Setting up AWS CloudFormation StackSets
After you set up your organization, you need to configure CloudFormation StackSet in order to create the required role per management account: AWSApplicationMigrationSharingRole_<MANAGEMENT_ACCOUNT_ID>.
AWS CloudFormation StackSets extends the capability of stacks by enabling you to create, update, or delete stacks across multiple accounts and AWS Regions with a single operation.
Learn more about CloudFormation StackSets.
Important
You can choose to create the roles manually in each member account of the organization. However, this will need to be done for each account, one by one, while StackSet automatically creates the roles in all accounts.
To set up your StackSet, take the following steps:
-
Set up your StackSet
-
Go to the CloudFormation console.
-
Select StackSets.
-
Click on 'Activate trusted access' button.
-
Create StackSet.
-
On the Choose a template page, under Prerequisites – prepare template, choose Use a sample template.
-
Under Select a sample template, select Create roles to access multiple accounts via AWS Application Migration Service, and then click Next.
-
Fill in the name and description according to your preferences or use the existing values.
-
Under Parameters, add the account ID of each admin or delegated admin and click Next.
-
Select or fill in the required parameters according to your preferences.
Important
-
Under Deployment targets, select Deploy to organization.
-
Select only one specific AWS Region – it is advisable to select your StackSet Region.
-
To provide enhanced stability, it is advisable to set the Failure tolerance optional to a high value (at least as high as the number of accounts within the organization).
-
-
Check the box next to I acknowledge that AWS CloudFormation might create IAM resources with custom names and click Submit.
Once all the steps are completed, you should be able to see your new StackSet in StackSet details > Stack instances.
-