When you create a StackSet, you must choose either a service‑managed or self-managed permission model.
Overview
Service-managed. The service-managed model is regarded as the best model for easier and more automated deployment across an organization's accounts and regions. CloudFormation uses the org’s management account to automatically create execution roles in child accounts.
Create AWS CloudFormation StackSets with service-managed permissions
Self-managed. Works with standalone accounts that aren't part of AWS Organizations. As StackSet administrator, you enter the target AWS account IDs and your customer’s account numbers, in the StackSets wizard. The template then creates the execution/child role in those accounts.
Important
Ensure the execution role AWSCloudFormationStackSetExecutionRole exists in each target account — either created automatically by the StackSet template (if provided) or pre-created by the customer.
Create AWS CloudFormation StackSets with self-managed permissions
Procedure
Have the information that you retrieved in Step 1 at hand, the Oomnitza external ID, principal ARN, and role name.
Create AWS CloudFormation StackSets with self-managed permissions or copy
Create AWS CloudFormation StackSets with service-managed permissions
Reference information
Specify a template. Use the Oomnitza StackSet template or copy the template into an S3 URL or upload as a template file.
Parameters. Paste the values that you retrieved in Step 1.
Permissions. For service‑managed, choose Service‑managed permissions. For self‑managed, choose an admin role or let the wizard create AWSCloudFormationStackSetAdministrationRole.
Comments
0 comments
Please sign in to leave a comment.