Skip to content

Different users can overwrite a deployment in the same cloud region #1587

New issue
New issue
Open
Bug
0 of 1 issue completed
Open
Different users can overwrite a deployment in the same cloud region#1587
Bug
0 of 1 issue completed
Labels
byocBring Your Own Cloud
Milestone
Feb2026
@lionello

Description

@lionello
lionello
opened on Oct 31, 2025

User A using personal tenant A deploys a project Foo to AWS account 12456789012 region us-west-2.

User B using personal tenant B deploys same project Foo to AWS account 12456789012 region us-west-2.

Actual behavior:

These deployments are using the same state file (same account+region = same CloudFormation stack = same S3 bucket) so B's deployment will be considered an update of A's.

Expected:

Deployments from separate tenants should be considered distinct deployments, regardless of their access to the cloud account.

Options:

  • Make tenant name or ID part of the bootstrap naming scheme: separate tenant => separate state file. In this case, deploying the same project+stack to the same account+region would result in tons of conflicts, failing the deployment. This is probably the right behavior.
  • Abort deployment (in CLI or CD) when we detect a different workspace deploying over an existing project/stack.

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    byocBring Your Own Cloud

    Type

    Bug

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions