class aws_cdk.aws_codepipeline_actions.CloudFormationDeployStackSetAction(*, stack_set_name, template, cfn_capabilities=None, deployment_model=None, description=None, parameters=None, stack_instances=None, role=None, failure_tolerance_percentage=None, max_account_concurrency_percentage=None, stack_set_region=None, action_name, run_order=None, variables_namespace=None)

Bases: aws_cdk.aws_codepipeline_actions.Action

CodePipeline action to deploy a stackset.

CodePipeline offers the ability to perform AWS CloudFormation StackSets operations as part of your CI/CD process. You use a stack set to create stacks in AWS accounts across AWS Regions by using a single AWS CloudFormation template. All the resources included in each stack are defined by the stack set’s AWS CloudFormation template. When you create the stack set, you specify the template to use, as well as any parameters and capabilities that the template requires.

For more information about concepts for AWS CloudFormation StackSets, see StackSets concepts in the AWS CloudFormation User Guide.

If you use this action to make an update that includes adding stack instances, the new instances are deployed first and the update is completed last. The new instances first receive the old version, and then the update is applied to all instances.

As a best practice, you should construct your pipeline so that the stack set is created and initially deploys to a subset or a single instance. After you test your deployment and view the generated stack set, then add the CloudFormationStackInstances action so that the remaining instances are created and updated.




# pipeline: codepipeline.Pipeline
# source_output: codepipeline.Artifact

        # First, update the StackSet itself with the newest template

            # Change this to 'StackSetDeploymentModel.organizations()' if you want to deploy to OUs
            # This deploys to a set of accounts
            stack_instances=codepipeline_actions.StackInstances.in_accounts(["111111111111"], ["us-east-1", "eu-west-1"])

        # Afterwards, update/create additional instances in other accounts
            stack_instances=codepipeline_actions.StackInstances.in_accounts(["222222222222", "333333333333"], ["us-east-1", "eu-west-1"])
  • stack_set_name (str) – The name to associate with the stack set. This name must be unique in the Region where it is created. The name may only contain alphanumeric and hyphen characters. It must begin with an alphabetic character and be 128 characters or fewer.

  • template (StackSetTemplate) – The location of the template that defines the resources in the stack set. This must point to a template with a maximum size of 460,800 bytes. Enter the path to the source artifact name and template file.

  • cfn_capabilities (Optional[Sequence[CfnCapabilities]]) – Indicates that the template can create and update resources, depending on the types of resources in the template. You must use this property if you have IAM resources in your stack template or you create a stack directly from a template containing macros. Default: - the StackSet will have no IAM capabilities

  • deployment_model (Optional[StackSetDeploymentModel]) – Determines how IAM roles are created and managed. The choices are: - Self Managed: you create IAM roles with the required permissions in the administration account and all target accounts. - Service Managed: only available if the account and target accounts are part of an AWS Organization. The necessary roles will be created for you. If you want to deploy to all accounts that are a member of AWS Organizations Organizational Units (OUs), you must select Service Managed permissions. Note: This parameter can only be changed when no stack instances exist in the stack set. Default: StackSetDeploymentModel.selfManaged()

  • description (Optional[str]) – A description of the stack set. You can use this to describe the stack set’s purpose or other relevant information. Default: - no description

  • parameters (Optional[StackSetParameters]) – The template parameters for your stack set. These parameters are shared between all instances of the stack set. Default: - no parameters will be used

  • stack_instances (Optional[StackInstances]) – Specify where to create or update Stack Instances. You can specify either AWS Accounts Ids or AWS Organizations Organizational Units. Default: - don’t create or update any Stack Instances

  • role (Optional[IRole]) – The Role in which context’s this Action will be executing in. The Pipeline’s Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your {@link IAction.bind} method in the {@link ActionBindOptions.role} property. Default: a new Role will be generated

  • failure_tolerance_percentage (Union[int, float, None]) – The percentage of accounts per Region for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. If the operation is stopped in a Region, AWS CloudFormation doesn’t attempt the operation in subsequent Regions. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. Default: 0%

  • max_account_concurrency_percentage (Union[int, float, None]) – The maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. If rounding down would result in zero, AWS CloudFormation sets the number as one instead. Although you use this setting to specify the maximum, for large deployments the actual number of accounts acted upon concurrently may be lower due to service throttling. Default: 1%

  • stack_set_region (Optional[str]) – The AWS Region the StackSet is in. Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the PipelineProps.crossRegionReplicationBuckets property. If you don’t, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need to cdk deploy before deploying the main, Pipeline-containing Stack. Default: - same region as the Pipeline

  • action_name (str) – The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.

  • run_order (Union[int, float, None]) – The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1

  • variables_namespace (Optional[str]) – The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action’s variables were referenced - otherwise, no namespace will be set


bind(scope, stage, *, bucket, role)

The callback invoked when this Action is added to a Pipeline.

Return type


on_state_change(name, target=None, *, description=None, enabled=None, event_bus=None, event_pattern=None, rule_name=None, schedule=None, targets=None)

Creates an Event that will be triggered whenever the state of this Action changes.

  • name (str) –

  • target (Optional[IRuleTarget]) –

  • description (Optional[str]) – A description of the rule’s purpose. Default: - No description.

  • enabled (Optional[bool]) – Indicates whether the rule is enabled. Default: true

  • event_bus (Optional[IEventBus]) – The event bus to associate with this rule. Default: - The default event bus.

  • event_pattern (Optional[EventPattern]) – Describes which events EventBridge routes to the specified target. These routed events are matched events. For more information, see Events and Event Patterns in the Amazon EventBridge User Guide. Default: - None.

  • rule_name (Optional[str]) – A name for the rule. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.

  • schedule (Optional[Schedule]) – The schedule or rate (frequency) that determines when EventBridge runs the rule. For more information, see Schedule Expression Syntax for Rules in the Amazon EventBridge User Guide. Default: - None.

  • targets (Optional[Sequence[IRuleTarget]]) – Targets to invoke when this rule matches an event. Input will be the full matched event. If you wish to specify custom target input, use addTarget(target[, inputOptions]). Default: - No targets.

Return type




The simple properties of the Action, like its Owner, name, etc.

Note that this accessor will be called before the {@link bind} callback.

Return type