aws.cloudformation.StackSet
Explore with Pulumi AI
Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (aws.cloudformation.StackSetInstance
resource). Additional information about StackSets can be found in the AWS CloudFormation User Guide.
NOTE: All template parameters, including those with a
Default
, must be configured or ignored with thelifecycle
configuration blockignore_changes
argument.
NOTE: All
NoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument.
NOTE: When using a delegated administrator account, ensure that your IAM User or Role has the
organizations:ListDelegatedAdministrators
permission. Otherwise, you may get an error likeValidationError: Account used is not a delegated administrator
.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [{
identifiers: ["cloudformation.amazonaws.com"],
type: "Service",
}],
}],
});
const aWSCloudFormationStackSetAdministrationRole = new aws.iam.Role("AWSCloudFormationStackSetAdministrationRole", {
assumeRolePolicy: aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.then(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json),
name: "AWSCloudFormationStackSetAdministrationRole",
});
const example = new aws.cloudformation.StackSet("example", {
administrationRoleArn: aWSCloudFormationStackSetAdministrationRole.arn,
name: "example",
parameters: {
VPCCidr: "10.0.0.0/16",
},
templateBody: JSON.stringify({
Parameters: {
VPCCidr: {
Type: "String",
Default: "10.0.0.0/16",
Description: "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
},
},
Resources: {
myVpc: {
Type: "AWS::EC2::VPC",
Properties: {
CidrBlock: {
Ref: "VPCCidr",
},
Tags: [{
Key: "Name",
Value: "Primary_CF_VPC",
}],
},
},
},
}),
});
const aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = aws.iam.getPolicyDocumentOutput({
statements: [{
actions: ["sts:AssumeRole"],
effect: "Allow",
resources: [pulumi.interpolate`arn:aws:iam::*:role/${example.executionRoleName}`],
}],
});
const aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new aws.iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", {
name: "ExecutionPolicy",
policy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy => aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json),
role: aWSCloudFormationStackSetAdministrationRole.name,
});
import pulumi
import json
import pulumi_aws as aws
a_ws_cloud_formation_stack_set_administration_role_assume_role_policy = aws.iam.get_policy_document(statements=[{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [{
"identifiers": ["cloudformation.amazonaws.com"],
"type": "Service",
}],
}])
a_ws_cloud_formation_stack_set_administration_role = aws.iam.Role("AWSCloudFormationStackSetAdministrationRole",
assume_role_policy=a_ws_cloud_formation_stack_set_administration_role_assume_role_policy.json,
name="AWSCloudFormationStackSetAdministrationRole")
example = aws.cloudformation.StackSet("example",
administration_role_arn=a_ws_cloud_formation_stack_set_administration_role.arn,
name="example",
parameters={
"VPCCidr": "10.0.0.0/16",
},
template_body=json.dumps({
"Parameters": {
"VPCCidr": {
"Type": "String",
"Default": "10.0.0.0/16",
"Description": "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
},
},
"Resources": {
"myVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Ref": "VPCCidr",
},
"Tags": [{
"Key": "Name",
"Value": "Primary_CF_VPC",
}],
},
},
},
}))
a_ws_cloud_formation_stack_set_administration_role_execution_policy = aws.iam.get_policy_document_output(statements=[{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"resources": [example.execution_role_name.apply(lambda execution_role_name: f"arn:aws:iam::*:role/{execution_role_name}")],
}])
a_ws_cloud_formation_stack_set_administration_role_execution_policy_role_policy = aws.iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy",
name="ExecutionPolicy",
policy=a_ws_cloud_formation_stack_set_administration_role_execution_policy.json,
role=a_ws_cloud_formation_stack_set_administration_role.name)
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"sts:AssumeRole",
},
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Identifiers: []string{
"cloudformation.amazonaws.com",
},
Type: "Service",
},
},
},
},
}, nil)
if err != nil {
return err
}
aWSCloudFormationStackSetAdministrationRole, err := iam.NewRole(ctx, "AWSCloudFormationStackSetAdministrationRole", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),
