pulumi-aws-kotlin/com.pulumi.aws.cloudformation.kotlin/StackSetArgs

StackSetArgs

data class StackSetArgs(val administrationRoleArn: Output<String>? = null, val autoDeployment: Output<StackSetAutoDeploymentArgs>? = null, val callAs: Output<String>? = null, val capabilities: Output<List<String>>? = null, val description: Output<String>? = null, val executionRoleName: Output<String>? = null, val name: Output<String>? = null, val operationPreferences: Output<StackSetOperationPreferencesArgs>? = null, val parameters: Output<Map<String, String>>? = null, val permissionModel: Output<String>? = null, val tags: Output<Map<String, String>>? = null, val templateBody: Output<String>? = null, val templateUrl: Output<String>? = null) : ConvertibleToJava<StackSetArgs>

Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (aws.cloudformation.StackSetInstance resource). Additional information about StackSets can be found in the AWS CloudFormation User Guide.

NOTE: All template parameters, including those with a Default, must be configured or ignored with the lifecycle configuration block ignore_changes argument. NOTE: All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cloudformation.StackSet;
import com.pulumi.aws.cloudformation.StackSetArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers("cloudformation.amazonaws.com")
                    .type("Service")
                    .build())
                .build())
            .build());
        var aWSCloudFormationStackSetAdministrationRole = new Role("aWSCloudFormationStackSetAdministrationRole", RoleArgs.builder()
            .assumeRolePolicy(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        var example = new StackSet("example", StackSetArgs.builder()
            .administrationRoleArn(aWSCloudFormationStackSetAdministrationRole.arn())
            .parameters(Map.of("VPCCidr", "10.0.0.0/16"))
            .templateBody(serializeJson(
                jsonObject(
                    jsonProperty("Parameters", jsonObject(
                        jsonProperty("VPCCidr", jsonObject(
                            jsonProperty("Type", "String"),
                            jsonProperty("Default", "10.0.0.0/16"),
                            jsonProperty("Description", "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.")
                        ))
                    )),
                    jsonProperty("Resources", jsonObject(
                        jsonProperty("myVpc", jsonObject(
                            jsonProperty("Type", "AWS::EC2::VPC"),
                            jsonProperty("Properties", jsonObject(
                                jsonProperty("CidrBlock", jsonObject(
                                    jsonProperty("Ref", "VPCCidr")
                                )),
                                jsonProperty("Tags", jsonArray(jsonObject(
                                    jsonProperty("Key", "Name"),
                                    jsonProperty("Value", "Primary_CF_VPC")
                                )))
                            ))
                        ))
                    ))
                )))
            .build());
        final var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .resources(example.executionRoleName().applyValue(executionRoleName -> String.format("arn:aws:iam::*:role/%s", executionRoleName)))
                .build())
            .build());
        var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", RolePolicyArgs.builder()
            .policy(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument -> aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .role(aWSCloudFormationStackSetAdministrationRole.name())
            .build());
    }
}

Import

CloudFormation StackSets can be imported using the name, e.g.,

$ pulumi import aws:cloudformation/stackSet:StackSet example example

Constructors

StackSetArgs

constructor(administrationRoleArn: Output<String>? = null, autoDeployment: Output<StackSetAutoDeploymentArgs>? = null, callAs: Output<String>? = null, capabilities: Output<List<String>>? = null, description: Output<String>? = null, executionRoleName: Output<String>? = null, name: Output<String>? = null, operationPreferences: Output<StackSetOperationPreferencesArgs>? = null, parameters: Output<Map<String, String>>? = null, permissionModel: Output<String>? = null, tags: Output<Map<String, String>>? = null, templateBody: Output<String>? = null, templateUrl: Output<String>? = null)

Properties

administrationRoleArn

val administrationRoleArn: Output<String>? = null

Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.

autoDeployment

val autoDeployment: Output<StackSetAutoDeploymentArgs>? = null

Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.

callAs

val callAs: Output<String>? = null

Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.

capabilities

val capabilities: Output<List<String>>? = null

A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.

description

val description: Output<String>? = null

Description of the StackSet.

executionRoleName

val executionRoleName: Output<String>? = null

Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.

name

val name: Output<String>? = null

Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.

operationPreferences

val operationPreferences: Output<StackSetOperationPreferencesArgs>? = null

Preferences for how AWS CloudFormation performs a stack set update.

parameters

val parameters: Output<Map<String, String>>? = null

Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.

permissionModel

val permissionModel: Output<String>? = null

Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.

Functions

toJava

open override fun toJava(): StackSetArgs