pulumi-aws-kotlin/com.pulumi.aws.cloudformation.kotlin/StackSetInstanceArgs

StackSetInstanceArgs

data class StackSetInstanceArgs(val accountId: Output<String>? = null, val callAs: Output<String>? = null, val deploymentTargets: Output<StackSetInstanceDeploymentTargetsArgs>? = null, val operationPreferences: Output<StackSetInstanceOperationPreferencesArgs>? = null, val parameterOverrides: Output<Map<String, String>>? = null, val region: Output<String>? = null, val retainStack: Output<Boolean>? = null, val stackSetName: Output<String>? = null) : ConvertibleToJava<StackSetInstanceArgs>

Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the AWS CloudFormation User Guide.

NOTE: All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the execution_role_name argument in the aws.cloudformation.StackSet resource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the AWS CloudFormation User Guide for more details. NOTE: To retain the Stack during resource destroy, ensure retain_stack has been set to true in the state first. This must be completed before a deployment that would destroy the resource.

Example Usage

Basic Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudformation.StackSetInstance;
import com.pulumi.aws.cloudformation.StackSetInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new StackSetInstance("example", StackSetInstanceArgs.builder()
            .accountId("123456789012")
            .region("us-east-1")
            .stackSetName(aws_cloudformation_stack_set.example().name())
            .build());
    }
}
Content copied to clipboard

Example IAM Setup in Target Account

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers(aws_iam_role.AWSCloudFormationStackSetAdministrationRole().arn())
                    .type("AWS")
                    .build())
                .build())
            .build());
        var aWSCloudFormationStackSetExecutionRole = new Role("aWSCloudFormationStackSetExecutionRole", RoleArgs.builder()
            .assumeRolePolicy(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        final var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions(
                    "cloudformation:*",
                    "s3:*",
                    "sns:*")
                .effect("Allow")
                .resources("*")
                .build())
            .build());
        var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new RolePolicy("aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy", RolePolicyArgs.builder()
            .policy(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .role(aWSCloudFormationStackSetExecutionRole.name())
            .build());
    }
}
Content copied to clipboard

Example Deployment across Organizations account

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudformation.StackSetInstance;
import com.pulumi.aws.cloudformation.StackSetInstanceArgs;
import com.pulumi.aws.cloudformation.inputs.StackSetInstanceDeploymentTargetsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new StackSetInstance("example", StackSetInstanceArgs.builder()
            .deploymentTargets(StackSetInstanceDeploymentTargetsArgs.builder()
                .organizationalUnitIds(aws_organizations_organization.example().roots()[0].id())
                .build())
            .region("us-east-1")
            .stackSetName(aws_cloudformation_stack_set.example().name())
            .build());
    }
}
Content copied to clipboard

Import

Import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (/) separated list of organizational unit IDs, and target AWS Region separated by commas (,). For example: Import CloudFormation StackSet Instances when acting a delegated administrator in a member account using the StackSet name, target AWS account ID or slash (/) separated list of organizational unit IDs, target AWS Region and call_as value separated by commas (,). For example: Using pulumi import, import CloudFormation StackSet Instances that target an AWS Account ID using the StackSet name, target AWS account ID, and target AWS Region separated by commas (,). For example:

$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,123456789012,us-east-1
Content copied to clipboard

Using pulumi import, import CloudFormation StackSet Instances that target AWS Organizational Units using the StackSet name, a slash (/) separated list of organizational unit IDs, and target AWS Region separated by commas (,). For example:

$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1
Content copied to clipboard

Using pulumi import, import CloudFormation StackSet Instances when acting a delegated administrator in a member account using the StackSet name, target AWS account ID or slash (/) separated list of organizational unit IDs, target AWS Region and call_as value separated by commas (,). For example:

$ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,ou-sdas-123123123/ou-sdas-789789789,us-east-1,DELEGATED_ADMIN
Content copied to clipboard

Constructors

Link copied to clipboard
fun StackSetInstanceArgs(accountId: Output<String>? = null, callAs: Output<String>? = null, deploymentTargets: Output<StackSetInstanceDeploymentTargetsArgs>? = null, operationPreferences: Output<StackSetInstanceOperationPreferencesArgs>? = null, parameterOverrides: Output<Map<String, String>>? = null, region: Output<String>? = null, retainStack: Output<Boolean>? = null, stackSetName: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): StackSetInstanceArgs

Properties

Link copied to clipboard
val accountId: Output<String>? = null

Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account.

Link copied to clipboard
val callAs: Output<String>? = null

Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.

Link copied to clipboard
val deploymentTargets: Output<StackSetInstanceDeploymentTargetsArgs>? = null

The AWS Organizations accounts to which StackSets deploys. StackSets doesn't deploy stack instances to the organization management account, even if the organization management account is in your organization or in an OU in your organization. Drift detection is not possible for this argument. See deployment_targets below.

Link copied to clipboard
val operationPreferences: Output<StackSetInstanceOperationPreferencesArgs>? = null

Preferences for how AWS CloudFormation performs a stack set operation.

Link copied to clipboard
val parameterOverrides: Output<Map<String, String>>? = null

Key-value map of input parameters to override from the StackSet for this Instance.

Link copied to clipboard
val region: Output<String>? = null

Target AWS Region to create a Stack based on the StackSet. Defaults to current region.

Link copied to clipboard
val retainStack: Output<Boolean>? = null

During resource destroy, remove Instance from StackSet while keeping the Stack and its associated resources. Must be enabled in the state before destroy operation to take effect. You cannot reassociate a retained Stack or add an existing, saved Stack to a new StackSet. Defaults to false.

Link copied to clipboard
val stackSetName: Output<String>? = null

Name of the StackSet.