Name: pulumi.String("AWSCloudFormationStackSetAdministrationRole"),
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Parameters": map[string]interface{}{
"VPCCidr": map[string]interface{}{
"Type": "String",
"Default": "10.0.0.0/16",
"Description": "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
},
},
"Resources": map[string]interface{}{
"myVpc": map[string]interface{}{
"Type": "AWS::EC2::VPC",
"Properties": map[string]interface{}{
"CidrBlock": map[string]interface{}{
"Ref": "VPCCidr",
},
"Tags": []map[string]interface{}{
map[string]interface{}{
"Key": "Name",
"Value": "Primary_CF_VPC",
},
},
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
example, err := cloudformation.NewStackSet(ctx, "example", &cloudformation.StackSetArgs{
AdministrationRoleArn: aWSCloudFormationStackSetAdministrationRole.Arn,
Name: pulumi.String("example"),
Parameters: pulumi.StringMap{
"VPCCidr": pulumi.String("10.0.0.0/16"),
},
TemplateBody: pulumi.String(json0),
})
if err != nil {
return err
}
aWSCloudFormationStackSetAdministrationRoleExecutionPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("sts:AssumeRole"),
},
Effect: pulumi.String("Allow"),
Resources: pulumi.StringArray{
example.ExecutionRoleName.ApplyT(func(executionRoleName string) (string, error) {
return fmt.Sprintf("arn:aws:iam::*:role/%v", executionRoleName), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
_, err = iam.NewRolePolicy(ctx, "AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", &iam.RolePolicyArgs{
Name: pulumi.String("ExecutionPolicy"),
Policy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.ApplyT(func(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy iam.GetPolicyDocumentResult) (*string, error) {
return &aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Json, nil
}).(pulumi.StringPtrOutput)),
Role: aWSCloudFormationStackSetAdministrationRole.Name,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Identifiers = new[]
{
"cloudformation.amazonaws.com",
},
Type = "Service",
},
},
},
},
});
var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role("AWSCloudFormationStackSetAdministrationRole", new()
{
AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Name = "AWSCloudFormationStackSetAdministrationRole",
});
var example = new Aws.CloudFormation.StackSet("example", new()
{
AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,
Name = "example",
Parameters =
{
{ "VPCCidr", "10.0.0.0/16" },
},
TemplateBody = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Parameters"] = new Dictionary<string, object?>
{
["VPCCidr"] = new Dictionary<string, object?>
{
["Type"] = "String",
["Default"] = "10.0.0.0/16",
["Description"] = "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
},
},
["Resources"] = new Dictionary<string, object?>
{
["myVpc"] = new Dictionary<string, object?>
{
["Type"] = "AWS::EC2::VPC",
["Properties"] = new Dictionary<string, object?>
{
["CidrBlock"] = new Dictionary<string, object?>
{
["Ref"] = "VPCCidr",
},
["Tags"] = new[]
{
new Dictionary<string, object?>
{
["Key"] = "Name",
["Value"] = "Primary_CF_VPC",
},
},
},
},
},
}),
});
var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Effect = "Allow",
Resources = new[]
{
$"arn:aws:iam::*:role/{example.ExecutionRoleName}",
},
},
},
});
var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", new()
{
Name = "ExecutionPolicy",
Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Role = aWSCloudFormationStackSetAdministrationRole.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cloudformation.StackSet;
import com.pulumi.aws.cloudformation.StackSetArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers("cloudformation.amazonaws.com")
.type("Service")
.build())
.build())
.build());
var aWSCloudFormationStackSetAdministrationRole = new Role("aWSCloudFormationStackSetAdministrationRole", RoleArgs.builder()
.assumeRolePolicy(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.name("AWSCloudFormationStackSetAdministrationRole")
.build());
var example = new StackSet("example", StackSetArgs.builder()
.administrationRoleArn(aWSCloudFormationStackSetAdministrationRole.arn())
.name("example")
.parameters(Map.of("VPCCidr", "10.0.0.0/16"))
.templateBody(serializeJson(
jsonObject(
jsonProperty("Parameters", jsonObject(
jsonProperty("VPCCidr", jsonObject(
jsonProperty("Type", "String"),
jsonProperty("Default", "10.0.0.0/16"),
jsonProperty("Description", "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.")
