Cross-account deployments through AWS CodePipelines

[maxlemieux]

When deploying cross-account through AWS CodePipelines, where there is a pipeline AWS account that sls deploy pushes to, and a destination AWS account on the other end of the AWS CodePipelines CI/CD, the Serverless plugin will create the license key secret in the pipeline account (not the destination).

This works great for the first deployment, but when adding another Serverless deployment with a different AWS subaccount and NR user key/account ID, there is a collision at NEW_RELIC_LICENSE_KEY secret in the AWS pipeline account.

As a possible approach to a new feature, if different serverless.yaml files for different apps/accounts could each specify a unique secret name, all the unique secrets would be created in the pipeline account.

I understand that the suggested resolution for now is to deploy the agent using New Relic Lambda CLI, instead of the Serverless plugin. Please let me know your thoughts about how we can improve support for cross-account AWS CodePipelines deployments with Serverless.

Related internal FR for Node Agent: https://issues.newrelic.com/browse/NR-144757

[workato-integration]

https://issues.newrelic.com/browse/NR-144758