AWS v6.73.0, Mar 19 25

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

aws.cloudformation.StackSet

Explore with Pulumi AI

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = aws.iam.getPolicyDocument({
    statements: [{
        actions: ["sts:AssumeRole"],
        effect: "Allow",
        principals: [{
            identifiers: ["cloudformation.amazonaws.com"],
            type: "Service",
        }],
    }],
});
const aWSCloudFormationStackSetAdministrationRole = new aws.iam.Role("AWSCloudFormationStackSetAdministrationRole", {
    assumeRolePolicy: aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.then(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json),
    name: "AWSCloudFormationStackSetAdministrationRole",
});
const example = new aws.cloudformation.StackSet("example", {
    administrationRoleArn: aWSCloudFormationStackSetAdministrationRole.arn,
    name: "example",
    parameters: {
        VPCCidr: "10.0.0.0/16",
    },
    templateBody: JSON.stringify({
        Parameters: {
            VPCCidr: {
                Type: "String",
                Default: "10.0.0.0/16",
                Description: "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
            },
        },
        Resources: {
            myVpc: {
                Type: "AWS::EC2::VPC",
                Properties: {
                    CidrBlock: {
                        Ref: "VPCCidr",
                    },
                    Tags: [{
                        Key: "Name",
                        Value: "Primary_CF_VPC",
                    }],
                },
            },
        },
    }),
});
const aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = aws.iam.getPolicyDocumentOutput({
    statements: [{
        actions: ["sts:AssumeRole"],
        effect: "Allow",
        resources: [pulumi.interpolate`arn:aws:iam::*:role/${example.executionRoleName}`],
    }],
});
const aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new aws.iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", {
    name: "ExecutionPolicy",
    policy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy => aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json),
    role: aWSCloudFormationStackSetAdministrationRole.name,
});

import pulumi
import json
import pulumi_aws as aws

a_ws_cloud_formation_stack_set_administration_role_assume_role_policy = aws.iam.get_policy_document(statements=[{
    "actions": ["sts:AssumeRole"],
    "effect": "Allow",
    "principals": [{
        "identifiers": ["cloudformation.amazonaws.com"],
        "type": "Service",
    }],
}])
a_ws_cloud_formation_stack_set_administration_role = aws.iam.Role("AWSCloudFormationStackSetAdministrationRole",
    assume_role_policy=a_ws_cloud_formation_stack_set_administration_role_assume_role_policy.json,
    name="AWSCloudFormationStackSetAdministrationRole")
example = aws.cloudformation.StackSet("example",
    administration_role_arn=a_ws_cloud_formation_stack_set_administration_role.arn,
    name="example",
    parameters={
        "VPCCidr": "10.0.0.0/16",
    },
    template_body=json.dumps({
        "Parameters": {
            "VPCCidr": {
                "Type": "String",
                "Default": "10.0.0.0/16",
                "Description": "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
            },
        },
        "Resources": {
            "myVpc": {
                "Type": "AWS::EC2::VPC",
                "Properties": {
                    "CidrBlock": {
                        "Ref": "VPCCidr",
                    },
                    "Tags": [{
                        "Key": "Name",
                        "Value": "Primary_CF_VPC",
                    }],
                },
            },
        },
    }))
a_ws_cloud_formation_stack_set_administration_role_execution_policy = aws.iam.get_policy_document_output(statements=[{
    "actions": ["sts:AssumeRole"],
    "effect": "Allow",
    "resources": [example.execution_role_name.apply(lambda execution_role_name: f"arn:aws:iam::*:role/{execution_role_name}")],
}])
a_ws_cloud_formation_stack_set_administration_role_execution_policy_role_policy = aws.iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy",
    name="ExecutionPolicy",
    policy=a_ws_cloud_formation_stack_set_administration_role_execution_policy.json,
    role=a_ws_cloud_formation_stack_set_administration_role.name)

