Skip to main content

stack_sets

Creates, updates, deletes or gets a stack_set resource or lists stack_sets in a region

Overview

Namestack_sets
TypeResource
DescriptionStackSet as a resource provides one-click experience for provisioning a StackSet and StackInstances
Idaws.cloudformation.stack_sets

Fields

NameDatatypeDescription
stack_set_namestringThe name to associate with the stack set. The name must be unique in the Region where you create your stack set.
stack_set_idstringThe ID of the stack set that you're creating.
administration_role_arnstringThe Amazon Resource Number (ARN) of the IAM role to use to create this stack set. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account.
auto_deploymentobjectDescribes whether StackSets automatically deploys to AWS Organizations accounts that are added to the target organization or organizational unit (OU). Specify only if PermissionModel is SERVICE_MANAGED.
capabilitiesarrayIn some cases, you must explicitly acknowledge that your stack set template contains certain capabilities in order for AWS CloudFormation to create the stack set and related stack instances.
descriptionstringA description of the stack set. You can use the description to identify the stack set's purpose or other important information.
execution_role_namestringThe name of the IAM execution role to use to create the stack set. If you do not specify an execution role, AWS CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation.
operation_preferencesobjectThe user-specified preferences for how AWS CloudFormation performs a stack set operation.
stack_instances_grouparrayA group of stack instances with parameters in some specific accounts and regions.
parametersarrayThe input parameters for the stack set template.
permission_modelstringDescribes how the IAM roles required for stack set operations are created. By default, SELF-MANAGED is specified.
tagsarrayThe key-value pairs to associate with this stack set and the stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.
template_bodystringThe structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes.
template_urlstringLocation of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket.
call_asstringSpecifies the AWS account that you are acting from. By default, SELF is specified. For self-managed permissions, specify SELF; for service-managed permissions, if you are signed in to the organization's management account, specify SELF. If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.
managed_executionobjectDescribes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.
regionstringAWS region.

Methods

NameAccessible byRequired Params
create_resourceINSERTStackSetName, PermissionModel, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all stack_sets in a region.

SELECT
region,
stack_set_name,
stack_set_id,
administration_role_arn,
auto_deployment,
capabilities,
description,
execution_role_name,
operation_preferences,
stack_instances_group,
parameters,
permission_model,
tags,
template_body,
template_url,
call_as,
managed_execution
FROM aws.cloudformation.stack_sets
WHERE region = 'us-east-1';

Gets all properties from an individual stack_set.

SELECT
region,
stack_set_name,
stack_set_id,
administration_role_arn,
auto_deployment,
capabilities,
description,
execution_role_name,
operation_preferences,
stack_instances_group,
parameters,
permission_model,
tags,
template_body,
template_url,
call_as,
managed_execution
FROM aws.cloudformation.stack_sets
WHERE region = 'us-east-1' AND data__Identifier = '<StackSetId>';

INSERT example

Use the following StackQL query and manifest file to create a new stack_set resource, using stack-deploy.

/*+ create */
INSERT INTO aws.cloudformation.stack_sets (
StackSetName,
PermissionModel,
region
)
SELECT
'{{ StackSetName }}',
'{{ PermissionModel }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM aws.cloudformation.stack_sets
WHERE data__Identifier = '<StackSetId>'
AND region = 'us-east-1';

Permissions

To operate on the stack_sets resource, the following permissions are required:

Create

cloudformation:GetTemplateSummary,
cloudformation:CreateStackSet,
cloudformation:CreateStackInstances,
cloudformation:DescribeStackSetOperation,
cloudformation:ListStackSetOperationResults,
cloudformation:TagResource,
iam:PassRole

Read

cloudformation:DescribeStackSet,
cloudformation:ListStackInstances,
cloudformation:DescribeStackInstance

Update

cloudformation:GetTemplateSummary,
cloudformation:UpdateStackSet,
cloudformation:CreateStackInstances,
cloudformation:DeleteStackInstances,
cloudformation:UpdateStackInstances,
cloudformation:DescribeStackSet,
cloudformation:DescribeStackSetOperation,
cloudformation:ListStackSetOperationResults,
cloudformation:TagResource,
cloudformation:UntagResource,
iam:PassRole

Delete

cloudformation:DeleteStackSet,
cloudformation:DeleteStackInstances,
cloudformation:DescribeStackSet,
cloudformation:DescribeStackSetOperation,
cloudformation:ListStackSetOperationResults,
cloudformation:UntagResource

List

cloudformation:ListStackSets,
cloudformation:DescribeStackSet,
cloudformation:ListStackInstances,
cloudformation:DescribeStackInstance