CfnStackSetProps
- class aws_cdk.aws_cloudformation.CfnStackSetProps(*, permission_model, stack_set_name, administration_role_arn=None, auto_deployment=None, call_as=None, capabilities=None, description=None, execution_role_name=None, managed_execution=None, operation_preferences=None, parameters=None, stack_instances_group=None, tags=None, template_body=None, template_url=None)
Bases:
object
Properties for defining a
CfnStackSet
.- Parameters:
permission_model (
str
) – Describes how the IAM roles required for StackSet operations are created. - WithSELF_MANAGED
permissions, you must create the administrator and execution roles required to deploy to target accounts. For more information, see Grant self-managed permissions in the AWS CloudFormation User Guide . - WithSERVICE_MANAGED
permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by AWS Organizations . For more information, see Activate trusted access for StackSets with AWS Organizations in the AWS CloudFormation User Guide .stack_set_name (
str
) – The name to associate with the StackSet. The name must be unique in the Region where you create your StackSet.administration_role_arn (
Optional
[str
]) –The Amazon Resource Number (ARN) of the IAM role to use to create this StackSet. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. Use customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. For more information, see Grant self-managed permissions in the AWS CloudFormation User Guide . Valid only if the permissions model is
SELF_MANAGED
.auto_deployment (
Union
[IResolvable
,AutoDeploymentProperty
,Dict
[str
,Any
],None
]) – Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see Enable or disable automatic deployments for StackSets in AWS Organizations in the AWS CloudFormation User Guide . Required if the permissions model isSERVICE_MANAGED
. (Not used with self-managed permissions.)call_as (
Optional
[str
]) – Specifies whether you are acting as an account administrator in the organization’s management account or as a delegated administrator in a member account. By default,SELF
is specified. UseSELF
for StackSets with self-managed permissions. - To create a StackSet with service-managed permissions while signed in to the management account, specifySELF
. - To create a StackSet with service-managed permissions while signed in to a delegated administrator account, specifyDELEGATED_ADMIN
. Your AWS account must be registered as a delegated admin in the management account. For more information, see Register a delegated administrator in the AWS CloudFormation User Guide . StackSets with service-managed permissions are created in the management account, including StackSets that are created by delegated administrators. Valid only if the permissions model isSERVICE_MANAGED
.capabilities (
Optional
[Sequence
[str
]]) – The capabilities that are allowed in the StackSet. Some StackSet templates might include resources that can affect permissions in your AWS account —for example, by creating new IAM users. For more information, see Acknowledging IAM resources in CloudFormation templates in the AWS CloudFormation User Guide .description (
Optional
[str
]) – A description of the StackSet.execution_role_name (
Optional
[str
]) – The name of the IAM execution role to use to create the StackSet. If you don’t specify an execution role, CloudFormation uses theAWSCloudFormationStackSetExecutionRole
role for the StackSet operation. Valid only if the permissions model isSELF_MANAGED
. Pattern :[a-zA-Z_0-9+=,.@-]+
managed_execution (
Any
) – Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations. When active, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. .. epigraph:: If there are already running or queued operations, StackSets queues all incoming operations even if they are non-conflicting. You can’t modify your StackSet’s execution configuration while there are running or queued operations for that StackSet. When inactive (default), StackSets performs one operation at a time in request order.operation_preferences (
Union
[IResolvable
,OperationPreferencesProperty
,Dict
[str
,Any
],None
]) – The user-specified preferences for how CloudFormation performs a StackSet operation.parameters (
Union
[IResolvable
,Sequence
[Union
[IResolvable
,ParameterProperty
,Dict
[str
,Any
]]],None
]) – The input parameters for the StackSet template.stack_instances_group (
Union
[IResolvable
,Sequence
[Union
[IResolvable
,StackInstancesProperty
,Dict
[str
,Any
]]],None
]) – A group of stack instances with parameters in some specific accounts and Regions.tags (
Optional
[Sequence
[Union
[CfnTag
,Dict
[str
,Any
]]]]) – Key-value pairs to associate with this stack. CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags. If you don’t specify this parameter, CloudFormation doesn’t modify the stack’s tags. If you specify an empty value, CloudFormation removes all associated tags.template_body (
Optional
[str
]) – The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes. You must include eitherTemplateURL
orTemplateBody
in a StackSet, but you can’t use both. Dynamic references in theTemplateBody
may not work correctly in all cases. It’s recommended to pass templates that contain dynamic references throughTemplateUrl
instead.template_url (
Optional
[str
]) – The URL of a file that contains the template body. The URL must point to a template (max size: 1 MB) that’s located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start withhttps://
. Conditional: You must specify only one of the following parameters:TemplateBody
,TemplateURL