package main

import (
	"encoding/json"
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudformation"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Actions: []string{
						"sts:AssumeRole",
					},
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Identifiers: []string{
								"cloudformation.amazonaws.com",
							},
							Type: "Service",
						},
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		aWSCloudFormationStackSetAdministrationRole, err := iam.NewRole(ctx, "AWSCloudFormationStackSetAdministrationRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),
			Name:             pulumi.String("AWSCloudFormationStackSetAdministrationRole"),
		})
		if err != nil {
			return err
		}
		tmpJSON0, err := json.Marshal(map[string]interface{}{
			"Parameters": map[string]interface{}{
				"VPCCidr": map[string]interface{}{
					"Type":        "String",
					"Default":     "10.0.0.0/16",
					"Description": "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
				},
			},
			"Resources": map[string]interface{}{
				"myVpc": map[string]interface{}{
					"Type": "AWS::EC2::VPC",
					"Properties": map[string]interface{}{
						"CidrBlock": map[string]interface{}{
							"Ref": "VPCCidr",
						},
						"Tags": []map[string]interface{}{
							map[string]interface{}{
								"Key":   "Name",
								"Value": "Primary_CF_VPC",
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		json0 := string(tmpJSON0)
		example, err := cloudformation.NewStackSet(ctx, "example", &cloudformation.StackSetArgs{
			AdministrationRoleArn: aWSCloudFormationStackSetAdministrationRole.Arn,
			Name:                  pulumi.String("example"),
			Parameters: pulumi.StringMap{
				"VPCCidr": pulumi.String("10.0.0.0/16"),
			},
			TemplateBody: pulumi.String(json0),
		})
		if err != nil {
			return err
		}
		aWSCloudFormationStackSetAdministrationRoleExecutionPolicy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
			Statements: iam.GetPolicyDocumentStatementArray{
				&iam.GetPolicyDocumentStatementArgs{
					Actions: pulumi.StringArray{
						pulumi.String("sts:AssumeRole"),
					},
					Effect: pulumi.String("Allow"),
					Resources: pulumi.StringArray{
						example.ExecutionRoleName.ApplyT(func(executionRoleName string) (string, error) {
							return fmt.Sprintf("arn:aws:iam::*:role/%v", executionRoleName), nil
						}).(pulumi.StringOutput),
					},
				},
			},
		}, nil)
		_, err = iam.NewRolePolicy(ctx, "AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", &iam.RolePolicyArgs{
			Name: pulumi.String("ExecutionPolicy"),
			Policy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.ApplyT(func(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy iam.GetPolicyDocumentResult) (*string, error) {
				return &aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Json, nil
			}).(pulumi.StringPtrOutput)),
			Role: aWSCloudFormationStackSetAdministrationRole.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Identifiers = new[]
                        {
                            "cloudformation.amazonaws.com",
                        },
                        Type = "Service",
                    },
                },
            },
        },
    });

    var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role("AWSCloudFormationStackSetAdministrationRole", new()
    {
        AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        Name = "AWSCloudFormationStackSetAdministrationRole",
    });

    var example = new Aws.CloudFormation.StackSet("example", new()
    {
        AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,
        Name = "example",
        Parameters = 
        {
            { "VPCCidr", "10.0.0.0/16" },
        },
        TemplateBody = JsonSerializer.Serialize(new Dictionary<string, object?>
        {
            ["Parameters"] = new Dictionary<string, object?>
            {
                ["VPCCidr"] = new Dictionary<string, object?>
                {
                    ["Type"] = "String",
                    ["Default"] = "10.0.0.0/16",
                    ["Description"] = "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.",
                },
            },
            ["Resources"] = new Dictionary<string, object?>
            {
                ["myVpc"] = new Dictionary<string, object?>
                {
                    ["Type"] = "AWS::EC2::VPC",
                    ["Properties"] = new Dictionary<string, object?>
                    {
                        ["CidrBlock"] = new Dictionary<string, object?>
                        {
                            ["Ref"] = "VPCCidr",
                        },
                        ["Tags"] = new[]
                        {
                            new Dictionary<string, object?>
                            {
                                ["Key"] = "Name",
                                ["Value"] = "Primary_CF_VPC",
                            },
                        },
                    },
                },
            },
        }),
    });