))
)),
jsonProperty("Resources", jsonObject(
jsonProperty("myVpc", jsonObject(
jsonProperty("Type", "AWS::EC2::VPC"),
jsonProperty("Properties", jsonObject(
jsonProperty("CidrBlock", jsonObject(
jsonProperty("Ref", "VPCCidr")
)),
jsonProperty("Tags", jsonArray(jsonObject(
jsonProperty("Key", "Name"),
jsonProperty("Value", "Primary_CF_VPC")
)))
))
))
))
)))
.build());
final var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.effect("Allow")
.resources(example.executionRoleName().applyValue(executionRoleName -> String.format("arn:aws:iam::*:role/%s", executionRoleName)))
.build())
.build());
var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", RolePolicyArgs.builder()
.name("ExecutionPolicy")
.policy(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy -> aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.role(aWSCloudFormationStackSetAdministrationRole.name())
.build());
}
}
resources:
aWSCloudFormationStackSetAdministrationRole:
type: aws:iam:Role
name: AWSCloudFormationStackSetAdministrationRole
properties:
assumeRolePolicy: ${aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json}
name: AWSCloudFormationStackSetAdministrationRole
example:
type: aws:cloudformation:StackSet
properties:
administrationRoleArn: ${aWSCloudFormationStackSetAdministrationRole.arn}
name: example
parameters:
VPCCidr: 10.0.0.0/16
templateBody:
fn::toJSON:
Parameters:
VPCCidr:
Type: String
Default: 10.0.0.0/16
Description: Enter the CIDR block for the VPC. Default is 10.0.0.0/16.
Resources:
myVpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock:
Ref: VPCCidr
Tags:
- Key: Name
Value: Primary_CF_VPC
aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy:
type: aws:iam:RolePolicy
name: AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy
properties:
name: ExecutionPolicy
policy: ${aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json}
role: ${aWSCloudFormationStackSetAdministrationRole.name}
variables:
aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRole
effect: Allow
principals:
- identifiers:
- cloudformation.amazonaws.com
type: Service
aWSCloudFormationStackSetAdministrationRoleExecutionPolicy:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- sts:AssumeRole
effect: Allow
resources:
- arn:aws:iam::*:role/${example.executionRoleName}
Create StackSet Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new StackSet(name: string, args?: StackSetArgs, opts?: CustomResourceOptions);
@overload
def StackSet(resource_name: str,
args: Optional[StackSetArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def StackSet(resource_name: str,
opts: Optional[ResourceOptions] = None,
administration_role_arn: Optional[str] = None,
auto_deployment: Optional[StackSetAutoDeploymentArgs] = None,
call_as: Optional[str] = None,
capabilities: Optional[Sequence[str]] = None,
description: Optional[str] = None,
execution_role_name: Optional[str] = None,
managed_execution: Optional[StackSetManagedExecutionArgs] = None,
name: Optional[str] = None,
operation_preferences: Optional[StackSetOperationPreferencesArgs] = None,
parameters: Optional[Mapping[str, str]] = None,
permission_model: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
template_body: Optional[str] = None,
template_url: Optional[str] = None)
func NewStackSet(ctx *Context, name string, args *StackSetArgs, opts ...ResourceOption) (*StackSet, error)
public StackSet(string name, StackSetArgs? args = null, CustomResourceOptions? opts = null)
public StackSet(String name, StackSetArgs args)
public StackSet(String name, StackSetArgs args, CustomResourceOptions options)
type: aws:cloudformation:StackSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args StackSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args StackSetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args StackSetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args StackSetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args StackSetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var stackSetResource = new Aws.CloudFormation.StackSet("stackSetResource", new()
{
AdministrationRoleArn = "string",
AutoDeployment = new Aws.CloudFormation.Inputs.StackSetAutoDeploymentArgs
{
Enabled = false,
RetainStacksOnAccountRemoval = false,
},
CallAs = "string",
Capabilities = new[]
{
"string",
},
Description = "string",
ExecutionRoleName = "string",
ManagedExecution = new Aws.CloudFormation.Inputs.StackSetManagedExecutionArgs
{
Active = false,
},
Name = "string",
OperationPreferences = new Aws.CloudFormation.Inputs.StackSetOperationPreferencesArgs
{
FailureToleranceCount = 0,
FailureTolerancePercentage = 0,
MaxConcurrentCount = 0,
MaxConcurrentPercentage = 0,
RegionConcurrencyType = "string",