.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cloudformation as cloudformation # managed_execution: Any cfn_stack_set_props = cloudformation.CfnStackSetProps( permission_model="permissionModel", stack_set_name="stackSetName", # the properties below are optional administration_role_arn="administrationRoleArn", auto_deployment=cloudformation.CfnStackSet.AutoDeploymentProperty( enabled=False, retain_stacks_on_account_removal=False ), call_as="callAs", capabilities=["capabilities"], description="description", execution_role_name="executionRoleName", managed_execution=managed_execution, operation_preferences=cloudformation.CfnStackSet.OperationPreferencesProperty( concurrency_mode="concurrencyMode", failure_tolerance_count=123, failure_tolerance_percentage=123, max_concurrent_count=123, max_concurrent_percentage=123, region_concurrency_type="regionConcurrencyType", region_order=["regionOrder"] ), parameters=[cloudformation.CfnStackSet.ParameterProperty( parameter_key="parameterKey", parameter_value="parameterValue" )], stack_instances_group=[cloudformation.CfnStackSet.StackInstancesProperty( deployment_targets=cloudformation.CfnStackSet.DeploymentTargetsProperty( account_filter_type="accountFilterType", accounts=["accounts"], accounts_url="accountsUrl", organizational_unit_ids=["organizationalUnitIds"] ), regions=["regions"], # the properties below are optional parameter_overrides=[cloudformation.CfnStackSet.ParameterProperty( parameter_key="parameterKey", parameter_value="parameterValue" )] )], tags=[CfnTag( key="key", value="value" )], template_body="templateBody", template_url="templateUrl" )
Attributes
- administration_role_arn
The Amazon Resource Number (ARN) of the IAM role to use to create this StackSet.
Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account.
Use customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. For more information, see Grant self-managed permissions in the AWS CloudFormation User Guide .
Valid only if the permissions model is
SELF_MANAGED
.
- auto_deployment
Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU).
For more information, see Enable or disable automatic deployments for StackSets in AWS Organizations in the AWS CloudFormation User Guide .
Required if the permissions model is
SERVICE_MANAGED
. (Not used with self-managed permissions.)
- call_as
Specifies whether you are acting as an account administrator in the organization’s management account or as a delegated administrator in a member account.
By default,
SELF
is specified. UseSELF
for StackSets with self-managed permissions.To create a StackSet with service-managed permissions while signed in to the management account, specify
SELF
.To create a StackSet with service-managed permissions while signed in to a delegated administrator account, specify
DELEGATED_ADMIN
.
Your AWS account must be registered as a delegated admin in the management account. For more information, see Register a delegated administrator in the AWS CloudFormation User Guide .
StackSets with service-managed permissions are created in the management account, including StackSets that are created by delegated administrators.
Valid only if the permissions model is
SERVICE_MANAGED
.
- capabilities
The capabilities that are allowed in the StackSet.
Some StackSet templates might include resources that can affect permissions in your AWS account —for example, by creating new IAM users. For more information, see Acknowledging IAM resources in CloudFormation templates in the AWS CloudFormation User Guide .
- description
A description of the StackSet.
- execution_role_name
The name of the IAM execution role to use to create the StackSet.
If you don’t specify an execution role, CloudFormation uses the
AWSCloudFormationStackSetExecutionRole
role for the StackSet operation.Valid only if the permissions model is
SELF_MANAGED
.Pattern :
[a-zA-Z_0-9+=,.@-]+
- managed_execution
Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.
When active, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. .. epigraph:
If there are already running or queued operations, StackSets queues all incoming operations even if they are non-conflicting. You can't modify your StackSet's execution configuration while there are running or queued operations for that StackSet.
When inactive (default), StackSets performs one operation at a time in request order.
- operation_preferences
The user-specified preferences for how CloudFormation performs a StackSet operation.
- parameters
The input parameters for the StackSet template.
- permission_model
Describes how the IAM roles required for StackSet operations are created.
With
SELF_MANAGED
permissions, you must create the administrator and execution roles required to deploy to target accounts. For more information, see Grant self-managed permissions in the AWS CloudFormation User Guide .With
SERVICE_MANAGED
permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by AWS Organizations . For more information, see Activate trusted access for StackSets with AWS Organizations in the AWS CloudFormation User Guide .
- stack_instances_group
A group of stack instances with parameters in some specific accounts and Regions.
- stack_set_name
The name to associate with the StackSet.
The name must be unique in the Region where you create your StackSet.
- tags
Key-value pairs to associate with this stack.
CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags.
If you don’t specify this parameter, CloudFormation doesn’t modify the stack’s tags. If you specify an empty value, CloudFormation removes all associated tags.
- template_body
The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes.
You must include either
TemplateURL
orTemplateBody
in a StackSet, but you can’t use both. Dynamic references in theTemplateBody
may not work correctly in all cases. It’s recommended to pass templates that contain dynamic references throughTemplateUrl
instead.
- template_url
The URL of a file that contains the template body.
The URL must point to a template (max size: 1 MB) that’s located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with
https://
.Conditional: You must specify only one of the following parameters:
TemplateBody
,TemplateURL
.