-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfixinventory-stackset.template
76 lines (74 loc) · 2.41 KB
/
fixinventory-stackset.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
AWSTemplateFormatVersion: "2010-09-09"
Description: 'Fix Inventory Stack that creates a StackSet which deploys the FixInventoryAccess role to all accounts in the organization.'
Parameters:
FixInventoryAccountID:
Description: 'The Account ID where Fix Inventory has been deployed.'
Type: Number
DeploymentTargetOrganizationalUnitIds:
Type: String
Default: ''
Description: 'List of OUs where the Fix Inventory Access Role gets deployed (space delimited).'
StackSetPermissionModel:
Type: String
Default: SERVICE_MANAGED
AllowedValues:
- SERVICE_MANAGED
- SELF_MANAGED
Description: 'The StackSet permission model, either SERVICE_MANAGED (default) or SELF_MANAGED.'
StackSetCallAs:
Type: String
Default: DELEGATED_ADMIN
AllowedValues:
- DELEGATED_ADMIN
- SELF
Description: 'What the StackSet is being called as, either DELEGATED_ADMIN (default) or SELF.'
StackSetDeploymentRegion:
Type: String
Default: us-east-1
AllowedValues:
- ap-northeast-1
- ap-northeast-2
- ap-northeast-3
- ap-south-1
- ap-southeast-1
- ap-southeast-2
- ca-central-1
- eu-central-1
- eu-north-1
- eu-west-1
- eu-west-2
- eu-west-3
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- us-gov-east-1
- us-gov-west-1
- cn-north-1
- cn-northwest-1
Description: 'Region where the StackSet is being deployed in.'
Conditions:
DeploymentTargetOrganizationalUnitIdsIsEmpty: !Equals [!Ref 'DeploymentTargetOrganizationalUnitIds', '']
Resources:
FixInventoryStackSet:
Type: AWS::CloudFormation::StackSet
Properties:
StackSetName: !Ref AWS::StackName
Description: Fix Inventory Access Role StackSet
StackInstancesGroup:
- Regions:
- !Ref StackSetDeploymentRegion
DeploymentTargets:
OrganizationalUnitIds: !If [DeploymentTargetOrganizationalUnitIdsIsEmpty, !Ref AWS::NoValue, !Split [' ', !Ref DeploymentTargetOrganizationalUnitIds]]
Capabilities:
- CAPABILITY_NAMED_IAM
AutoDeployment:
Enabled: true
RetainStacksOnAccountRemoval: false
PermissionModel: !Ref StackSetPermissionModel
CallAs: !Ref StackSetCallAs
TemplateURL: 'https://fixinventorypublic.s3.amazonaws.com/cf/fixinventory-role.template'
Parameters:
- ParameterKey: FixInventoryAccountID
ParameterValue: !Ref FixInventoryAccountID