Override parameter values using the CloudFormation console or AWS CLI
In certain cases, you might want stack instances in certain Regions or accounts to have different property values than those specified in the stack set itself. For example, you might want to specify a different value for a given parameter based on whether an account is used for development or production. For these situations, CloudFormation allows you to override parameter values in stack instances by account and Region. You can override template parameter values when you first create the stack instances, and you can override parameter values for existing stack instances. You can only set parameters you've previously overridden in stack instances back to the values specified in the stack set.
Parameter value overrides apply to stack instances in the accounts and Regions you select. During stack set updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.
You can only override parameter values that are specified in the stack set; to add or delete a parameter itself, you need to update the stack set template. If you add a parameter to a stack set template, then before you can override that parameter value in a stack instance you must first update all stack instances with the new parameter and value specified in the stack set. Once all stack instances have been updated with the new parameter, you can then override the parameter value in individual stack instances as desired.
To learn how to override stack set parameter values when you create stack instances, see Add stacks to a stack set.
Topics
Override parameters on stack instances using the CloudFormation console
Sign in to the AWS Management Console and open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation
. -
On the navigation bar at the top of the screen, choose the AWS Region you created the stack set in.
-
From the navigation pane, choose StackSets. On the StackSets page, select your stack set.
-
With the stack set selected, choose Override StackSet parameters from the Actions menu.
-
On the Set deployment options page, provide the accounts and Regions for the stack instances that you'll create overrides for.
By default, CloudFormation will deploy stacks in the specified accounts within the first Region, then moves on to the next, and so on, provided that a Region's deployment failures don't exceed a specified failure tolerance.
-
[Self-managed permissions] For Deployment locations, choose Deploy stacks in accounts. Paste some or all the target account IDs that you used to create your stack set.
[Service-managed permissions] Do one of the following:
-
Choose Deploy to organizational units (OUs). Enter one or more of the target OUs that you used to create your stack set. The overridden parameter values only apply to the accounts that are currently in the target OUs and their child OUs. Accounts added to the target OUs and their child OUs in the future will use the stack set default values and not the overridden values.
-
Choose Deploy to accounts. Paste some or all the target OU IDs or account IDs that you used to create your stack set.
-
-
For Specify regions, add one or more of the Regions into which you have deployed stack instances for this stack set.
If you add multiple Regions, the order of the Regions under Specify regions determines their deployment order.
-
For Deployment options:
-
For Maximum concurrent accounts, modify the maximum concurrent accounts as needed.
-
For Failure tolerance, modify the failure tolerance as needed.
-
For Region concurrency, modify the region concurrency as needed.
-
For Concurrency mode, modify the concurrency mode as needed.
-
-
Choose Next.
-
-
On the Specify Overrides page, select the checkboxes for the parameters to override, and then choose Override StackSet value from the Edit override value menu.
-
On the Override StackSet parameter values page, make your changes and then choose Save changes.
Note
To set any overridden parameters back to using the value specified in the stack set, check all parameters and choose Set to StackSet value from the Edit override value menu. Doing so removes all overridden values once you update the stack instances.
-
On the Review page, review your choices. To make changes, choose Edit on the related section.
-
When you're ready to proceed, choose Submit.
CloudFormation starts updating your stack instances. View the progress and status of the stack instances in the stack set details page that opens when you choose Submit.
Override parameters on stack instances using the AWS CLI
When acting as a delegated administrator, you must set the --call-as
option to DELEGATED_ADMIN
each time you run a StackSets
command.
--call-as
DELEGATED_ADMIN
-
Use the update-stack-instances AWS CLI command and specify the
--parameter-overrides
option.[Self-managed permissions] For the
--accounts
option, provide the account IDs for which you want to override parameter values on stack instances.aws cloudformation update-stack-instances --stack-set-name
my-stackset
\ --parameter-overridesParameterKey=Subnets,ParameterValue=subnet-1baa3351\\,subnet-27b86940
\ --accounts'["account_id"]'
--regions'["us-east-1"]'
[Service-managed permissions] For the
--deployment-targets
option, provide the organization root ID, OU IDs, or AWS Organizations account IDs for which you want to override parameters on stack instances. In this example, we override parameter values for stack instances in all accounts in the OU with the-ou-rcuk-1x5j1lwo
ID.The overridden parameter values only apply to the accounts that are currently in the target OU and its child OUs. Accounts added to the target OU and its child OUs in the future will use the stack set default values and not the overridden values.
aws cloudformation update-stack-instances --stack-set-name
my-stackset
\ --parameter-overridesParameterKey=Subnets,ParameterValue=subnet-1baa3351\\,subnet-27b86940
\ --deployment-targets OrganizationalUnitIds='["ou-rcuk-1x5j1lwo"]'
\ --regions'["us-east-1"]'
-
Verify that your parameter values were successfully overridden on stack instances by running the describe-stack-set-operation command to show the status and results of your update operation. For
--operation-id
, use the operation ID that was returned by your update-stack-instances command.aws cloudformation describe-stack-set-operation --operation-id
operation_ID