    var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
                Effect = "Allow",
                Resources = new[]
                {
                    $"arn:aws:iam::*:role/{example.ExecutionRoleName}",
                },
            },
        },
    });

    var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy("AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy", new()
    {
        Name = "ExecutionPolicy",
        Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        Role = aWSCloudFormationStackSetAdministrationRole.Name,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cloudformation.StackSet;
import com.pulumi.aws.cloudformation.StackSetArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers("cloudformation.amazonaws.com")
                    .type("Service")
                    .build())
                .build())
            .build());

        var aWSCloudFormationStackSetAdministrationRole = new Role("aWSCloudFormationStackSetAdministrationRole", RoleArgs.builder()
            .assumeRolePolicy(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .name("AWSCloudFormationStackSetAdministrationRole")
            .build());

        var example = new StackSet("example", StackSetArgs.builder()
            .administrationRoleArn(aWSCloudFormationStackSetAdministrationRole.arn())
            .name("example")
            .parameters(Map.of("VPCCidr", "10.0.0.0/16"))
            .templateBody(serializeJson(
                jsonObject(
                    jsonProperty("Parameters", jsonObject(
                        jsonProperty("VPCCidr", jsonObject(
                            jsonProperty("Type", "String"),
                            jsonProperty("Default", "10.0.0.0/16"),
                            jsonProperty("Description", "Enter the CIDR block for the VPC. Default is 10.0.0.0/16.")
                        ))
                    )),
                    jsonProperty("Resources", jsonObject(
                        jsonProperty("myVpc", jsonObject(
                            jsonProperty("Type", "AWS::EC2::VPC"),
                            jsonProperty("Properties", jsonObject(
                                jsonProperty("CidrBlock", jsonObject(
                                    jsonProperty("Ref", "VPCCidr")
                                )),
                                jsonProperty("Tags", jsonArray(jsonObject(
                                    jsonProperty("Key", "Name"),
                                    jsonProperty("Value", "Primary_CF_VPC")
                                )))
                            ))
                        ))
                    ))
                )))
            .build());

        final var aWSCloudFormationStackSetAdministrationRoleExecutionPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .effect("Allow")
                .resources(example.executionRoleName().applyValue(executionRoleName -> String.format("arn:aws:iam::*:role/%s", executionRoleName)))
                .build())
            .build());

        var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new RolePolicy("aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy", RolePolicyArgs.builder()
            .name("ExecutionPolicy")
            .policy(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(aWSCloudFormationStackSetAdministrationRoleExecutionPolicy -> aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .role(aWSCloudFormationStackSetAdministrationRole.name())
            .build());

    }
}

resources:
  aWSCloudFormationStackSetAdministrationRole:
    type: aws:iam:Role
    name: AWSCloudFormationStackSetAdministrationRole
    properties:
      assumeRolePolicy: ${aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json}
      name: AWSCloudFormationStackSetAdministrationRole
  example:
    type: aws:cloudformation:StackSet
    properties:
      administrationRoleArn: ${aWSCloudFormationStackSetAdministrationRole.arn}
      name: example
      parameters:
        VPCCidr: 10.0.0.0/16
      templateBody:
        fn::toJSON:
          Parameters:
            VPCCidr:
              Type: String
              Default: 10.0.0.0/16
              Description: Enter the CIDR block for the VPC. Default is 10.0.0.0/16.
          Resources:
            myVpc:
              Type: AWS::EC2::VPC
              Properties:
                CidrBlock:
                  Ref: VPCCidr
                Tags:
                  - Key: Name
                    Value: Primary_CF_VPC
  aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy:
    type: aws:iam:RolePolicy
    name: AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy
    properties:
      name: ExecutionPolicy
      policy: ${aWSCloudFormationStackSetAdministrationRoleExecutionPolicy.json}
      role: ${aWSCloudFormationStackSetAdministrationRole.name}
variables:
  aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - actions:
              - sts:AssumeRole
            effect: Allow
            principals:
              - identifiers:
                  - cloudformation.amazonaws.com
                type: Service
  aWSCloudFormationStackSetAdministrationRoleExecutionPolicy:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - actions:
              - sts:AssumeRole
            effect: Allow
            resources:
              - arn:aws:iam::*:role/${example.executionRoleName}

