Terraform module to create an AWS CloudFormation StackSet
module "account_info" {
source = "blackbird-cloud/account-info/aws"
version = "~> 2"
}
module "stackset" {
source = "blackbird-cloud/cloudformation-stackset/aws"
version = "~> 1"
name = "AWSCloudFormationStackSetExecutionRole"
template_url = "https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml"
description = "Cloudformation account execution role."
parameters = {
AdministratorAccountId = module.account_info.account_id
}
auto_deployment = {
enabled = true
retain_stacks_on_account_removal = false
}
capabilities = ["CAPABILITY_NAMED_IAM"]
operation_preferences = {
max_concurrent_count = 10
failure_tolerance_count = 9
region_concurrency_type = "PARALLEL"
concurrency_mode = "SOFT_FAILURE_TOLERANCE"
}
permission_model = "SERVICE_MANAGED"
stackset_instance_organizational_unit_ids = [
"r-12345"
]
stackset_instance_accounts = []
}| Name | Version |
|---|---|
| terraform | >= 1 |
| aws | >= 5.60 |
| Name | Version |
|---|---|
| aws | >= 5.60 |
| Name | Type |
|---|---|
| aws_cloudformation_stack_set.default | resource |
| aws_cloudformation_stack_set_instance.accounts | resource |
| aws_cloudformation_stack_set_instance.default | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| administration_role_arn | (Optional) Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model. | string |
null |
no |
| auto_deployment | (Optional) Whether or not auto-deployment is enabled. | object({ |
{ |
no |
| call_as | (Optional) Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN. | string |
"SELF" |
no |
| capabilities | (Optional) A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND | list(string) |
[] |
no |
| create_instance | (Optional) Whether to create a stackset instance. Defaults to true. | bool |
true |
no |
| description | Description of the StackSet. | string |
n/a | yes |
| execution_role_name | (Optional) Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model. | string |
null |
no |
| name | Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters. | string |
n/a | yes |
| operation_preferences | (Optional) Option to configure failure_tolerance_count, failure_tolerance_percentage, max_concurrent_count, max_concurrent_percentage, region_concurrency_type, concurrency_mode, and a list of region_order. | any |
{ |
no |
| parameters | Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument. | map(string) |
{} |
no |
| permission_model | (Optional) Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED. | string |
"SELF_MANAGED" |
no |
| stackset_instance_account_id | (Optional) Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account. | string |
null |
no |
| stackset_instance_accounts | The list of AWS Account IDs to which StackSets instance deploys. | list(string) |
[] |
no |
| stackset_instance_call_as | (Optional) Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN. | string |
"SELF" |
no |
| stackset_instance_organizational_unit_ids | The organization root ID or organizational unit (OU) IDs to which StackSets instance deploys. | list(string) |
null |
no |
| stackset_instance_region | (Optional) Target AWS Region to create a Stack based on the StackSet. Defaults to current region. | string |
null |
no |
| stackset_instance_retain_stack | (Optional) During Terraform resource destroy, remove Instance from StackSet while keeping the Stack and its associated resources. Must be enabled in Terraform state before destroy operation to take effect. You cannot reassociate a retained Stack or add an existing, saved Stack to a new StackSet. Defaults to false. | bool |
false |
no |
| tags | (Optional) Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | map(string) |
{} |
no |
| template_body | (Optional) String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url. | string |
null |
no |
| template_url | (Optional) String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body. | string |
null |
no |
| Name | Description |
|---|---|
| stackset | The AWS Cloudformation StackSet. |
| stackset_instance | The AWS Cloudformation StackSet Instance. |
We are Blackbird Cloud, Amsterdam based cloud consultancy, and cloud management service provider. We help companies build secure, cost efficient, and scale-able solutions.
Checkout our other 👉 terraform modules
Copyright © 2017-2024 Blackbird Cloud