Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS
  3. API Docs
  4. cloudformation
  5. StackSet
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi
pulumi/pulumi-aws

aws.cloudformation.StackSet

Explore with Pulumi AI

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi
pulumi/pulumi-aws

Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (aws.cloudformation.StackSetInstance resource). Additional information about StackSets can be found in the AWS CloudFormation User Guide.

NOTE: All template parameters, including those with a Default, must be configured or ignored with the lifecycle configuration block ignore_changes argument.

NOTE: All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.

NOTE: When using a delegated administrator account, ensure that your IAM User or Role has the organizations:ListDelegatedAdministrators permission. Otherwise, you may get an error like ValidationError: Account used is not a delegated administrator.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = aws.iam.getPolicyDocument({
    statements: [{
        actions: ["sts:AssumeRole"],
        effect: "Allow",
        principals: [{
            identifiers: ["cloudformation.amazonaws.com"],
            type: "Service",
        }],
    }],
});
const aWSCloudFormationStackSetAdministrationRole = new aws.iam.Role("AWSCloudFormationStackSetAdministrationRole", {
    assumeRolePolicy: aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.then(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json),
    name: "AWSCloudFormationStackSetAdministrationRole",
});
const example = new aws.cloudformation.StackSet("example", {
    administrationRoleArn: aWSCloudFormationStackSetAdministrationRole.arn,
    name: "example",
    parameters: {
        VPCCidr: "10.0.0.0/16",
    },
    templateBody: JSON.stringify({
        Parameters: {
            VPCCidr: {
                Type: "String",
                Default: "10.0.0.0/16",
                Description: "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
            },
        },
        Resources: {
            myVpc: {
                Type: "AWS::EC2::VPC",
                Properties: {
                    CidrBlock: {
                        Ref: "VPCCidr",
                    },
                    Tags: [{
                        Key: "Name",
                        Value: "Primary_CF_VPC",
                    }],
                },
            },
        },
    }),
});
const aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = aws.iam.getPolicyDocumentOutput({
    statements: [{
        actions: ["sts:AssumeRole"],
        effect: "Allow",
        resources: [pulumi.interpolate`arn:aws:iam::*:role/${example.executionRoleName}`],
    }],
});
const aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new aws.iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", {
    name: "ExecutionPolicy",
    policy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy => aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json),
    role: aWSCloudFormationStackSetAdministrationRole.name,
});
Copy
import pulumi
import json
import pulumi_aws as aws

a_ws_cloud_formation_stack_set_administration_role_assume_role_policy = aws.iam.get_policy_document(statements=[{
    "actions": ["sts:AssumeRole"],
    "effect": "Allow",
    "principals": [{
        "identifiers": ["cloudformation.amazonaws.com"],
        "type": "Service",
    }],
}])
a_ws_cloud_formation_stack_set_administration_role = aws.iam.Role("AWSCloudFormationStackSetAdministrationRole",
    assume_role_policy=a_ws_cloud_formation_stack_set_administration_role_assume_role_policy.json,
    name="AWSCloudFormationStackSetAdministrationRole")
example = aws.cloudformation.StackSet("example",
    administration_role_arn=a_ws_cloud_formation_stack_set_administration_role.arn,
    name="example",
    parameters={
        "VPCCidr": "10.0.0.0/16",
    },
    template_body=json.dumps({
        "Parameters": {
            "VPCCidr": {
                "Type": "String",
                "Default": "10.0.0.0/16",
                "Description": "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
            },
        },
        "Resources": {
            "myVpc": {
                "Type": "AWS::EC2::VPC",
                "Properties": {
                    "CidrBlock": {
                        "Ref": "VPCCidr",
                    },
                    "Tags": [{
                        "Key": "Name",
                        "Value": "Primary_CF_VPC",
                    }],
                },
            },
        },
    }))
a_ws_cloud_formation_stack_set_administration_role_execution_policy = aws.iam.get_policy_document_output(statements=[{
    "actions": ["sts:AssumeRole"],
    "effect": "Allow",
    "resources": [example.execution_role_name.apply(lambda execution_role_name: f"arn:aws:iam::*:role/{execution_role_name}")],
}])
a_ws_cloud_formation_stack_set_administration_role_execution_policy_role_policy = aws.iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy",
    name="ExecutionPolicy",
    policy=a_ws_cloud_formation_stack_set_administration_role_execution_policy.json,
    role=a_ws_cloud_formation_stack_set_administration_role.name)
Copy
package main

import (
	"encoding/json"
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Actions: []string{
						"sts:AssumeRole",
					},
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Identifiers: []string{
								"cloudformation.amazonaws.com",
							},
							Type: "Service",
						},
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		aWSCloudFormationStackSetAdministrationRole, err := iam.NewRole(ctx, "AWSCloudFormationStackSetAdministrationRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),
			Name:             pulumi.String("AWSCloudFormationStackSetAdministrationRole"),
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"Parameters": map[string]interface{}{
				"VPCCidr": map[string]interface{}{
					"Type":        "String",
					"Default":     "10.0.0.0/16",
					"Description": "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
				},
			},
			"Resources": map[string]interface{}{
				"myVpc": map[string]interface{}{
					"Type": "AWS::EC2::VPC",
					"Properties": map[string]interface{}{
						"CidrBlock": map[string]interface{}{
							"Ref": "VPCCidr",
						},
						"Tags": []map[string]interface{}{
							map[string]interface{}{
								"Key":   "Name",
								"Value": "Primary_CF_VPC",
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		example, err := cloudformation.NewStackSet(ctx, "example", &cloudformation.StackSetArgs{
			AdministrationRoleArn: aWSCloudFormationStackSetAdministrationRole.Arn,
			Name:                  pulumi.String("example"),
			Parameters: pulumi.StringMap{
				"VPCCidr": pulumi.String("10.0.0.0/16"),
			},
			TemplateBody: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		aWSCloudFormationStackSetAdministrationRoleExecutionPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
			Statements: iam.GetPolicyDocumentStatementArray{
				&iam.GetPolicyDocumentStatementArgs{
					Actions: pulumi.StringArray{
						pulumi.String("sts:AssumeRole"),
					},
					Effect: pulumi.String("Allow"),
					Resources: pulumi.StringArray{
						example.ExecutionRoleName.ApplyT(func(executionRoleName string) (string, error) {
							return fmt.Sprintf("arn:aws:iam::*:role/%v", executionRoleName), nil
						}).(pulumi.StringOutput),
					},
				},
			},
		}, nil)
		_, err = iam.NewRolePolicy(ctx, "AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", &iam.RolePolicyArgs{
			Name: pulumi.String("ExecutionPolicy"),
			Policy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.ApplyT(func(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy iam.GetPolicyDocumentResult) (*string, error) {
				return &aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Json, nil
			}).(pulumi.StringPtrOutput)),
			Role: aWSCloudFormationStackSetAdministrationRole.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Identifiers = new[]
                        {
                            "cloudformation.amazonaws.com",
                        },
                        Type = "Service",
                    },
                },
            },
        },
    });

    var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role("AWSCloudFormationStackSetAdministrationRole", new()
    {
        AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        Name = "AWSCloudFormationStackSetAdministrationRole",
    });

    var example = new Aws.CloudFormation.StackSet("example", new()
    {
        AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,
        Name = "example",
        Parameters = 
        {
            { "VPCCidr", "10.0.0.0/16" },
        },
        TemplateBody = JsonSerializer.Serialize(new Dictionary<string, object?>
        {
            ["Parameters"] = new Dictionary<string, object?>
            {
                ["VPCCidr"] = new Dictionary<string, object?>
                {
                    ["Type"] = "String",
                    ["Default"] = "10.0.0.0/16",
                    ["Description"] = "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
                },
            },
            ["Resources"] = new Dictionary<string, object?>
            {
                ["myVpc"] = new Dictionary<string, object?>
                {
                    ["Type"] = "AWS::EC2::VPC",
                    ["Properties"] = new Dictionary<string, object?>
                    {
                        ["CidrBlock"] = new Dictionary<string, object?>
                        {
                            ["Ref"] = "VPCCidr",
                        },
                        ["Tags"] = new[]
                        {
                            new Dictionary<string, object?>
                            {
                                ["Key"] = "Name",
                                ["Value"] = "Primary_CF_VPC",
                            },
                        },
                    },
                },
            },
        }),
    });

    var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
                Effect = "Allow",
                Resources = new[]
                {
                    $"arn:aws:iam::*:role/{example.ExecutionRoleName}",
                },
            },
        },
    });

    var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", new()
    {
        Name = "ExecutionPolicy",
        Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        Role = aWSCloudFormationStackSetAdministrationRole.Name,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cloudformation.StackSet;
import com.pulumi.aws.cloudformation.StackSetArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers("cloudformation.amazonaws.com")
                    .type("Service")
                    .build())
                .build())
            .build());

        var aWSCloudFormationStackSetAdministrationRole = new Role("aWSCloudFormationStackSetAdministrationRole", RoleArgs.builder()
            .assumeRolePolicy(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json())
            .name("AWSCloudFormationStackSetAdministrationRole")
            .build());

        var example = new StackSet("example", StackSetArgs.builder()
            .administrationRoleArn(aWSCloudFormationStackSetAdministrationRole.arn())
            .name("example")
            .parameters(Map.of("VPCCidr", "10.0.0.0/16"))
            .templateBody(serializeJson(
                jsonObject(
                    jsonProperty("Parameters", jsonObject(
                        jsonProperty("VPCCidr", jsonObject(
                            jsonProperty("Type", "String"),
                            jsonProperty("Default", "10.0.0.0/16"),
                            jsonProperty("Description", "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.")
                        ))
                    )),
                    jsonProperty("Resources", jsonObject(
                        jsonProperty("myVpc", jsonObject(
                            jsonProperty("Type", "AWS::EC2::VPC"),
                            jsonProperty("Properties", jsonObject(
                                jsonProperty("CidrBlock", jsonObject(
                                    jsonProperty("Ref", "VPCCidr")
                                )),
                                jsonProperty("Tags", jsonArray(jsonObject(
                                    jsonProperty("Key", "Name"),
                                    jsonProperty("Value", "Primary_CF_VPC")
                                )))
                            ))
                        ))
                    ))
                )))
            .build());

        final var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .resources(example.executionRoleName().applyValue(_executionRoleName -> String.format("arn:aws:iam::*:role/%s", _executionRoleName)))
                .build())
            .build());

        var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", RolePolicyArgs.builder()
            .name("ExecutionPolicy")
            .policy(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(_aWSCloudFormationStackSetAdministrationRoleExecutionPolicy -> _aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json()))
            .role(aWSCloudFormationStackSetAdministrationRole.name())
            .build());

    }
}
Copy
resources:
  aWSCloudFormationStackSetAdministrationRole:
    type: aws:iam:Role
    name: AWSCloudFormationStackSetAdministrationRole
    properties:
      assumeRolePolicy: ${aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json}
      name: AWSCloudFormationStackSetAdministrationRole
  example:
    type: aws:cloudformation:StackSet
    properties:
      administrationRoleArn: ${aWSCloudFormationStackSetAdministrationRole.arn}
      name: example
      parameters:
        VPCCidr: 10.0.0.0/16
      templateBody:
        fn::toJSON:
          Parameters:
            VPCCidr:
              Type: String
              Default: 10.0.0.0/16
              Description: Enter the CIDR block for the VPC. Default is 10.0.0.0/16.
          Resources:
            myVpc:
              Type: AWS::EC2::VPC
              Properties:
                CidrBlock:
                  Ref: VPCCidr
                Tags:
                  - Key: Name
                    Value: Primary_CF_VPC
  aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy:
    type: aws:iam:RolePolicy
    name: AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy
    properties:
      name: ExecutionPolicy
      policy: ${aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json}
      role: ${aWSCloudFormationStackSetAdministrationRole.name}
variables:
  aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - actions:
              - sts:AssumeRole
            effect: Allow
            principals:
              - identifiers:
                  - cloudformation.amazonaws.com
                type: Service
  aWSCloudFormationStackSetAdministrationRoleExecutionPolicy:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - actions:
              - sts:AssumeRole
            effect: Allow
            resources:
              - arn:aws:iam::*:role/${example.executionRoleName}
Copy

Create StackSet Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new StackSet(name: string, args?: StackSetArgs, opts?: CustomResourceOptions);
@overload
def StackSet(resource_name: str,
             args: Optional[StackSetArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def StackSet(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             administration_role_arn: Optional[str] = None,
             auto_deployment: Optional[StackSetAutoDeploymentArgs] = None,
             call_as: Optional[str] = None,
             capabilities: Optional[Sequence[str]] = None,
             description: Optional[str] = None,
             execution_role_name: Optional[str] = None,
             managed_execution: Optional[StackSetManagedExecutionArgs] = None,
             name: Optional[str] = None,
             operation_preferences: Optional[StackSetOperationPreferencesArgs] = None,
             parameters: Optional[Mapping[str, str]] = None,
             permission_model: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             template_body: Optional[str] = None,
             template_url: Optional[str] = None)
func NewStackSet(ctx *Context, name string, args *StackSetArgs, opts ...ResourceOption) (*StackSet, error)
public StackSet(string name, StackSetArgs? args = null, CustomResourceOptions? opts = null)
public StackSet(String name, StackSetArgs args)
public StackSet(String name, StackSetArgs args, CustomResourceOptions options)

type: aws:cloudformation:StackSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args StackSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args StackSetArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args StackSetArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args StackSetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. StackSetArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var stackSetResource = new Aws.CloudFormation.StackSet("stackSetResource", new()
{
    AdministrationRoleArn = "string",
    AutoDeployment = new Aws.CloudFormation.Inputs.StackSetAutoDeploymentArgs
    {
        Enabled = false,
        RetainStacksOnAccountRemoval = false,
    },
    CallAs = "string",
    Capabilities = new[]
    {
        "string",
    },
    Description = "string",
    ExecutionRoleName = "string",
    ManagedExecution = new Aws.CloudFormation.Inputs.StackSetManagedExecutionArgs
    {
        Active = false,
    },
    Name = "string",
    OperationPreferences = new Aws.CloudFormation.Inputs.StackSetOperationPreferencesArgs
    {
        FailureToleranceCount = 0,
        FailureTolerancePercentage = 0,
        MaxConcurrentCount = 0,
        MaxConcurrentPercentage = 0,
        RegionConcurrencyType = "string",
        RegionOrders = new[]
        {
            "string",
        },
    },
    Parameters = 
    {
        { "string", "string" },
    },
    PermissionModel = "string",
    Tags = 
    {
        { "string", "string" },
    },
    TemplateBody = "string",
    TemplateUrl = "string",
});
Copy
example, err := cloudformation.NewStackSet(ctx, "stackSetResource", &cloudformation.StackSetArgs{
	AdministrationRoleArn: pulumi.String("string"),
	AutoDeployment: &cloudformation.StackSetAutoDeploymentArgs{
		Enabled:                      pulumi.Bool(false),
		RetainStacksOnAccountRemoval: pulumi.Bool(false),
	},
	CallAs: pulumi.String("string"),
	Capabilities: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:       pulumi.String("string"),
	ExecutionRoleName: pulumi.String("string"),
	ManagedExecution: &cloudformation.StackSetManagedExecutionArgs{
		Active: pulumi.Bool(false),
	},
	Name: pulumi.String("string"),
	OperationPreferences: &cloudformation.StackSetOperationPreferencesArgs{
		FailureToleranceCount:      pulumi.Int(0),
		FailureTolerancePercentage: pulumi.Int(0),
		MaxConcurrentCount:         pulumi.Int(0),
		MaxConcurrentPercentage:    pulumi.Int(0),
		RegionConcurrencyType:      pulumi.String("string"),
		RegionOrders: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Parameters: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	PermissionModel: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TemplateBody: pulumi.String("string"),
	TemplateUrl:  pulumi.String("string"),
})
Copy
var stackSetResource = new StackSet("stackSetResource", StackSetArgs.builder()
    .administrationRoleArn("string")
    .autoDeployment(StackSetAutoDeploymentArgs.builder()
        .enabled(false)
        .retainStacksOnAccountRemoval(false)
        .build())
    .callAs("string")
    .capabilities("string")
    .description("string")
    .executionRoleName("string")
    .managedExecution(StackSetManagedExecutionArgs.builder()
        .active(false)
        .build())
    .name("string")
    .operationPreferences(StackSetOperationPreferencesArgs.builder()
        .failureToleranceCount(0)
        .failureTolerancePercentage(0)
        .maxConcurrentCount(0)
        .maxConcurrentPercentage(0)
        .regionConcurrencyType("string")
        .regionOrders("string")
        .build())
    .parameters(Map.of("string", "string"))
    .permissionModel("string")
    .tags(Map.of("string", "string"))
    .templateBody("string")
    .templateUrl("string")
    .build());
Copy
stack_set_resource = aws.cloudformation.StackSet("stackSetResource",
    administration_role_arn="string",
    auto_deployment={
        "enabled": False,
        "retain_stacks_on_account_removal": False,
    },
    call_as="string",
    capabilities=["string"],
    description="string",
    execution_role_name="string",
    managed_execution={
        "active": False,
    },
    name="string",
    operation_preferences={
        "failure_tolerance_count": 0,
        "failure_tolerance_percentage": 0,
        "max_concurrent_count": 0,
        "max_concurrent_percentage": 0,
        "region_concurrency_type": "string",
        "region_orders": ["string"],
    },
    parameters={
        "string": "string",
    },
    permission_model="string",
    tags={
        "string": "string",
    },
    template_body="string",
    template_url="string")
Copy
const stackSetResource = new aws.cloudformation.StackSet("stackSetResource", {
    administrationRoleArn: "string",
    autoDeployment: {
        enabled: false,
        retainStacksOnAccountRemoval: false,
    },
    callAs: "string",
    capabilities: ["string"],
    description: "string",
    executionRoleName: "string",
    managedExecution: {
        active: false,
    },
    name: "string",
    operationPreferences: {
        failureToleranceCount: 0,
        failureTolerancePercentage: 0,
        maxConcurrentCount: 0,
        maxConcurrentPercentage: 0,
        regionConcurrencyType: "string",
        regionOrders: ["string"],
    },
    parameters: {
        string: "string",
    },
    permissionModel: "string",
    tags: {
        string: "string",
    },
    templateBody: "string",
    templateUrl: "string",
});
Copy
type: aws:cloudformation:StackSet
properties:
    administrationRoleArn: string
    autoDeployment:
        enabled: false
        retainStacksOnAccountRemoval: false
    callAs: string
    capabilities:
        - string
    description: string
    executionRoleName: string
    managedExecution:
        active: false
    name: string
    operationPreferences:
        failureToleranceCount: 0
        failureTolerancePercentage: 0
        maxConcurrentCount: 0
        maxConcurrentPercentage: 0
        regionConcurrencyType: string
        regionOrders:
            - string
    parameters:
        string: string
    permissionModel: string
    tags:
        string: string
    templateBody: string
    templateUrl: string
Copy

StackSet Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The StackSet resource accepts the following input properties:

AdministrationRoleArn string
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
AutoDeployment Changes to this property will trigger replacement. StackSetAutoDeployment
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities List<string>
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string
Description of the StackSet.
ExecutionRoleName string
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecution
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name Changes to this property will trigger replacement. string
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferences
Preferences for how AWS CloudFormation performs a stack set update.
Parameters Dictionary<string, string>
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
Tags Dictionary<string, string>
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TemplateBody string
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
AdministrationRoleArn string
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
AutoDeployment Changes to this property will trigger replacement. StackSetAutoDeploymentArgs
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities []string
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string
Description of the StackSet.
ExecutionRoleName string
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecutionArgs
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name Changes to this property will trigger replacement. string
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferencesArgs
Preferences for how AWS CloudFormation performs a stack set update.
Parameters map[string]string
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
Tags map[string]string
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TemplateBody string
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administrationRoleArn String
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
autoDeployment Changes to this property will trigger replacement. StackSetAutoDeployment
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String
Description of the StackSet.
executionRoleName String
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. String
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences
Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String,String>
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags Map<String,String>
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
templateBody String
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administrationRoleArn string
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
autoDeployment Changes to this property will trigger replacement. StackSetAutoDeployment
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs string
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities string[]
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description string
Description of the StackSet.
executionRoleName string
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. string
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences
Preferences for how AWS CloudFormation performs a stack set update.
parameters {[key: string]: string}
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel string
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags {[key: string]: string}
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
templateBody string
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl string
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administration_role_arn str
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
auto_deployment Changes to this property will trigger replacement. StackSetAutoDeploymentArgs
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
call_as str
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities Sequence[str]
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description str
Description of the StackSet.
execution_role_name str
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managed_execution StackSetManagedExecutionArgs
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. str
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operation_preferences StackSetOperationPreferencesArgs
Preferences for how AWS CloudFormation performs a stack set update.
parameters Mapping[str, str]
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permission_model str
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags Mapping[str, str]
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
template_body str
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
template_url str
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administrationRoleArn String
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
autoDeployment Changes to this property will trigger replacement. Property Map
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String
Description of the StackSet.
executionRoleName String
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution Property Map
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. String
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences Property Map
Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String>
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags Map<String>
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
templateBody String
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

Outputs

All input properties are implicitly available as output properties. Additionally, the StackSet resource produces the following output properties:

Arn string
Amazon Resource Name (ARN) of the StackSet.
Id string
The provider-assigned unique ID for this managed resource.
StackSetId string
Unique identifier of the StackSet.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Arn string
Amazon Resource Name (ARN) of the StackSet.
Id string
The provider-assigned unique ID for this managed resource.
StackSetId string
Unique identifier of the StackSet.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the StackSet.
id String
The provider-assigned unique ID for this managed resource.
stackSetId String
Unique identifier of the StackSet.
tagsAll Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn string
Amazon Resource Name (ARN) of the StackSet.
id string
The provider-assigned unique ID for this managed resource.
stackSetId string
Unique identifier of the StackSet.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn str
Amazon Resource Name (ARN) of the StackSet.
id str
The provider-assigned unique ID for this managed resource.
stack_set_id str
Unique identifier of the StackSet.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the StackSet.
id String
The provider-assigned unique ID for this managed resource.
stackSetId String
Unique identifier of the StackSet.
tagsAll Map<String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Look up Existing StackSet Resource