Create StackSet Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new StackSet(name: string, args?: StackSetArgs, opts?: CustomResourceOptions);

@overload
def StackSet(resource_name: str,
             args: Optional[StackSetArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def StackSet(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             administration_role_arn: Optional[str] = None,
             auto_deployment: Optional[StackSetAutoDeploymentArgs] = None,
             call_as: Optional[str] = None,
             capabilities: Optional[Sequence[str]] = None,
             description: Optional[str] = None,
             execution_role_name: Optional[str] = None,
             managed_execution: Optional[StackSetManagedExecutionArgs] = None,
             name: Optional[str] = None,
             operation_preferences: Optional[StackSetOperationPreferencesArgs] = None,
             parameters: Optional[Mapping[str, str]] = None,
             permission_model: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             template_body: Optional[str] = None,
             template_url: Optional[str] = None)

func NewStackSet(ctx *Context, name string, args *StackSetArgs, opts ...ResourceOption) (*StackSet, error)

public StackSet(string name, StackSetArgs? args = null, CustomResourceOptions? opts = null)

public StackSet(String name, StackSetArgs args)
public StackSet(String name, StackSetArgs args, CustomResourceOptions options)

type: aws:cloudformation:StackSet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args StackSetArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args StackSetArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args StackSetArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args StackSetArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args StackSetArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var stackSetResource = new Aws.CloudFormation.StackSet("stackSetResource", new()
{
    AdministrationRoleArn = "string",
    AutoDeployment = new Aws.CloudFormation.Inputs.StackSetAutoDeploymentArgs
    {
        Enabled = false,
        RetainStacksOnAccountRemoval = false,
    },
    CallAs = "string",
    Capabilities = new[]
    {
        "string",
    },
    Description = "string",
    ExecutionRoleName = "string",
    ManagedExecution = new Aws.CloudFormation.Inputs.StackSetManagedExecutionArgs
    {
        Active = false,
    },
    Name = "string",
    OperationPreferences = new Aws.CloudFormation.Inputs.StackSetOperationPreferencesArgs
    {
        FailureToleranceCount = 0,
        FailureTolerancePercentage = 0,
        MaxConcurrentCount = 0,
        MaxConcurrentPercentage = 0,
        RegionConcurrencyType = "string",
        RegionOrders = new[]
        {
            "string",
        },
    },
    Parameters = 
    {
        { "string", "string" },
    },
    PermissionModel = "string",
    Tags = 
    {
        { "string", "string" },
    },
    TemplateBody = "string",
    TemplateUrl = "string",
});

example, err := cloudformation.NewStackSet(ctx, "stackSetResource", &cloudformation.StackSetArgs{
	AdministrationRoleArn: pulumi.String("string"),
	AutoDeployment: &cloudformation.StackSetAutoDeploymentArgs{
		Enabled:                      pulumi.Bool(false),
		RetainStacksOnAccountRemoval: pulumi.Bool(false),
	},
	CallAs: pulumi.String("string"),
	Capabilities: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:       pulumi.String("string"),
	ExecutionRoleName: pulumi.String("string"),
	ManagedExecution: &cloudformation.StackSetManagedExecutionArgs{
		Active: pulumi.Bool(false),
	},
	Name: pulumi.String("string"),
	OperationPreferences: &cloudformation.StackSetOperationPreferencesArgs{
		FailureToleranceCount:      pulumi.Int(0),
		FailureTolerancePercentage: pulumi.Int(0),
		MaxConcurrentCount:         pulumi.Int(0),
		MaxConcurrentPercentage:    pulumi.Int(0),
		RegionConcurrencyType:      pulumi.String("string"),
		RegionOrders: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Parameters: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	PermissionModel: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TemplateBody: pulumi.String("string"),
	TemplateUrl:  pulumi.String("string"),
})

