Manage automatic deployments using the AWS CloudFormation console Manage automatic deployments using the AWS CLI Auto deployment example

Manage automatic deployments for a stack set with service-managed permissions

With automatic deployment enabled, StackSets automatically deploys to accounts that are added to the target organization or organizational units (OUs) in the future. With retain stacks enabled, when an account is removed from a target OU, stack resources in the account are retained. You can adjust the automatic deployment settings you specified when you created your stack set at any time.

Note

Overridden parameter values only apply to the accounts that are currently in the target OUs and their child OUs. Accounts added to the target OUs and their child OUs in the future will use the stack set default values and not the overridden values.

Topics

Manage automatic deployments using the AWS CloudFormation console
Manage automatic deployments using the AWS CLI
Auto deployment example

Manage automatic deployments using the AWS CloudFormation console

Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.
From the navigation pane, choose StackSets.
On the StackSets page, select the stack set that you created in Create a stack set with service-managed permissions.
With the stack set selected, choose Edit automatic deployment from the Actions menu. Automatic deployment is set at the stack set level. You can't adjust automatic deployments selectively for OUs, accounts, or Regions.
In the Edit automatic deployment modal, manage Automatic deployment and Account removal behavior settings.

Note
With Retain stacks selected, stack instances are removed from your stack set, but the stacks and their associated resources are retained. The resources stay in their current state, but are no longer part of the stack set.
Choose Save.

Manage automatic deployments using the AWS CLI

Open the AWS CLI.
Run the update-stack-set command, specifying the stack set that you created in Create a stack set with service-managed permissions. Automatic deployment is set at the stack set level. If you specify --auto-deployment in your stack set update, you can't specify --deployment-targets or --regions.
```
aws cloudformation update-stack-set --stack-set-name StackSet_myApp --auto-deployment Enabled=false
```
Using the operation-id that was returned as part of the update-stack-set output in step 2, run describe-stack-set-operation to verify that your stack set was updated successfully.
```
aws cloudformation describe-stack-set-operation --operation-id operation_ID
```

Auto deployment example

When you enable automatic deployments, they're triggered when accounts are added to a target organization or OU, removed from a target organization or OU, or moved between target OUs.

For example, a stack set, StackSet1, targets an OU, OU1, in the us-east-1 Region. A stack set, StackSet2, targets an OU, OU2, in the us-east-1 Region. OU1 contains an account, AccountA.

If we move AccountA from OU1 to OU2 with automatic deployments enabled, StackSets automatically runs a delete operation to remove the StackSet1 instance from AccountA and queues a create operation that adds the StackSet2 instance to AccountA.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Delete a stack set

Target account gates