RegionOrders = new[]
{
"string",
},
},
Parameters =
{
{ "string", "string" },
},
PermissionModel = "string",
Tags =
{
{ "string", "string" },
},
TemplateBody = "string",
TemplateUrl = "string",
});
example, err := cloudformation.NewStackSet(ctx, "stackSetResource", &cloudformation.StackSetArgs{
AdministrationRoleArn: pulumi.String("string"),
AutoDeployment: &cloudformation.StackSetAutoDeploymentArgs{
Enabled: pulumi.Bool(false),
RetainStacksOnAccountRemoval: pulumi.Bool(false),
},
CallAs: pulumi.String("string"),
Capabilities: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
ExecutionRoleName: pulumi.String("string"),
ManagedExecution: &cloudformation.StackSetManagedExecutionArgs{
Active: pulumi.Bool(false),
},
Name: pulumi.String("string"),
OperationPreferences: &cloudformation.StackSetOperationPreferencesArgs{
FailureToleranceCount: pulumi.Int(0),
FailureTolerancePercentage: pulumi.Int(0),
MaxConcurrentCount: pulumi.Int(0),
MaxConcurrentPercentage: pulumi.Int(0),
RegionConcurrencyType: pulumi.String("string"),
RegionOrders: pulumi.StringArray{
pulumi.String("string"),
},
},
Parameters: pulumi.StringMap{
"string": pulumi.String("string"),
},
PermissionModel: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TemplateBody: pulumi.String("string"),
TemplateUrl: pulumi.String("string"),
})
var stackSetResource = new StackSet("stackSetResource", StackSetArgs.builder()
.administrationRoleArn("string")
.autoDeployment(StackSetAutoDeploymentArgs.builder()
.enabled(false)
.retainStacksOnAccountRemoval(false)
.build())
.callAs("string")
.capabilities("string")
.description("string")
.executionRoleName("string")
.managedExecution(StackSetManagedExecutionArgs.builder()
.active(false)
.build())
.name("string")
.operationPreferences(StackSetOperationPreferencesArgs.builder()
.failureToleranceCount(0)
.failureTolerancePercentage(0)
.maxConcurrentCount(0)
.maxConcurrentPercentage(0)
.regionConcurrencyType("string")
.regionOrders("string")
.build())
.parameters(Map.of("string", "string"))
.permissionModel("string")
.tags(Map.of("string", "string"))
.templateBody("string")
.templateUrl("string")
.build());
stack_set_resource = aws.cloudformation.StackSet("stackSetResource",
administration_role_arn="string",
auto_deployment={
"enabled": False,
"retain_stacks_on_account_removal": False,
},
call_as="string",
capabilities=["string"],
description="string",
execution_role_name="string",
managed_execution={
"active": False,
},
name="string",
operation_preferences={
"failure_tolerance_count": 0,
"failure_tolerance_percentage": 0,
"max_concurrent_count": 0,
"max_concurrent_percentage": 0,
"region_concurrency_type": "string",
"region_orders": ["string"],
},
parameters={
"string": "string",
},
permission_model="string",
tags={
"string": "string",
},
template_body="string",
template_url="string")
const stackSetResource = new aws.cloudformation.StackSet("stackSetResource", {
administrationRoleArn: "string",
autoDeployment: {
enabled: false,
retainStacksOnAccountRemoval: false,
},
callAs: "string",
capabilities: ["string"],
description: "string",
executionRoleName: "string",
managedExecution: {
active: false,
},
name: "string",
operationPreferences: {
failureToleranceCount: 0,
failureTolerancePercentage: 0,
maxConcurrentCount: 0,
maxConcurrentPercentage: 0,
regionConcurrencyType: "string",
regionOrders: ["string"],
},
parameters: {
string: "string",
},
permissionModel: "string",
tags: {
string: "string",
},
templateBody: "string",
templateUrl: "string",
});
type: aws:cloudformation:StackSet
properties:
administrationRoleArn: string
autoDeployment:
enabled: false
retainStacksOnAccountRemoval: false
callAs: string
capabilities:
- string
description: string
executionRoleName: string
managedExecution:
active: false
name: string
operationPreferences:
failureToleranceCount: 0
failureTolerancePercentage: 0
maxConcurrentCount: 0
maxConcurrentPercentage: 0
regionConcurrencyType: string
regionOrders:
- string
parameters:
string: string
permissionModel: string
tags:
string: string
templateBody: string
templateUrl: string
StackSet Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The StackSet resource accepts the following input properties:
- Administration
Role stringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - Auto
Deployment StackSet Auto Deployment - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - Call
As string - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - Capabilities List<string>
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - Description string
- Description of the StackSet.
- Execution
Role stringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - Managed
Execution StackSet Managed Execution - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- Name string
