How to segregate dynamic infrastructure


I’ve got a deployment that creates dynamic transient infrastructure into a QA environment - specifically an Azure web apps created in a resource group created during the first step of the deployment. When the apps are created, they’re tagged with a unique identifier to allow us to logically segregate them, and when the targets are created in Octopus, they are assigned to the QA environment with the individual roles “app” and “api” as well as a role for the unique identifier for that deployment so that we don’t have transient environments to manage in Octopus as that would lead down a path that I predict would be messy.

Normally I would segregate infrastructure by role, but there doesn’t appear to be a way to deploy to a variable role. So when I deploy to the “app” role for instance, the deployment happens to all infrastructure in the QA environment tagged with the “app” role. I need to further isolate a target for the deployment step to only the “app” roles for the unique identifier for this deployment.

Can you offer any insight into the approach I should take for this?

Hi Ben,

Thanks for getting in touch! You’re correct that Octopus doesn’t allow binding variables to target roles. What I’d probably suggest is to take advantage of our multi-tenancy feature to give you the segregation you need. You could assign a tenant/tenant tag to your transient infrastructure, and scope variables and steps to run on these tags. This requires some architectural setup, so I’d first read through some of our comprehensive documentation on multi-tenancy to help in modelling your plan to approach this.

Do you think this would provide a good way to tackle this challenge? I’m happy to help with any questions or concerns moving forward, so please don’t hesitate to reach out!

Best regards,


This would require my infrastructure creation process to create a tenant and attach the infrastructure to that tenant as well. It’s doable, but that seems messy. I’ll give this some more thought.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.