var stackSetResource = new StackSet("stackSetResource", StackSetArgs.builder()
    .administrationRoleArn("string")
    .autoDeployment(StackSetAutoDeploymentArgs.builder()
        .enabled(false)
        .retainStacksOnAccountRemoval(false)
        .build())
    .callAs("string")
    .capabilities("string")
    .description("string")
    .executionRoleName("string")
    .managedExecution(StackSetManagedExecutionArgs.builder()
        .active(false)
        .build())
    .name("string")
    .operationPreferences(StackSetOperationPreferencesArgs.builder()
        .failureToleranceCount(0)
        .failureTolerancePercentage(0)
        .maxConcurrentCount(0)
        .maxConcurrentPercentage(0)
        .regionConcurrencyType("string")
        .regionOrders("string")
        .build())
    .parameters(Map.of("string", "string"))
    .permissionModel("string")
    .tags(Map.of("string", "string"))
    .templateBody("string")
    .templateUrl("string")
    .build());

stack_set_resource = aws.cloudformation.StackSet("stackSetResource",
    administration_role_arn="string",
    auto_deployment={
        "enabled": False,
        "retain_stacks_on_account_removal": False,
    },
    call_as="string",
    capabilities=["string"],
    description="string",
    execution_role_name="string",
    managed_execution={
        "active": False,
    },
    name="string",
    operation_preferences={
        "failure_tolerance_count": 0,
        "failure_tolerance_percentage": 0,
        "max_concurrent_count": 0,
        "max_concurrent_percentage": 0,
        "region_concurrency_type": "string",
        "region_orders": ["string"],
    },
    parameters={
        "string": "string",
    },
    permission_model="string",
    tags={
        "string": "string",
    },
    template_body="string",
    template_url="string")

const stackSetResource = new aws.cloudformation.StackSet("stackSetResource", {
    administrationRoleArn: "string",
    autoDeployment: {
        enabled: false,
        retainStacksOnAccountRemoval: false,
    },
    callAs: "string",
    capabilities: ["string"],
    description: "string",
    executionRoleName: "string",
    managedExecution: {
        active: false,
    },
    name: "string",
    operationPreferences: {
        failureToleranceCount: 0,
        failureTolerancePercentage: 0,
        maxConcurrentCount: 0,
        maxConcurrentPercentage: 0,
        regionConcurrencyType: "string",
        regionOrders: ["string"],
    },
    parameters: {
        string: "string",
    },
    permissionModel: "string",
    tags: {
        string: "string",
    },
    templateBody: "string",
    templateUrl: "string",
});

type: aws:cloudformation:StackSet
properties:
    administrationRoleArn: string
    autoDeployment:
        enabled: false
        retainStacksOnAccountRemoval: false
    callAs: string
    capabilities:
        - string
    description: string
    executionRoleName: string
    managedExecution:
        active: false
    name: string
    operationPreferences:
        failureToleranceCount: 0
        failureTolerancePercentage: 0
        maxConcurrentCount: 0
        maxConcurrentPercentage: 0
        regionConcurrencyType: string
        regionOrders:
            - string
    parameters:
        string: string
    permissionModel: string
    tags:
        string: string
    templateBody: string
    templateUrl: string

StackSet Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The StackSet resource accepts the following input properties:

AdministrationRoleArn string: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
AutoDeployment StackSetAutoDeployment: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities List<string>: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string: Description of the StackSet.
ExecutionRoleName string: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecution: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name string: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferences: Preferences for how AWS CloudFormation performs a stack set update.
Parameters Dictionary<string, string>: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
Tags Dictionary<string, string>: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TemplateBody string: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

