Namespace Pulumi.Aws.CloudFormation
Classes
GetExport
GetExportArgs
GetExportResult
GetStack
GetStackArgs
GetStackResult
Stack
Provides a CloudFormation Stack resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var network = new Aws.CloudFormation.Stack("network", new Aws.CloudFormation.StackArgs
{
Parameters =
{
{ "VPCCidr", "10.0.0.0/16" },
},
TemplateBody = @"{
""Parameters"" : {
""VPCCidr"" : {
""Type"" : ""String"",
""Default"" : ""10.0.0.0/16"",
""Description"" : ""Enter the CIDR block for the VPC. Default is 10.0.0.0/16.""
}
},
""Resources"" : {
""myVpc"": {
""Type"" : ""AWS::EC2::VPC"",
""Properties"" : {
""CidrBlock"" : { ""Ref"" : ""VPCCidr"" },
""Tags"" : [
{""Key"": ""Name"", ""Value"": ""Primary_CF_VPC""}
]
}
}
}
}
",
});
}
}
StackArgs
StackSet
Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (aws.cloudformation.StackSetInstance resource). Additional information about StackSets can be found in the AWS CloudFormation User Guide.
NOTE: All template parameters, including those with a
Default, must be configured or ignored with thelifecycleconfiguration blockignore_changesargument.
NOTE: All
NoEchotemplate parameters must be ignored with thelifecycleconfiguration blockignore_changesargument.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"cloudformation.amazonaws.com",
},
Type = "Service",
},
},
},
},
}));
var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role("aWSCloudFormationStackSetAdministrationRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),
});
var example = new Aws.CloudFormation.StackSet("example", new Aws.CloudFormation.StackSetArgs
{
AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,
Parameters =
{
{ "VPCCidr", "10.0.0.0/16" },
},
TemplateBody = @"{
""Parameters"" : {
""VPCCidr"" : {
""Type"" : ""String"",
""Default"" : ""10.0.0.0/16"",
""Description"" : ""Enter the CIDR block for the VPC. Default is 10.0.0.0/16.""
}
},
""Resources"" : {
""myVpc"": {
""Type"" : ""AWS::EC2::VPC"",
""Properties"" : {
""CidrBlock"" : { ""Ref"" : ""VPCCidr"" },
""Tags"" : [
{""Key"": ""Name"", ""Value"": ""Primary_CF_VPC""}
]
}
}
}
}
",
});
var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument = example.ExecutionRoleName.Apply(executionRoleName => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Resources =
{
$"arn:aws:iam::*:role/{executionRoleName}",
},
},
},
}));
var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument => aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Json),
Role = aWSCloudFormationStackSetAdministrationRole.Name,
});
}
}
StackSetArgs
StackSetInstance
Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the AWS CloudFormation User Guide.
NOTE: All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the
execution_role_nameargument in theaws.cloudformation.StackSetresource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the AWS CloudFormation User Guide for more details.
NOTE: To retain the Stack during resource destroy, ensure
retain_stackhas been set totruein the state first. This must be completed before a deployment that would destroy the resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.CloudFormation.StackSetInstance("example", new Aws.CloudFormation.StackSetInstanceArgs
{
AccountId = "123456789012",
Region = "us-east-1",
StackSetName = aws_cloudformation_stack_set.Example.Name,
});
}
}
Example IAM Setup in Target Account
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_iam_role.AWSCloudFormationStackSetAdministrationRole.Arn,
},
Type = "AWS",
},
},
},
},
}));
var aWSCloudFormationStackSetExecutionRole = new Aws.Iam.Role("aWSCloudFormationStackSetExecutionRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy => aWSCloudFormationStackSetExecutionRoleAssumeRolePolicy.Json),
});
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"cloudformation:*",
"s3:*",
"sns:*",
},
Effect = "Allow",
Resources =
{
"*",
},
},
},
}));
var aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument => aWSCloudFormationStackSetExecutionRoleMinimumExecutionPolicyPolicyDocument.Json),
Role = aWSCloudFormationStackSetExecutionRole.Name,
});
}
}