Get an existing StackSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: StackSetState, opts?: CustomResourceOptions): StackSet
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        administration_role_arn: Optional[str] = None,
        arn: Optional[str] = None,
        auto_deployment: Optional[StackSetAutoDeploymentArgs] = None,
        call_as: Optional[str] = None,
        capabilities: Optional[Sequence[str]] = None,
        description: Optional[str] = None,
        execution_role_name: Optional[str] = None,
        managed_execution: Optional[StackSetManagedExecutionArgs] = None,
        name: Optional[str] = None,
        operation_preferences: Optional[StackSetOperationPreferencesArgs] = None,
        parameters: Optional[Mapping[str, str]] = None,
        permission_model: Optional[str] = None,
        stack_set_id: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        template_body: Optional[str] = None,
        template_url: Optional[str] = None) -> StackSet
func GetStackSet(ctx *Context, name string, id IDInput, state *StackSetState, opts ...ResourceOption) (*StackSet, error)
public static StackSet Get(string name, Input<string> id, StackSetState? state, CustomResourceOptions? opts = null)
public static StackSet get(String name, Output<String> id, StackSetState state, CustomResourceOptions options)
resources:  _:    type: aws:cloudformation:StackSet    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AdministrationRoleArn string
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
Arn string
Amazon Resource Name (ARN) of the StackSet.
AutoDeployment Changes to this property will trigger replacement. StackSetAutoDeployment
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities List<string>
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string
Description of the StackSet.
ExecutionRoleName string
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecution
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name Changes to this property will trigger replacement. string
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferences
Preferences for how AWS CloudFormation performs a stack set update.
Parameters Dictionary<string, string>
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
StackSetId string
Unique identifier of the StackSet.
Tags Dictionary<string, string>
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

TemplateBody string
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
AdministrationRoleArn string
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
Arn string
Amazon Resource Name (ARN) of the StackSet.
AutoDeployment Changes to this property will trigger replacement. StackSetAutoDeploymentArgs
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities []string
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string
Description of the StackSet.
ExecutionRoleName string
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecutionArgs
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name Changes to this property will trigger replacement. string
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferencesArgs
Preferences for how AWS CloudFormation performs a stack set update.
Parameters map[string]string
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
StackSetId string
Unique identifier of the StackSet.
Tags map[string]string
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

TemplateBody string
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administrationRoleArn String
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn String
Amazon Resource Name (ARN) of the StackSet.
autoDeployment Changes to this property will trigger replacement. StackSetAutoDeployment
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String
Description of the StackSet.
executionRoleName String
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. String
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences
Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String,String>
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stackSetId String
Unique identifier of the StackSet.
tags Map<String,String>
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

templateBody String
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administrationRoleArn string
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn string
Amazon Resource Name (ARN) of the StackSet.
autoDeployment Changes to this property will trigger replacement. StackSetAutoDeployment
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs string
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities string[]
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description string
Description of the StackSet.
executionRoleName string
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. string
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences
Preferences for how AWS CloudFormation performs a stack set update.
parameters {[key: string]: string}
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel string
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stackSetId string
Unique identifier of the StackSet.
tags {[key: string]: string}
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

templateBody string
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl string
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administration_role_arn str
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn str
Amazon Resource Name (ARN) of the StackSet.
auto_deployment Changes to this property will trigger replacement. StackSetAutoDeploymentArgs
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
call_as str
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities Sequence[str]
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description str
Description of the StackSet.
execution_role_name str
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managed_execution StackSetManagedExecutionArgs
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. str
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operation_preferences StackSetOperationPreferencesArgs
Preferences for how AWS CloudFormation performs a stack set update.
parameters Mapping[str, str]
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permission_model str
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stack_set_id str
Unique identifier of the StackSet.
tags Mapping[str, str]
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

template_body str
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
template_url str
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.
administrationRoleArn String
Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn String
Amazon Resource Name (ARN) of the StackSet.
autoDeployment Changes to this property will trigger replacement. Property Map
Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String
Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>
A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String
Description of the StackSet.
executionRoleName String
Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution Property Map
Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name Changes to this property will trigger replacement. String
Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences Property Map
Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String>
Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String
Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stackSetId String
Unique identifier of the StackSet.
tags Map<String>
Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

templateBody String
String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String
String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