AdministrationRoleArn string: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
AutoDeployment StackSetAutoDeploymentArgs: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities []string: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string: Description of the StackSet.
ExecutionRoleName string: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecutionArgs: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name string: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferencesArgs: Preferences for how AWS CloudFormation performs a stack set update.
Parameters map[string]string: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
Tags map[string]string: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TemplateBody string: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administrationRoleArn String: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
autoDeployment StackSetAutoDeployment: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String: Description of the StackSet.
executionRoleName String: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name String: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences: Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String,String>: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags Map<String,String>: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
templateBody String: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administrationRoleArn string: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
autoDeployment StackSetAutoDeployment: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs string: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities string[]: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description string: Description of the StackSet.
executionRoleName string: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name string: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences: Preferences for how AWS CloudFormation performs a stack set update.
parameters {[key: string]: string}: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel string: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags {[key: string]: string}: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
templateBody string: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl string: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administration_role_arn str: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
auto_deployment StackSetAutoDeploymentArgs: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
call_as str: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities Sequence[str]: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description str: Description of the StackSet.
execution_role_name str: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managed_execution StackSetManagedExecutionArgs: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name str: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operation_preferences StackSetOperationPreferencesArgs: Preferences for how AWS CloudFormation performs a stack set update.
parameters Mapping[str, str]: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permission_model str: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags Mapping[str, str]: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
template_body str: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
template_url str: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administrationRoleArn String: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
autoDeployment Property Map: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String: Description of the StackSet.
executionRoleName String: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution Property Map: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name String: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences Property Map: Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String>: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
tags Map<String>: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
templateBody String: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

Outputs

All input properties are implicitly available as output properties. Additionally, the StackSet resource produces the following output properties:

Arn string: Amazon Resource Name (ARN) of the StackSet.
Id string: The provider-assigned unique ID for this managed resource.
StackSetId string: Unique identifier of the StackSet.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: Amazon Resource Name (ARN) of the StackSet.
Id string: The provider-assigned unique ID for this managed resource.
StackSetId string: Unique identifier of the StackSet.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: Amazon Resource Name (ARN) of the StackSet.
id String: The provider-assigned unique ID for this managed resource.
stackSetId String: Unique identifier of the StackSet.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: Amazon Resource Name (ARN) of the StackSet.
id string: The provider-assigned unique ID for this managed resource.
stackSetId string: Unique identifier of the StackSet.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: Amazon Resource Name (ARN) of the StackSet.
id str: The provider-assigned unique ID for this managed resource.
stack_set_id str: Unique identifier of the StackSet.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: Amazon Resource Name (ARN) of the StackSet.
id String: The provider-assigned unique ID for this managed resource.
stackSetId String: Unique identifier of the StackSet.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing StackSet Resource

Get an existing StackSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: StackSetState, opts?: CustomResourceOptions): StackSet

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        administration_role_arn: Optional[str] = None,
        arn: Optional[str] = None,
        auto_deployment: Optional[StackSetAutoDeploymentArgs] = None,
        call_as: Optional[str] = None,
        capabilities: Optional[Sequence[str]] = None,
        description: Optional[str] = None,
        execution_role_name: Optional[str] = None,
        managed_execution: Optional[StackSetManagedExecutionArgs] = None,
        name: Optional[str] = None,
        operation_preferences: Optional[StackSetOperationPreferencesArgs] = None,
        parameters: Optional[Mapping[str, str]] = None,
        permission_model: Optional[str] = None,
        stack_set_id: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        template_body: Optional[str] = None,
        template_url: Optional[str] = None) -> StackSet

func GetStackSet(ctx *Context, name string, id IDInput, state *StackSetState, opts ...ResourceOption) (*StackSet, error)

public static StackSet Get(string name, Input<string> id, StackSetState? state, CustomResourceOptions? opts = null)

public static StackSet get(String name, Output<String> id, StackSetState state, CustomResourceOptions options)

resources:  _:    type: aws:cloudformation:StackSet    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdministrationRoleArn string: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
Arn string: Amazon Resource Name (ARN) of the StackSet.
AutoDeployment StackSetAutoDeployment: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities List<string>: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string: Description of the StackSet.
ExecutionRoleName string: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecution: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name string: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferences: Preferences for how AWS CloudFormation performs a stack set update.
Parameters Dictionary<string, string>: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
StackSetId string: Unique identifier of the StackSet.
Tags Dictionary<string, string>: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TemplateBody string: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

