Class StackSetInstance
Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the AWS CloudFormation User Guide.
NOTE: All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the
execution_role_nameargument in theaws.cloudformation.StackSetresource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the AWS CloudFormation User Guide for more details.
NOTE: To retain the Stack during resource destroy, ensure
retain_stackhas been set totruein the state first. This must be completed before a deployment that would destroy the resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.CloudFormation.StackSetInstance("example", new Aws.CloudFormation.StackSetInstanceArgs
{
AccountId = "123456789012",
Region = "us-east-1",
StackSetName = aws_cloudformation_stack_set.Example.Name,
});
}
}
Example IAM Setup in Target Account
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,
},
Type = "AWS",
},
},
},
},
}));
var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role("aWSCloudFormationStackSetExecutionRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy => aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),
});
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"cloudformation:*",
"s3:*",
"sns:*",
},
Effect = "Allow",
Resources =
{
"*",
},
},
},
}));
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument => aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json),
Role = aWSCloudFormationStackSetExecutionRole.Name,
});
}
}
Inherited Members
Namespace: Pulumi.Aws.CloudFormation
Assembly: Pulumi.Aws.dll
Syntax
public class StackSetInstance : CustomResourceConstructors
View SourceStackSetInstance(String, StackSetInstanceArgs, CustomResourceOptions)
Create a StackSetInstance resource with the given unique name, arguments, and options.
Declaration
public StackSetInstance(string name, StackSetInstanceArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| StackSetInstanceArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceAccountId
Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account.
Declaration
public Output<string> AccountId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ParameterOverrides
Key-value map of input parameters to override from the StackSet for this Instance.
Declaration
public Output<ImmutableDictionary<string, string>> ParameterOverrides { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.String>> |
Region
Target AWS Region to create a Stack based on the StackSet. Defaults to current region.
Declaration
public Output<string> Region { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
RetainStack
During resource destroy, remove Instance from StackSet while keeping the Stack and its associated resources. Must be enabled in the state before destroy operation to take effect. You cannot reassociate a retained Stack or add an existing, saved Stack to a new StackSet. Defaults to false.
Declaration
public Output<bool?> RetainStack { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
StackId
Stack identifier
Declaration
public Output<string> StackId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
StackSetName
Name of the StackSet.
Declaration
public Output<string> StackSetName { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, StackSetInstanceState, CustomResourceOptions)
Get an existing StackSetInstance resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static StackSetInstance Get(string name, Input<string> id, StackSetInstanceState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| StackSetInstanceState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| StackSetInstance |