AWS::CloudFormation::StackSet
The AWS::CloudFormation::StackSet
enables you to provision stacks into AWS
accounts and across Regions by using a single CloudFormation template. In the stack
set, you
specify the template to use, as well as any parameters and capabilities that the template
requires.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::CloudFormation::StackSet", "Properties" : { "AdministrationRoleARN" :
String
, "AutoDeployment" :AutoDeployment
, "Capabilities" :[ String, ... ]
, "Description" :String
, "ExecutionRoleName" :String
, "OperationPreferences" :OperationPreferences
, "Parameters" :[ Parameter, ... ]
, "PermissionModel" :String
, "StackInstancesGroup" :[ StackInstances, ... ]
, "StackSetName" :String
, "Tags" :[ Tag, ... ]
, "TemplateBody" :String
, "TemplateURL" :String
} }
YAML
Type: AWS::CloudFormation::StackSet Properties: AdministrationRoleARN:
String
AutoDeployment:AutoDeployment
Capabilities:- String
Description:String
ExecutionRoleName:String
OperationPreferences:OperationPreferences
Parameters:- Parameter
PermissionModel:String
StackInstancesGroup:- StackInstances
StackSetName:String
Tags:- Tag
TemplateBody:String
TemplateURL:String
Properties
AdministrationRoleARN
-
The Amazon Resource Number (ARN) of the IAM role to use to create this stack set. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account.
Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the AWS CloudFormation User Guide.
Minimum:
20
Maximum:
2048
Required: No
Type: String
Update requires: No interruption
AutoDeployment
-
[
Service-managed
permissions] Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU).Required: No
Type: AutoDeployment
Update requires: No interruption
Capabilities
-
The capabilities that are allowed in the stack set. Some stack set templates might include resources that can affect permissions in your AWS account—for example, by creating new AWS Identity and Access Management (IAM) users. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.
Required: No
Type: List of String
Update requires: No interruption
Description
-
A description of the stack set.
Minimum:
1
Maximum:
1024
Required: No
Type: String
Update requires: No interruption
ExecutionRoleName
-
The name of the IAM execution role to use to create the stack set. If you do not specify an execution role, AWS CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation.
Minimum:
1
Maximum:
64
Pattern:
[a-zA-Z_0-9+=,.@-]+
Required: No
Type: String
Update requires: No interruption
OperationPreferences
-
The user-specified preferences for how AWS CloudFormation performs a stack set operation.
Required: No
Type: OperationPreferences
Update requires: No interruption
Parameters
-
The input parameters for the stack set template.
Required: No
Type: List of Parameter
Update requires: No interruption
PermissionModel
-
Describes how the IAM roles required for stack set operations are created.
-
With
SELF_MANAGED
permissions, you must create the administrator and execution roles required to deploy to target accounts. For more information, see Grant Self-Managed Stack Set Permissions. -
With
SERVICE_MANAGED
permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by AWS Organizations. For more information, see Grant Service-Managed Stack Set Permissions.
Allowed Values:
SERVICE_MANAGED
|SELF_MANAGED
Note The
PermissionModel
property is required.Required: Yes
Type: String
Update requires: Replacement
-
StackInstancesGroup
-
A group of stack instances with parameters in some specific accounts and Regions.
Required: No
Type: List of StackInstances
Update requires: No interruption
StackSetName
-
The name to associate with the stack set. The name must be unique in the Region where you create your stack set.
Maximum:
128
Pattern:
^[a-zA-Z][a-zA-Z0-9-]{0,127}$
Note The
StackSetName
property is required.Required: Yes
Type: String
Update requires: Replacement
Tags
-
The key-value pairs to associate with this stack set and the stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.
Required: No
Type: List of Tag
Update requires: No interruption
TemplateBody
-
The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes.
You must include either
TemplateURL
orTemplateBody
in a StackSet, but you cannot use both.Minimum:
1
Maximum:
51200
Required: Conditional
Type: String
Update requires: No interruption
TemplateURL
-
Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket.
You must include either
TemplateURL
orTemplateBody
in a StackSet, but you cannot use both.Minimum:
1
Maximum:
1024
Required: Conditional
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function,
Ref
returns the StackSetId.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute
of this type.
For more information about using the Fn::GetAtt
instrinsic function, see
Fn::GetAtt
.