AdministrationRoleArn string: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
Arn string: Amazon Resource Name (ARN) of the StackSet.
AutoDeployment StackSetAutoDeploymentArgs: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
CallAs string: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
Capabilities []string: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
Description string: Description of the StackSet.
ExecutionRoleName string: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
ManagedExecution StackSetManagedExecutionArgs: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
Name string: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
OperationPreferences StackSetOperationPreferencesArgs: Preferences for how AWS CloudFormation performs a stack set update.
Parameters map[string]string: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
PermissionModel string: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
StackSetId string: Unique identifier of the StackSet.
Tags map[string]string: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TemplateBody string: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
TemplateUrl string: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administrationRoleArn String: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn String: Amazon Resource Name (ARN) of the StackSet.
autoDeployment StackSetAutoDeployment: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String: Description of the StackSet.
executionRoleName String: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name String: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences: Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String,String>: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stackSetId String: Unique identifier of the StackSet.
tags Map<String,String>: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
templateBody String: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administrationRoleArn string: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn string: Amazon Resource Name (ARN) of the StackSet.
autoDeployment StackSetAutoDeployment: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs string: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities string[]: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description string: Description of the StackSet.
executionRoleName string: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution StackSetManagedExecution: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name string: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences StackSetOperationPreferences: Preferences for how AWS CloudFormation performs a stack set update.
parameters {[key: string]: string}: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel string: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stackSetId string: Unique identifier of the StackSet.
tags {[key: string]: string}: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
templateBody string: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl string: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administration_role_arn str: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn str: Amazon Resource Name (ARN) of the StackSet.
auto_deployment StackSetAutoDeploymentArgs: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
call_as str: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities Sequence[str]: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description str: Description of the StackSet.
execution_role_name str: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managed_execution StackSetManagedExecutionArgs: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name str: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operation_preferences StackSetOperationPreferencesArgs: Preferences for how AWS CloudFormation performs a stack set update.
parameters Mapping[str, str]: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permission_model str: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stack_set_id str: Unique identifier of the StackSet.
tags Mapping[str, str]: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
template_body str: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
template_url str: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

administrationRoleArn String: Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.
arn String: Amazon Resource Name (ARN) of the StackSet.
autoDeployment Property Map: Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.
callAs String: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. Valid values: SELF (default), DELEGATED_ADMIN.
capabilities List<String>: A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.
description String: Description of the StackSet.
executionRoleName String: Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.
managedExecution Property Map: Configuration block to allow StackSets to perform non-conflicting operations concurrently and queues conflicting operations.
name String: Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.
operationPreferences Property Map: Preferences for how AWS CloudFormation performs a stack set update.
parameters Map<String>: Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.
permissionModel String: Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.
stackSetId String: Unique identifier of the StackSet.
tags Map<String>: Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
templateBody String: String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.
templateUrl String: String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.

Supporting Types

StackSetAutoDeployment, StackSetAutoDeploymentArgs

Enabled bool: Whether or not auto-deployment is enabled.
RetainStacksOnAccountRemoval bool: Whether or not to retain stacks when the account is removed.