Supporting Types

StackSetAutoDeployment
, StackSetAutoDeploymentArgs

Enabled bool
Whether or not auto-deployment is enabled.
RetainStacksOnAccountRemoval bool
Whether or not to retain stacks when the account is removed.
Enabled bool
Whether or not auto-deployment is enabled.
RetainStacksOnAccountRemoval bool
Whether or not to retain stacks when the account is removed.
enabled Boolean
Whether or not auto-deployment is enabled.
retainStacksOnAccountRemoval Boolean
Whether or not to retain stacks when the account is removed.
enabled boolean
Whether or not auto-deployment is enabled.
retainStacksOnAccountRemoval boolean
Whether or not to retain stacks when the account is removed.
enabled bool
Whether or not auto-deployment is enabled.
retain_stacks_on_account_removal bool
Whether or not to retain stacks when the account is removed.
enabled Boolean
Whether or not auto-deployment is enabled.
retainStacksOnAccountRemoval Boolean
Whether or not to retain stacks when the account is removed.

StackSetManagedExecution
, StackSetManagedExecutionArgs

Active bool
When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
Active bool
When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
active Boolean
When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
active boolean
When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
active bool
When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.
active Boolean
When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.

StackSetOperationPreferences
, StackSetOperationPreferencesArgs

FailureToleranceCount int
The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
FailureTolerancePercentage int
The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
MaxConcurrentCount int
The maximum number of accounts in which to perform this operation at one time.
MaxConcurrentPercentage int
The maximum percentage of accounts in which to perform this operation at one time.
RegionConcurrencyType string
The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
RegionOrders List<string>
The order of the Regions in where you want to perform the stack operation.
FailureToleranceCount int
The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
FailureTolerancePercentage int
The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
MaxConcurrentCount int
The maximum number of accounts in which to perform this operation at one time.
MaxConcurrentPercentage int
The maximum percentage of accounts in which to perform this operation at one time.
RegionConcurrencyType string
The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
RegionOrders []string
The order of the Regions in where you want to perform the stack operation.
failureToleranceCount Integer
The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failureTolerancePercentage Integer
The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
maxConcurrentCount Integer
The maximum number of accounts in which to perform this operation at one time.
maxConcurrentPercentage Integer
The maximum percentage of accounts in which to perform this operation at one time.
regionConcurrencyType String
The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
regionOrders List<String>
The order of the Regions in where you want to perform the stack operation.
failureToleranceCount number
The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failureTolerancePercentage number
The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
maxConcurrentCount number
The maximum number of accounts in which to perform this operation at one time.
maxConcurrentPercentage number
The maximum percentage of accounts in which to perform this operation at one time.
regionConcurrencyType string
The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
regionOrders string[]
The order of the Regions in where you want to perform the stack operation.
failure_tolerance_count int
The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failure_tolerance_percentage int
The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
max_concurrent_count int
The maximum number of accounts in which to perform this operation at one time.
max_concurrent_percentage int
The maximum percentage of accounts in which to perform this operation at one time.
region_concurrency_type str
The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
region_orders Sequence[str]
The order of the Regions in where you want to perform the stack operation.
failureToleranceCount Number
The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failureTolerancePercentage Number
The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
maxConcurrentCount Number
The maximum number of accounts in which to perform this operation at one time.
maxConcurrentPercentage Number
The maximum percentage of accounts in which to perform this operation at one time.
regionConcurrencyType String
The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
regionOrders List<String>
The order of the Regions in where you want to perform the stack operation.

Import

Import CloudFormation StackSets when acting a delegated administrator in a member account using the name and call_as values separated by a comma (,). For example:

Using pulumi import, import CloudFormation StackSets using the name. For example:

$ pulumi import aws:cloudformation/stackSet:StackSet example example
Copy

Using pulumi import, import CloudFormation StackSets when acting a delegated administrator in a member account using the name and call_as values separated by a comma (,). For example:

$ pulumi import aws:cloudformation/stackSet:StackSet example example,DELEGATED_ADMIN
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi
pulumi/pulumi-aws