pulumi-aws-kotlin/com.pulumi.aws.cloudformation.kotlin/StackSet

StackSet

class StackSet : KotlinCustomResource

Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (aws.cloudformation.StackSetInstance resource). Additional information about StackSets can be found in the AWS CloudFormation User Guide.

NOTE: All template parameters, including those with a Default, must be configured or ignored with the lifecycle configuration block ignore_changes argument. NOTE: All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cloudformation.StackSet;
import com.pulumi.aws.cloudformation.StackSetArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers("cloudformation.amazonaws.com")
                    .type("Service")
                    .build())
                .build())
            .build());
        var aWSCloudFormationStackSetAdministrationRole = new Role("aWSCloudFormationStackSetAdministrationRole", RoleArgs.builder()
            .assumeRolePolicy(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        var example = new StackSet("example", StackSetArgs.builder()
            .administrationRoleArn(aWSCloudFormationStackSetAdministrationRole.arn())
            .parameters(Map.of("VPCCidr", "10.0.0.0/16"))
            .templateBody(serializeJson(
                jsonObject(
                    jsonProperty("Parameters", jsonObject(
                        jsonProperty("VPCCidr", jsonObject(
                            jsonProperty("Type", "String"),
                            jsonProperty("Default", "10.0.0.0/16"),
                            jsonProperty("Description", "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.")
                        ))
                    )),
                    jsonProperty("Resources", jsonObject(
                        jsonProperty("myVpc", jsonObject(
                            jsonProperty("Type", "AWS::EC2::VPC"),
                            jsonProperty("Properties", jsonObject(
                                jsonProperty("CidrBlock", jsonObject(
                                    jsonProperty("Ref", "VPCCidr")
                                )),
                                jsonProperty("Tags", jsonArray(jsonObject(
                                    jsonProperty("Key", "Name"),
                                    jsonProperty("Value", "Primary_CF_VPC")
                                )))
                            ))
                        ))
                    ))
                )))
            .build());
        final var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .resources(example.executionRoleName().applyValue(executionRoleName -> String.format("arn:aws:iam::*:role/%s", executionRoleName)))
                .build())
            .build());
        var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", RolePolicyArgs.builder()
            .policy(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument -> aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .role(aWSCloudFormationStackSetAdministrationRole.name())
            .build());
    }
}

Import

Import CloudFormation StackSets when acting a delegated administrator in a member account using the name and call_as values separated by a comma (,). For example: Using pulumi import, import CloudFormation StackSets using the name. For example:

$ pulumi import aws:cloudformation/stackSet:StackSet example example

Using pulumi import, import CloudFormation StackSets when acting a delegated administrator in a member account using the name and call_as values separated by a comma (,). For example:

$ pulumi import aws:cloudformation/stackSet:StackSet example example,DELEGATED_ADMIN

Properties

administrationRoleArn

val administrationRoleArn: Output<String>?

Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.

arn

val arn: Output<String>

Amazon Resource Name (ARN) of the StackSet.

autoDeployment

val autoDeployment: Output<StackSetAutoDeployment>?

Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.

callAs

val callAs: Output<String>?

Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.

capabilities

val capabilities: Output<List<String>>?

A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.

description

val description: Output<String>?

Description of the StackSet.

executionRoleName

val executionRoleName: Output<String>

Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.

val id: Output<String>

managedExecution

val managedExecution: Output<StackSetManagedExecution>?

Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.

name

val name: Output<String>

Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.

operationPreferences

val operationPreferences: Output<StackSetOperationPreferences>?

Preferences for how AWS CloudFormation performs a stack set update.

parameters

val parameters: Output<Map<String, String>>?

Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.

permissionModel

val permissionModel: Output<String>?

Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

stackSetId

val stackSetId: Output<String>

Unique identifier of the StackSet.