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- Operation
Preferences StackSet Operation Preferences - Preferences for how AWS CloudFormation performs a stack set update.
- Parameters Dictionary<string, string>
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - Permission
Model string - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - Dictionary<string, string>
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Template
Body string - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - Template
Url string - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- Administration
Role stringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - Auto
Deployment StackSet Auto Deployment Args - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - Call
As string - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - Capabilities []string
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - Description string
- Description of the StackSet.
- Execution
Role stringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - Managed
Execution StackSet Managed Execution Args - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- Name string
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- Operation
Preferences StackSet Operation Preferences Args - Preferences for how AWS CloudFormation performs a stack set update.
- Parameters map[string]string
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - Permission
Model string - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - map[string]string
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Template
Body string - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - Template
Url string - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration
Role StringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - auto
Deployment StackSet Auto Deployment - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call
As String - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities List<String>
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description String
- Description of the StackSet.
- execution
Role StringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed
Execution StackSet Managed Execution - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name String
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation
Preferences StackSet Operation Preferences - Preferences for how AWS CloudFormation performs a stack set update.
- parameters Map<String,String>
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission
Model String - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - Map<String,String>
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - template
Body String - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template
Url String - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration
Role stringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - auto
Deployment StackSet Auto Deployment - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call
As string - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities string[]
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description string
- Description of the StackSet.
- execution
Role stringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed
Execution StackSet Managed Execution - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name string
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation
Preferences StackSet Operation Preferences - Preferences for how AWS CloudFormation performs a stack set update.
- parameters {[key: string]: string}
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission
Model string - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - {[key: string]: string}
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - template
Body string - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template
Url string - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration_
role_ strarn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - auto_
deployment StackSet Auto Deployment Args - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call_
as str - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities Sequence[str]
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description str
- Description of the StackSet.
- execution_
role_ strname - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed_
execution StackSet Managed Execution Args - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name str
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation_
preferences StackSet Operation Preferences Args - Preferences for how AWS CloudFormation performs a stack set update.
