account-terraform-modules.md
|
||
last_updated: 2026-05-15
|
||
---
|
||
|
||
## Overview
|
||
|
||
`cross-account.json` 是部署在 Terraform 模块目录中的一个约定俗成的**标记文件**(Marker File),用于告知 Jenkins CI/CD 流水线该模块需要调用跨账号部署逻辑。
|
||
|
||
## Purpose
|
||
|
||
在复杂的 AWS Landing Zone 环境中,并非所有 Terraform 模块都需要跨账号部署:
|
||
|
||
- **普通模块**:仅在单一账号内运行,使用标准 Jenkins → EDR 流水线
|
||
- **跨账号模块**:需要在多个账号中同时创建资源(如 DNS 配置 + 应用部署)
|
||
|
||
`cross-account.json` 作为信号标记,区分这两类模块。
|
||
|
||
## How It Works
|
||
|
||
```
|
||
module-directory/
|
||
├── main.tf
|
||
├── variables.tf
|
||
├── outputs.tf
|
||
└── cross-account.json ← 标记文件(Jenkins 检测此文件)
|
||
```
|
||
|
||
1. **Jenkins 扫描**:Jenkins 在检测模块时,检查目录中是否存在 `cross-account.json`
|
||
2. **识别类型**:存在 → 触发跨账号部署流程;不存在 → 标准单账号流程
|
||
3. **调用 EDR**:触发 [[ECS-Deploy-Runner]] 执行跨账号 Terraform 操作
|
||
|
||
## Content Example
|
||
|
||
`cross-account.json` 通常可以为空文件(文件名本身即标记),或包含简单配置:
|
||
|
||
```json
|
||
{
|
||
"description": "This module deploys resources across multiple accounts",
|
||
"target_accounts": ["InfoBlocks", "Workload"],
|
||
"execution_order": ["InfoBlocks", "Workload"]
|
||
}
|
||
```
|
||
|
||
## Relationships
|
||
|
||
- [[Jenkins]] ← detects ← [[cross-account.json]]
|
||
- [[ECS-Deploy-Runner]] ← triggered_by ← [[cross-account.json]]
|
||
- [[Cross-account-Terraform-Modules]] ← signaled_by ← [[cross-account.json]]
|
||
|
||
## Related Concepts
|
||
|
||
- [[CI/CD Pipeline]]:Jenkins 是 CI/CD 流水线的大脑,通过此标记决定执行路径
|
||
- [[Cross-account-Terraform-Modules]]:该标记是跨账号 Terraform 模块的识别机制
|
||
- [[Marker-Pattern]]:约定优于配置(Convention over Configuration)的典型应用
|