We have a number of different accounts, A1, A2, AN, (“tiers”, dev, test, live, etc) and they all contain builds and fleets, which then get instantiated in AWS managed accounts B1, B2, BN. I’ve tried manually assuming the fleet-assigned role in Ax from Bx, and that works fine, but my problem is I want to use the same exact build-zip for tiers A1-AN. I can control all of the relevant settings for a given server process via the fleet, but I also want to configure certain settings when install.sh is running, and let a daemon process talk to the correct instance of our backend.
I can get EC2 instance meta-data, so I can figure out the account ID of B1-Bx, but since I never know these up-front, I can’t easily create a mapping back to A1-Ax, which makes it impossible to determine a) which role I can assume, and also b) which backend tier to connect to, without making individual builds for each tier.
I tried using tags, but the instance role has no access, and I don’t know if any of the build or fleets tags get applied to the EC2 anyway. If I defer things to after servers have started up, I could theoretically make a late binding from server IP to instance, but it happens a bit later than I would prefer.