- parameters Mapping[str, str]
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission_
model str - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - Mapping[str, str]
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - template_
body str - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template_
url str - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration
Role StringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - auto
Deployment Property Map - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call
As String - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities List<String>
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description String
- Description of the StackSet.
- execution
Role StringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed
Execution Property Map - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name String
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation
Preferences Property Map - Preferences for how AWS CloudFormation performs a stack set update.
- parameters Map<String>
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission
Model String - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - Map<String>
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - template
Body String - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template
Url String - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
Outputs
All input properties are implicitly available as output properties. Additionally, the StackSet resource produces the following output properties:
- Arn string
- Amazon Resource Name (ARN) of the StackSet.
- Id string
- The provider-assigned unique ID for this managed resource.
- Stack
Set stringId - Unique identifier of the StackSet.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- Amazon Resource Name (ARN) of the StackSet.
- Id string
- The provider-assigned unique ID for this managed resource.
- Stack
Set stringId - Unique identifier of the StackSet.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- Amazon Resource Name (ARN) of the StackSet.
- id String
- The provider-assigned unique ID for this managed resource.
- stack
Set StringId - Unique identifier of the StackSet.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- Amazon Resource Name (ARN) of the StackSet.
- id string
- The provider-assigned unique ID for this managed resource.
- stack
Set stringId - Unique identifier of the StackSet.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- Amazon Resource Name (ARN) of the StackSet.
- id str
- The provider-assigned unique ID for this managed resource.
- stack_
set_ strid - Unique identifier of the StackSet.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- Amazon Resource Name (ARN) of the StackSet.
- id String
- The provider-assigned unique ID for this managed resource.
- stack
Set StringId - Unique identifier of the StackSet.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing StackSet Resource
Get an existing StackSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: StackSetState, opts?: CustomResourceOptions): StackSet
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
administration_role_arn: Optional[str] = None,
arn: Optional[str] = None,
auto_deployment: Optional[StackSetAutoDeploymentArgs] = None,
call_as: Optional[str] = None,
capabilities: Optional[Sequence[str]] = None,
description: Optional[str] = None,
execution_role_name: Optional[str] = None,
managed_execution: Optional[StackSetManagedExecutionArgs] = None,
name: Optional[str] = None,
operation_preferences: Optional[StackSetOperationPreferencesArgs] = None,
parameters: Optional[Mapping[str, str]] = None,
permission_model: Optional[str] = None,
stack_set_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
template_body: Optional[str] = None,
template_url: Optional[str] = None) -> StackSet
func GetStackSet(ctx *Context, name string, id IDInput, state *StackSetState, opts ...ResourceOption) (*StackSet, error)
public static StackSet Get(string name, Input<string> id, StackSetState? state, CustomResourceOptions? opts = null)
public static StackSet get(String name, Output<String> id, StackSetState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Administration
Role stringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - Arn string
- Amazon Resource Name (ARN) of the StackSet.
- Auto
Deployment StackSet Auto Deployment - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - Call
As string - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - Capabilities List<string>
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - Description string
- Description of the StackSet.
- Execution
Role stringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - Managed
Execution StackSet Managed Execution - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- Name string
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- Operation
Preferences StackSet Operation Preferences - Preferences for how AWS CloudFormation performs a stack set update.
- Parameters Dictionary<string, string>
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - Permission
Model string - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - Stack
Set stringId - Unique identifier of the StackSet.
- Dictionary<string, string>
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Template
Body string - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - Template
Url string - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- Administration
Role stringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - Arn string
- Amazon Resource Name (ARN) of the StackSet.
- Auto
Deployment StackSet Auto Deployment Args - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - Call
As string - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - Capabilities []string
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - Description string
- Description of the StackSet.
- Execution
Role stringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - Managed
Execution StackSet Managed Execution Args - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- Name string
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- Operation
Preferences StackSet Operation Preferences Args - Preferences for how AWS CloudFormation performs a stack set update.