Enabled bool: Whether or not auto-deployment is enabled.
RetainStacksOnAccountRemoval bool: Whether or not to retain stacks when the account is removed.

enabled Boolean: Whether or not auto-deployment is enabled.
retainStacksOnAccountRemoval Boolean: Whether or not to retain stacks when the account is removed.

enabled boolean: Whether or not auto-deployment is enabled.
retainStacksOnAccountRemoval boolean: Whether or not to retain stacks when the account is removed.

enabled bool: Whether or not auto-deployment is enabled.
retain_stacks_on_account_removal bool: Whether or not to retain stacks when the account is removed.

enabled Boolean: Whether or not auto-deployment is enabled.
retainStacksOnAccountRemoval Boolean: Whether or not to retain stacks when the account is removed.

StackSetManagedExecution, StackSetManagedExecutionArgs

Active bool: When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.

Active bool: When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.

active Boolean: When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.

active boolean: When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.

active bool: When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.

active Boolean: When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false.

StackSetOperationPreferences, StackSetOperationPreferencesArgs

FailureToleranceCount int: The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
FailureTolerancePercentage int: The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
MaxConcurrentCount int: The maximum number of accounts in which to perform this operation at one time.
MaxConcurrentPercentage int: The maximum percentage of accounts in which to perform this operation at one time.
RegionConcurrencyType string: The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
RegionOrders List<string>: The order of the Regions in where you want to perform the stack operation.

FailureToleranceCount int: The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
FailureTolerancePercentage int: The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
MaxConcurrentCount int: The maximum number of accounts in which to perform this operation at one time.
MaxConcurrentPercentage int: The maximum percentage of accounts in which to perform this operation at one time.
RegionConcurrencyType string: The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
RegionOrders []string: The order of the Regions in where you want to perform the stack operation.

failureToleranceCount Integer: The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failureTolerancePercentage Integer: The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
maxConcurrentCount Integer: The maximum number of accounts in which to perform this operation at one time.
maxConcurrentPercentage Integer: The maximum percentage of accounts in which to perform this operation at one time.
regionConcurrencyType String: The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
regionOrders List<String>: The order of the Regions in where you want to perform the stack operation.

failureToleranceCount number: The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failureTolerancePercentage number: The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
maxConcurrentCount number: The maximum number of accounts in which to perform this operation at one time.
maxConcurrentPercentage number: The maximum percentage of accounts in which to perform this operation at one time.
regionConcurrencyType string: The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
regionOrders string[]: The order of the Regions in where you want to perform the stack operation.

failure_tolerance_count int: The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failure_tolerance_percentage int: The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
max_concurrent_count int: The maximum number of accounts in which to perform this operation at one time.
max_concurrent_percentage int: The maximum percentage of accounts in which to perform this operation at one time.
region_concurrency_type str: The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
region_orders Sequence[str]: The order of the Regions in where you want to perform the stack operation.

failureToleranceCount Number: The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region.
failureTolerancePercentage Number: The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
maxConcurrentCount Number: The maximum number of accounts in which to perform this operation at one time.
maxConcurrentPercentage Number: The maximum percentage of accounts in which to perform this operation at one time.
regionConcurrencyType String: The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time.
regionOrders List<String>: The order of the Regions in where you want to perform the stack operation.

Import

Import CloudFormation StackSets when acting a delegated administrator in a member account using the name and call_as values separated by a comma (,). For example:

Using pulumi import, import CloudFormation StackSets using the name. For example:

$ pulumi import aws:cloudformation/stackSet:StackSet example example

Using pulumi import, import CloudFormation StackSets when acting a delegated administrator in a member account using the name and call_as values separated by a comma (,). For example:

$ pulumi import aws:cloudformation/stackSet:StackSet example example,DELEGATED_ADMIN

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

pulumi/pulumi-aws

aws.cloudformation.StackSet

On this page

On this page

Example Usage

Create StackSet Resource

Constructor syntax

Parameters

Constructor example

StackSet Resource Properties

Inputs

Outputs

Look up Existing StackSet Resource

Supporting Types

StackSetAutoDeployment, StackSetAutoDeploymentArgs

StackSetManagedExecution, StackSetManagedExecutionArgs

StackSetOperationPreferences, StackSetOperationPreferencesArgs

Import

Package Details

On this page

On this page