Override parameter values using the AWS Management Console or AWS CLI
In certain cases, you might want stack instances in certain Regions or accounts to have different property values than those specified in the stack set itself. For example, you might want to specify a different value for a given parameter based on whether an account is used for development or production. For these situations, AWS CloudFormation allows you to override parameter values in stack instances by account and Region. You can override template parameter values when you first create the stack instances, and you can override parameter values for existing stack instances. You can only set parameters you've previously overridden in stack instances back to the values specified in the stack set.
Parameter value overrides apply to stack instances in the accounts and Regions you select. During stack set updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.
You can only override parameter values that are specified in the stack set; to add or delete a parameter itself, you need to update the stack set template. If you add a parameter to a stack set template, then before you can override that parameter value in a stack instance you must first update all stack instances with the new parameter and value specified in the stack set. Once all stack instances have been updated with the new parameter, you can then override the parameter value in individual stack instances as desired.
To learn how to override stack set parameter values when you create stack instances, see Add stack instances using the AWS Management Console or AWS CLI.
Topics
Override parameters on stack instances using the AWS Management Console
Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation
. -
From the navigation pane, choose StackSets. On the StackSets page, select the stack set that you created in Create a stack set using the AWS Management Console or AWS CLI. In that walkthrough, we created a stack set named
my-awsconfig-stackset
. -
With the stack set selected, choose Override StackSet parameters from the Actions menu.
-
On the Set deployment options page, provide the accounts and Regions for the stack instances whose parameters you want to override.
AWS CloudFormation will deploy stacks in the specified accounts within the first Region, then moves on to the next, and so on, provided that a Region's deployment failures don't exceed a specified failure tolerance.
-
[Self-managed permissions] For Deployment targets, choose Deploy stacks in accounts. Paste some or all the target account IDs that you used to create your stack set in Create a stack set using the AWS Management Console or AWS CLI.
[Service-managed permissions] For Deployment targets, choose the accounts in your organization to deploy to.
-
Choose Deploy to organizational units (OUs). Select one or more of the target OUs that you used to create your stack set in Create a stack set using the AWS Management Console or AWS CLI. The overridden parameter values only apply to the accounts that are currently in the target OUs and their child OUs. Accounts added to the target OUs and their child OUs in the future will use the stack set default values and not the overridden values.
-
Choose Deploy to accounts. Paste some or all the target OU IDs or account IDs that you used to create your stack set in Create a stack set using the AWS Management Console or AWS CLI.
-
-
For Deployment regions, add one or more of the Regions into which you have deployed stack instances for this stack set.
If you add multiple Regions, the order of the Regions under Specify regions determines their deployment order.
-
For Deployment options:
-
For Maximum concurrent accounts, keep the default values of Number and 1.
This means that AWS CloudFormation deploys your stack in only one account at one time.
-
For Failure tolerance, keep the defaults of Number and 0.
This means that a maximum of one stack deployment can fail in one of your specified Regions before AWS CloudFormation stops deployment in the current Region, and cancels deployment in remaining Regions.
Choose Next.
-
-
-
On the Specify Overrides page, check the Frequency parameter and then choose Override StackSet value from the Edit override value menu.
-
In Override StackSet parameter values, select 6hours for the Frequency parameter, and choose Save changes. You are instructing AWS CloudFormation to override the Frequency parameter value and use 6hours for all the stack instances for the specified accounts in the specified Regions. Choose Next.
Note
To set any overridden parameters back to using the value specified in the stack set, check all parameters and choose Set to StackSet value from the Edit override value menu. Doing so removes all overridden values once you update the stack instances.
-
On the Review page, review your choices. Note that the Frequency parameter displays a value in the Override value column, indicating that its value has been overridden at the stack level.
Before you can override parameters for these stack instances, you must fill the check box in the Capabilities area to acknowledge that some of the resources that you are creating with the stack set might require new IAM resources and permissions. For more information about potentially required permissions, see Acknowledging IAM resources in CloudFormation templates. When you are ready, choose Submit.
-
AWS CloudFormation starts updating your stack instances. View the progress and status of the stack instances in the stack set details page that opens when you choose Submit.
Override parameters on stack instances using the AWS CLI
When acting as a delegated administrator, you must set the --call-as
parameter to DELEGATED_ADMIN
each time you run a StackSets
command.
--call-as
DELEGATED_ADMIN
Run the update-stack-instances
AWS CLI command, specifying
--parameter-overrides
. For more information about specifying
--parameter-overrides
, see Parameter
in the AWS CloudFormation API Reference, and update-stack-instances
in the AWS CLI
Command Reference.
In the example command shown here, we change the default snapshot delivery frequency for delivery channel configuration from TwentyFour_Hours to Twelve_Hours for the specified stack instances.
-
Run the following command. For
--stack-set-name
, specify the stack set namemy-awsconfig-stackset
.Set the failure tolerance and maximum concurrent accounts by setting
FailureToleranceCount
to0
, andMaxConcurrentCount
to1
in the--operation-preferences
parameter, as shown in the following example. To apply percentages instead, useFailureTolerancePercentage
orMaxConcurrentPercentage
. For this walkthrough, we are using count, not percentage.Note
The value of
MaxConcurrentCount
is dependent on the value ofFailureToleranceCount
.MaxConcurrentCount
is at most one more thanFailureToleranceCount
.[Self-managed permissions] Provide the account IDs for which you want to override parameter values on stack instances.
aws cloudformation update-stack-instances --stack-set-name
my-awsconfig-stackset
--parameter-overrides ParameterKey=MaximumExecutionFrequency
,ParameterValue=TwentyFour_Hours
\\,Twelve_Hours
--operation-preferencesFailureToleranceCount=0
,MaxConcurrentCount=1
--accounts '["012345678901
"]' --regions '["eu-west-1
", "us-west-2
"]'[Service-managed permissions] Provide the organization root ID, OU IDs, or AWS Organizations account IDs for which you want to override parameters on stack instances. In this example, we override parameter values for stack instances in all accounts in the OU with the
ou-rcuk-1x5j1lwo
ID.The overridden parameter values only apply to the accounts that are currently in the target OU and its child OUs. Accounts added to the target OU and its child OUs in the future will use the stack set default values and not the overridden values.
aws cloudformation update-stack-instances --stack-set-name
my-awsconfig-stackset
--parameter-overrides ParameterKey=MaximumExecutionFrequency
,ParameterValue=TwentyFour_Hours
\\,Twelve_Hours
--operation-preferencesFailureToleranceCount=0
,MaxConcurrentCount=1
--deployment-targets OrganizationalUnitIds='["ou-rcuk-1x5j1lwo
"]' --regions '["eu-west-1
", "us-west-2
"]' -
Verify that your parameter values were successfully overridden on stack instances by running the
describe-stack-set-operation
command to show the status and results of your update operation. For--operation-id
, use the operation ID that was returned by yourupdate-stack-instances
command.aws cloudformation describe-stack-set-operation --operation-id
operation_ID