- Parameters map[string]string
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - Permission
Model string - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - Stack
Set stringId - Unique identifier of the StackSet.
- map[string]string
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Template
Body string - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - Template
Url string - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration
Role StringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - arn String
- Amazon Resource Name (ARN) of the StackSet.
- auto
Deployment StackSet Auto Deployment - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call
As String - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities List<String>
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description String
- Description of the StackSet.
- execution
Role StringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed
Execution StackSet Managed Execution - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name String
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation
Preferences StackSet Operation Preferences - Preferences for how AWS CloudFormation performs a stack set update.
- parameters Map<String,String>
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission
Model String - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - stack
Set StringId - Unique identifier of the StackSet.
- Map<String,String>
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - template
Body String - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template
Url String - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration
Role stringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - arn string
- Amazon Resource Name (ARN) of the StackSet.
- auto
Deployment StackSet Auto Deployment - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call
As string - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities string[]
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description string
- Description of the StackSet.
- execution
Role stringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed
Execution StackSet Managed Execution - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name string
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation
Preferences StackSet Operation Preferences - Preferences for how AWS CloudFormation performs a stack set update.
- parameters {[key: string]: string}
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission
Model string - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - stack
Set stringId - Unique identifier of the StackSet.
- {[key: string]: string}
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - template
Body string - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template
Url string - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration_
role_ strarn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - arn str
- Amazon Resource Name (ARN) of the StackSet.
- auto_
deployment StackSet Auto Deployment Args - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call_
as str - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities Sequence[str]
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description str
- Description of the StackSet.
- execution_
role_ strname - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed_
execution StackSet Managed Execution Args - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name str
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation_
preferences StackSet Operation Preferences Args - Preferences for how AWS CloudFormation performs a stack set update.
- parameters Mapping[str, str]
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission_
model str - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - stack_
set_ strid - Unique identifier of the StackSet.
- Mapping[str, str]
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - template_
body str - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template_
url str - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
- administration
Role StringArn - Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the
SELF_MANAGED
permission model. - arn String
- Amazon Resource Name (ARN) of the StackSet.
- auto
Deployment Property Map - Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the
SERVICE_MANAGED
permission model. - call
As String - Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values:
SELF
(default),DELEGATED_ADMIN
. - capabilities List<String>
- A list of capabilities. Valid values:
CAPABILITY_IAM
,CAPABILITY_NAMED_IAM
,CAPABILITY_AUTO_EXPAND
. - description String
- Description of the StackSet.
- execution
Role StringName - Name of the IAM Role in all target accounts for StackSet operations. Defaults to
AWSCloudFormationStackSetExecutionRole
when using theSELF_MANAGED
permission model. This should not be defined when using theSERVICE_MANAGED
permission model. - managed
Execution Property Map - Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
- name String
- Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
- operation
Preferences Property Map - Preferences for how AWS CloudFormation performs a stack set update.
- parameters Map<String>
- Key-value map of input parameters for the StackSet template. All template parameters, including those with a
Default
, must be configured or ignored withlifecycle
configuration blockignore_changes
argument. AllNoEcho
template parameters must be ignored with thelifecycle
configuration blockignore_changes
argument. - permission
Model String - Describes how the IAM roles required for your StackSet are created. Valid values:
SELF_MANAGED
(default),SERVICE_MANAGED
. - stack
Set StringId - Unique identifier of the StackSet.
- Map<String>
- Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - template
Body String - String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with
template_url
. - template
Url String - String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with
template_body
.
Supporting Types
StackSetAutoDeployment, StackSetAutoDeploymentArgs
- Enabled bool
- Whether or not auto-deployment is enabled.
- Retain
Stacks boolOn Account Removal - Whether or not to retain stacks when the account is removed.
- Enabled bool
- Whether or not auto-deployment is enabled.
- Retain
Stacks boolOn Account Removal - Whether or not to retain stacks when the account is removed.
