CfnStackSetProps

class aws_cdk.aws_cloudformation.CfnStackSetProps(*, permission_model, stack_set_name, administration_role_arn=None, auto_deployment=None, call_as=None, capabilities=None, description=None, execution_role_name=None, managed_execution=None, operation_preferences=None, parameters=None, stack_instances_group=None, tags=None, template_body=None, template_url=None)

Bases: object

Properties for defining a CfnStackSet.

Parameters
  • permission_model (str) – Describes how the IAM roles required for stack set operations are created. - With SELF_MANAGED permissions, you must create the administrator and execution roles required to deploy to target accounts. For more information, see Grant Self-Managed Stack Set Permissions . - With SERVICE_MANAGED permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by AWS Organizations . For more information, see Grant Service-Managed Stack Set Permissions . Allowed Values : SERVICE_MANAGED | SELF_MANAGED .. epigraph:: The PermissionModel property is required.

  • stack_set_name (str) – The name to associate with the stack set. The name must be unique in the Region where you create your stack set. Maximum : 128 Pattern : ^[a-zA-Z][a-zA-Z0-9-]{0,127}$ .. epigraph:: The StackSetName property is required.

  • administration_role_arn (Optional[str]) – The Amazon Resource Number (ARN) of the IAM role to use to create this stack set. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the AWS CloudFormation User Guide . Minimum : 20 Maximum : 2048

  • auto_deployment (Union[IResolvable, AutoDeploymentProperty, Dict[str, Any], None]) – [ Service-managed permissions] Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU).

  • call_as (Optional[str]) – [Service-managed permissions] Specifies whether you are acting as an account administrator in the organization’s management account or as a delegated administrator in a member account. By default, SELF is specified. Use SELF for stack sets with self-managed permissions. - To create a stack set with service-managed permissions while signed in to the management account, specify SELF . - To create a stack set with service-managed permissions while signed in to a delegated administrator account, specify DELEGATED_ADMIN . Your AWS account must be registered as a delegated admin in the management account. For more information, see Register a delegated administrator in the AWS CloudFormation User Guide . Stack sets with service-managed permissions are created in the management account, including stack sets that are created by delegated administrators. Valid Values : SELF | DELEGATED_ADMIN

  • capabilities (Optional[Sequence[str]]) – The capabilities that are allowed in the stack set. Some stack set templates might include resources that can affect permissions in your AWS account —for example, by creating new AWS Identity and Access Management ( IAM ) users. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates .

  • description (Optional[str]) – A description of the stack set. Minimum : 1 Maximum : 1024

  • execution_role_name (Optional[str]) – The name of the IAM execution role to use to create the stack set. If you don’t specify an execution role, AWS CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation. Minimum : 1 Maximum : 64 Pattern : [a-zA-Z_0-9+=,.@-]+

  • managed_execution (Optional[Any]) – Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations. When active, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. .. epigraph:: If there are already running or queued operations, StackSets queues all incoming operations even if they are non-conflicting. You can’t modify your stack set’s execution configuration while there are running or queued operations for that stack set. When inactive (default), StackSets performs one operation at a time in request order.

  • operation_preferences (Union[IResolvable, OperationPreferencesProperty, Dict[str, Any], None]) – The user-specified preferences for how AWS CloudFormation performs a stack set operation.

  • parameters (Union[IResolvable, Sequence[Union[IResolvable, ParameterProperty, Dict[str, Any]]], None]) – The input parameters for the stack set template.

  • stack_instances_group (Union[IResolvable, Sequence[Union[IResolvable, StackInstancesProperty, Dict[str, Any]]], None]) – A group of stack instances with parameters in some specific accounts and Regions.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – The key-value pairs to associate with this stack set and the stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.

  • template_body (Optional[str]) – The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes. You must include either TemplateURL or TemplateBody in a StackSet, but you can’t use both. Dynamic references in the TemplateBody may not work correctly in all cases. It’s recommended to pass templates containing dynamic references through TemplateUrl instead. Minimum : 1 Maximum : 51200

  • template_url (Optional[str]) – Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that’s located in an Amazon S3 bucket. You must include either TemplateURL or TemplateBody in a StackSet, but you can’t use both. Minimum : 1 Maximum : 1024

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_cloudformation as cloudformation

# managed_execution: Any

cfn_stack_set_props = cloudformation.CfnStackSetProps(
    permission_model="permissionModel",
    stack_set_name="stackSetName",

