Update your stack set - AWS CloudFormation
Update your stack set using the AWS CloudFormation consoleUpdate your stack set using the AWS CLI

Update your stack set

You can update your stack set in either the AWS Management Console, or by using AWS CloudFormation commands in the AWS CLI. In this walkthrough, we are changing the default snapshot delivery frequency for delivery channel configuration from 24hours to 12hours.

To override parameter values for specific stack instances, see Override parameters on stack instances.

Update your stack set using the AWS CloudFormation console

  1. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.

  2. From the navigation pane, choose StackSets.

  3. On the StackSets page, select the stack set that you created in Create a stack set. In this walkthrough, we created a stack set named my-awsconfig-stackset.

  4. With the stack set selected, choose Edit StackSet details from the Actions menu.

    Update stack set in stack set page

  5. On the Choose a template page, choose whether you want to update the current template, specify an S3 URL to another template, or upload a new template to AWS CloudFormation. In this walkthrough, we are using the current template. Choose Use current template, and then choose Next.

  6. On the Specify StackSet details page, modify parameter values and specify deployment targets.

    1. [Self-managed permissions] For Deployment targets, choose Deploy stacks in accounts. Paste your target account numbers in the text box, separating multiple numbers with commas.

      [Service-managed permissions] For Deployment targets, choose the accounts in your organization to deploy to.

    2. Select the Region.

    3. Change the value of the Frequency parameter from 24hours to 12hours.

      For more information about this and the other parameters, which specify values used by AWS Config, see Setting up AWS Config with the console in the AWS Config Developer Guide.

      Don't make changes to the other parameters. For the purposes of this walkthrough, we are not configuring Amazon SNS updates.

      When done, choose Next.

  7. On the Configure StackSet options page, no changes are needed, but you can update, delete, or add new tags here if desired. For more information about how tags are used in AWS, see Using cost allocation tags in the AWS Billing and Cost Management User Guide. You can also manage the execution configuration to specify whether StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order.

    Note

    If there are already running or queued operations, StackSets queues all incoming operations even if they are non-conflicting.

    You can't modify your stack set's execution configuration while there are running or queued operations for that stack set.

    Leave the Permissions unchanged, then choose Next.

  8. On the Set deployment options page, keep the default value of 1 and By number for Maximum concurrent accounts. Keep the default Failure tolerance of 0, and keep the By number default option. Choose Next.

    Note

    You can't change accounts and Regions here; that is, you cannot deploy stack set changes to stacks in some accounts and Regions, but not others.

  9. On the Review page, review your choices and your stack set's properties. To make changes, choose Edit in the upper-right corner of an area in which you want to change properties. Before you can update the stack set, you must fill the check box in the Capabilities area to acknowledge that some of the resources that you are updating with the stack set might require new IAM resources and permissions. For more information about potentially required permissions, see Acknowledging IAM resources in AWS CloudFormation templates in this guide. When you are ready to create your stack set, choose Submit.

    AWS CloudFormation starts applying your updates to your stack set, and displays the Operations tab of the stack set details page

  10. You can view the progress and status of update operations on the Operations tab. You should see the updated Frequency parameter in the Parameter tab.

Update your stack set using the AWS CLI

When acting as a delegated administrator, you must set the --call-as parameter to DELEGATED_ADMIN each time you run a StackSets command.

--call-as DELEGATED_ADMIN

Run the update-stack-set AWS CLI command to make changes to your stack set. In this walkthrough, we are updating the value of the MaximumExecutionFrequency parameter. For more information about the parameter names and values for creating or updating an AWS Config rule, see put-config-rule in the AWS CLI reference. To change template parameter values, add the --parameters parameter. For more information about what you can specify as a value for --parameters, see Parameter in the AWS CloudFormation API Reference, and update-stack in the AWS CLI Command Reference.

In the example command shown here, we are updating the stack set by using --parameters; specifically, we change the default snapshot delivery frequency for delivery channel configuration from TwentyFour_Hours to Twelve_Hours. Because we are still using the current template, we add the --use-previous-template parameter.

  1. Run the following command. For stack set name, specify the stack set name my-awsconfig-stackset.

    Set the failure tolerance and maximum concurrent accounts by setting FailureToleranceCount to 0, and MaxConcurrentCount to 1 in the --operation-preferences parameter, as shown in the following example. To apply percentages instead, use FailureTolerancePercentage or MaxConcurrentPercentage. For the purposes of this walkthrough, we are using count, not percentage.

    Note

    The value of MaxConcurrentCount is dependent on the value of FailureToleranceCount. MaxConcurrentCount is at most one more than FailureToleranceCount.

    [Self-managed permissions] Provide the account IDs you want your update to target.

    aws cloudformation update-stack-set --stack-set-name my-awsconfig-stackset --use-previous-template --parameters ParameterKey=MaximumExecutionFrequency,ParameterValue=TwentyFour_Hours\\,Twelve_Hours --operation-preferences FailureToleranceCount=0,MaxConcurrentCount=1 --accounts '["account_ID_1","account_ID_2"]'

    [Service-managed permissions] Provide the organization (root) ID, OU IDs, or AWS Organizations account IDs you want your update to target.

    aws cloudformation update-stack-set --stack-set-name my-awsconfig-stackset --use-previous-template --parameters ParameterKey=MaximumExecutionFrequency,ParameterValue=TwentyFour_Hours\\,Twelve_Hours --operation-preferences FailureToleranceCount=0,MaxConcurrentCount=1 --deployment-targets OrganizationalUnitIds='["ou-rcuk-1x5j1lwo", "ou-rcuk-slr5lh0a"]' --regions '["eu-west-1"]'

  2. Verify that your stack set was updated successfully by running the describe-stack-set-operation command to show the status and results of your update operation. For --operation-id, use the operation ID that was returned by your update-stack-set command.

    aws cloudformation describe-stack-set-operation --operation-id operation_ID