AWS cdk permission boundry

Manage permission of cdk pipeline

Overview

AWS has published a reference architecture document for cdk pipelines using multiple accounts where pipeline remains in the Tools account and resources into the respective workload accounts.

cdk pipeline work in stages and will require two properties for it to be able to create cloudformation stack in respective workload account for each stage — Account Id and Region.

It also require an administrator to bootstrap workload account so that it can assume an IAM…