    # the properties below are optional
    administration_role_arn="administrationRoleArn",
    auto_deployment=cloudformation.CfnStackSet.AutoDeploymentProperty(
        enabled=False,
        retain_stacks_on_account_removal=False
    ),
    call_as="callAs",
    capabilities=["capabilities"],
    description="description",
    execution_role_name="executionRoleName",
    managed_execution=managed_execution,
    operation_preferences=cloudformation.CfnStackSet.OperationPreferencesProperty(
        failure_tolerance_count=123,
        failure_tolerance_percentage=123,
        max_concurrent_count=123,
        max_concurrent_percentage=123,
        region_concurrency_type="regionConcurrencyType",
        region_order=["regionOrder"]
    ),
    parameters=[cloudformation.CfnStackSet.ParameterProperty(
        parameter_key="parameterKey",
        parameter_value="parameterValue"
    )],
    stack_instances_group=[cloudformation.CfnStackSet.StackInstancesProperty(
        deployment_targets=cloudformation.CfnStackSet.DeploymentTargetsProperty(
            account_filter_type="accountFilterType",
            accounts=["accounts"],
            organizational_unit_ids=["organizationalUnitIds"]
        ),
        regions=["regions"],

        # the properties below are optional
        parameter_overrides=[cloudformation.CfnStackSet.ParameterProperty(
            parameter_key="parameterKey",
            parameter_value="parameterValue"
        )]
    )],
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    template_body="templateBody",
    template_url="templateUrl"
)

Attributes

administration_role_arn

The Amazon Resource Number (ARN) of the IAM role to use to create this stack set.

Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account.

Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the AWS CloudFormation User Guide .

Minimum : 20

Maximum : 2048

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-administrationrolearn

Return type

Optional[str]

auto_deployment

[ Service-managed permissions] Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU).

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-autodeployment

Return type

Union[IResolvable, AutoDeploymentProperty, None]

call_as

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization’s management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

  • To create a stack set with service-managed permissions while signed in to the management account, specify SELF .

  • To create a stack set with service-managed permissions while signed in to a delegated administrator account, specify DELEGATED_ADMIN .

Your AWS account must be registered as a delegated admin in the management account. For more information, see Register a delegated administrator in the AWS CloudFormation User Guide .

Stack sets with service-managed permissions are created in the management account, including stack sets that are created by delegated administrators.

Valid Values : SELF | DELEGATED_ADMIN

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-callas

Return type

Optional[str]

capabilities

The capabilities that are allowed in the stack set.

Some stack set templates might include resources that can affect permissions in your AWS account —for example, by creating new AWS Identity and Access Management ( IAM ) users. For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-capabilities

Return type

Optional[List[str]]

description

A description of the stack set.

Minimum : 1

Maximum : 1024

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-description

Return type

Optional[str]

execution_role_name

The name of the IAM execution role to use to create the stack set.

If you don’t specify an execution role, AWS CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation.

Minimum : 1

Maximum : 64

Pattern : [a-zA-Z_0-9+=,.@-]+

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-executionrolename

Return type

Optional[str]

managed_execution

Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.

When active, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. .. epigraph:

If there are already running or queued operations, StackSets queues all incoming operations even if they are non-conflicting.

You can't modify your stack set's execution configuration while there are running or queued operations for that stack set.

When inactive (default), StackSets performs one operation at a time in request order.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-managedexecution

Return type

Any

operation_preferences

The user-specified preferences for how AWS CloudFormation performs a stack set operation.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-operationpreferences

Return type

Union[IResolvable, OperationPreferencesProperty, None]

parameters

The input parameters for the stack set template.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-parameters

Return type

Union[IResolvable, List[Union[IResolvable, ParameterProperty]], None]

permission_model

Describes how the IAM roles required for stack set operations are created.

Allowed Values : SERVICE_MANAGED | SELF_MANAGED .. epigraph:

The ``PermissionModel`` property is required.
Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-permissionmodel

Return type

str

stack_instances_group

A group of stack instances with parameters in some specific accounts and Regions.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-stackinstancesgroup

Return type

Union[IResolvable, List[Union[IResolvable, StackInstancesProperty]], None]

stack_set_name

The name to associate with the stack set.

The name must be unique in the Region where you create your stack set.

Maximum : 128

Pattern : ^[a-zA-Z][a-zA-Z0-9-]{0,127}$ .. epigraph:

The ``StackSetName`` property is required.
Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-stacksetname

Return type

str

tags

The key-value pairs to associate with this stack set and the stacks created from it.

AWS CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-tags

Return type

Optional[List[CfnTag]]

template_body

The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes.

You must include either TemplateURL or TemplateBody in a StackSet, but you can’t use both. Dynamic references in the TemplateBody may not work correctly in all cases. It’s recommended to pass templates containing dynamic references through TemplateUrl instead.

Minimum : 1

Maximum : 51200

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-templatebody

Return type

Optional[str]

template_url

Location of file containing the template body.

The URL must point to a template (max size: 460,800 bytes) that’s located in an Amazon S3 bucket.

You must include either TemplateURL or TemplateBody in a StackSet, but you can’t use both.

Minimum : 1

Maximum : 1024

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-templateurl

Return type

Optional[str]