SelfManagedDeploymentProps

class aws_cdk.aws_codepipeline_actions.SelfManagedDeploymentProps(*, administration_role=None, execution_role_name=None)

Bases: object

Properties for configuring self-managed permissions.

Parameters:

  • administration_role (Optional[IRole]) – The IAM role in the administrator account used to assume execution roles in the target accounts. You must create this role before using the StackSet action. The role needs to be assumable by CloudFormation, and it needs to be able to sts:AssumeRole each of the execution roles (whose names are specified in the executionRoleName parameter) in each of the target accounts. If you do not specify the role, we assume you have created a role named AWSCloudFormationStackSetAdministrationRole. Default: - Assume an existing role named AWSCloudFormationStackSetAdministrationRole in the same account as the pipeline.

  • execution_role_name (Optional[str]) – The name of the IAM role in the target accounts used to perform stack set operations. You must create these roles in each of the target accounts before using the StackSet action. The roles need to be assumable by by the administrationRole, and need to have the permissions necessary to successfully create and modify the resources that the subsequent CloudFormation deployments need. Administrator permissions would be commonly granted to these, but if you can scope the permissions down frome there you would be safer. Default: AWSCloudFormationStackSetExecutionRole

ExampleMetadata:

infused

Example:

existing_admin_role = iam.Role.from_role_name(self, "AdminRole", "AWSCloudFormationStackSetAdministrationRole")

deployment_model = codepipeline_actions.StackSetDeploymentModel.self_managed(
    # Use an existing Role. Leave this out to create a new Role.
    administration_role=existing_admin_role
)

Attributes

administration_role

The IAM role in the administrator account used to assume execution roles in the target accounts.

You must create this role before using the StackSet action.

The role needs to be assumable by CloudFormation, and it needs to be able to sts:AssumeRole each of the execution roles (whose names are specified in the executionRoleName parameter) in each of the target accounts.

If you do not specify the role, we assume you have created a role named AWSCloudFormationStackSetAdministrationRole.

Default:

  • Assume an existing role named AWSCloudFormationStackSetAdministrationRole in the same account as the pipeline.

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html

execution_role_name

The name of the IAM role in the target accounts used to perform stack set operations.

You must create these roles in each of the target accounts before using the StackSet action.

The roles need to be assumable by by the administrationRole, and need to have the permissions necessary to successfully create and modify the resources that the subsequent CloudFormation deployments need. Administrator permissions would be commonly granted to these, but if you can scope the permissions down frome there you would be safer.

Default:

AWSCloudFormationStackSetExecutionRole

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html