- enabled Boolean
- Whether or not auto-deployment is enabled.
- retain
Stacks BooleanOn Account Removal - Whether or not to retain stacks when the account is removed.
- enabled boolean
- Whether or not auto-deployment is enabled.
- retain
Stacks booleanOn Account Removal - Whether or not to retain stacks when the account is removed.
- enabled bool
- Whether or not auto-deployment is enabled.
- retain_
stacks_ boolon_ account_ removal - Whether or not to retain stacks when the account is removed.
- enabled Boolean
- Whether or not auto-deployment is enabled.
- retain
Stacks BooleanOn Account Removal - Whether or not to retain stacks when the account is removed.
StackSetManagedExecution, StackSetManagedExecutionArgs
- Active bool
- When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
- Active bool
- When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
- active Boolean
- When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
- active boolean
- When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
- active bool
- When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
- active Boolean
- When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
StackSetOperationPreferences, StackSetOperationPreferencesArgs
- Failure
Tolerance intCount - The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
- Failure
Tolerance intPercentage - The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
- Max
Concurrent intCount - The maximum number of accounts in which to perform this operation at one time.
- Max
Concurrent intPercentage - The maximum percentage of accounts in which to perform this operation at one time.
- Region
Concurrency stringType - The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
- Region
Orders List<string> - The order of the Regions in where you want to perform the stack operation.
- Failure
Tolerance intCount - The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
- Failure
Tolerance intPercentage - The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
- Max
Concurrent intCount - The maximum number of accounts in which to perform this operation at one time.
- Max
Concurrent intPercentage - The maximum percentage of accounts in which to perform this operation at one time.
- Region
Concurrency stringType - The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
- Region
Orders []string - The order of the Regions in where you want to perform the stack operation.
- failure
Tolerance IntegerCount - The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
- failure
Tolerance IntegerPercentage - The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
- max
Concurrent IntegerCount - The maximum number of accounts in which to perform this operation at one time.
- max
Concurrent IntegerPercentage - The maximum percentage of accounts in which to perform this operation at one time.
- region
Concurrency StringType - The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
- region
Orders List<String> - The order of the Regions in where you want to perform the stack operation.
- failure
Tolerance numberCount - The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
- failure
Tolerance numberPercentage - The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
- max
Concurrent numberCount - The maximum number of accounts in which to perform this operation at one time.
- max
Concurrent numberPercentage - The maximum percentage of accounts in which to perform this operation at one time.
- region
Concurrency stringType - The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
- region
Orders string[] - The order of the Regions in where you want to perform the stack operation.
- failure_
tolerance_ intcount - The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
- failure_
tolerance_ intpercentage - The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
- max_
concurrent_ intcount - The maximum number of accounts in which to perform this operation at one time.
- max_
concurrent_ intpercentage - The maximum percentage of accounts in which to perform this operation at one time.
- region_
concurrency_ strtype - The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
- region_
orders Sequence[str] - The order of the Regions in where you want to perform the stack operation.
- failure
Tolerance NumberCount - The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
- failure
Tolerance NumberPercentage - The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
- max
Concurrent NumberCount - The maximum number of accounts in which to perform this operation at one time.
- max
Concurrent NumberPercentage - The maximum percentage of accounts in which to perform this operation at one time.
- region
Concurrency StringType - The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
- region
Orders List<String> - The order of the Regions in where you want to perform the stack operation.
Import
Import CloudFormation StackSets when acting a delegated administrator in a member account using the name
and call_as
values separated by a comma (,
). For example:
Using pulumi import
, import CloudFormation StackSets using the name
. For example:
$ pulumi import aws:cloudformation/stackSet:StackSet example example
Using pulumi import
, import CloudFormation StackSets when acting a delegated administrator in a member account using the name
and call_as
values separated by a comma (,
). For example:
$ pulumi import aws:cloudformation/stackSet:StackSet example example,DELEGATED_ADMIN
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.