Skip to content

Allow all sst components to optionally override the DEFAULT_ACCOUNT_ID#6770

Open
DJDANNY123 wants to merge 1 commit intoanomalyco:devfrom
DJDANNY123:dev
Open

Allow all sst components to optionally override the DEFAULT_ACCOUNT_ID#6770
DJDANNY123 wants to merge 1 commit intoanomalyco:devfrom
DJDANNY123:dev

Conversation

@DJDANNY123
Copy link
Copy Markdown

@DJDANNY123 DJDANNY123 commented Apr 19, 2026
edited by vimtor
Loading

Closes #6769

Context

The Cloudflare provider is a bit weird in the way it expects you to specify the accountId on the resource, but API token on the provider.
SST made the choice to default the accountId to an environment variable for all the resources it provisions, as it is annoying to specify this for every resource, however this makes it difficult for multi-account deployments.
This is compounded as some of the resources can't be accessed/overridden by the transforms property (e.g. the custom domain of a worker).

This Change

This change simply extends each cloudflare SST component with an optional accountId, which will be used if specified for provisioning/querying all resources within this component.

@vimtor vimtor self-assigned this Apr 19, 2026
@vimtor
Copy link
Copy Markdown
Collaborator

vimtor commented Apr 21, 2026

thanks for your contribution @DJDANNY123

this week we're adding a lot of Cloudflare components, let's wait until we finish so you can update your PR

in the meantime, i wonder if this is the ideal setup. maybe we should let you define multiple providers, each using a different account. not sure how that would look, though

@vimtor
Copy link
Copy Markdown
Collaborator

vimtor commented Apr 21, 2026

just realized that what we should do is to find a way to do this:

const provider = new cloudflare.Provider("OtherAccount", {
  apiToken: "",
})

new sst.cloudflare.Bucket("Bucket", {}, { provider });

this would match the aws behaviour

@DJDANNY123
Copy link
Copy Markdown
Author

DJDANNY123 commented Apr 21, 2026

I don't understand your code example, I believe we can already do this with the existing implementation.
The issue is in specifying the accountId which is a required argument for all plain cloudflare components, and we can't specify the accountId in the provider.

Ideally the cloudflare provider would accept an accountId, and use this for relevant resources but this would probably be a fairly major change in the cloudflare Pulumi resource provider.

I think given the current state of the downstream provider, we should mimic how the downstream provider works (but still keep the existing default account behaviour for ease of people who don't need to do multi-account deployments)

// define a provider with another api token for a different account
const provider = new cloudflare.Provider("AnotherProvider", { apiToken: "" });

// deploy a plain cloudflare resource in the other account
const plainCfResource = new cloudflare.R2Bucket(
  "",
  { name: "MyBucket", accountId: "ANOTHER_ACCOUNT_ID" },
  { provider },
);

// deploy a sst component in another account in the same way
const sstResource = new sst.cloudflare.Worker(
  "MyWorker",
  { handler: "index.ts", accountId: "ANOTHER_ACCOUNT_ID" },
  { provider },
);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@vimtor vimtor

Labels

cloudflare

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow overriding of AccountId for Cloudflare resources used under the hood

2 participants

@DJDANNY123 @vimtor