aws-cdk-lib.aws_codepipeline_actions.SelfManagedDeploymentProps

interface SelfManagedDeploymentProps

LanguageType name
.NETAmazon.CDK.AWS.CodePipeline.Actions.SelfManagedDeploymentProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscodepipelineactions#SelfManagedDeploymentProps
Javasoftware.amazon.awscdk.services.codepipeline.actions.SelfManagedDeploymentProps
Pythonaws_cdk.aws_codepipeline_actions.SelfManagedDeploymentProps
TypeScript (source)aws-cdk-lib » aws_codepipeline_actions » SelfManagedDeploymentProps

Properties for configuring self-managed permissions.

Example

const existingAdminRole = iam.Role.fromRoleName(this, 'AdminRole', 'AWSCloudFormationStackSetAdministrationRole');

const deploymentModel = codepipeline_actions.StackSetDeploymentModel.selfManaged({
  // Use an existing Role. Leave this out to create a new Role.
  administrationRole: existingAdminRole,
});

Properties

NameTypeDescription
administrationRole?IRoleThe IAM role in the administrator account used to assume execution roles in the target accounts.
executionRoleName?stringThe name of the IAM role in the target accounts used to perform stack set operations.

administrationRole?

Type: IRole (optional, default: Assume an existing role named AWSCloudFormationStackSetAdministrationRole in the same account as the pipeline.)

The IAM role in the administrator account used to assume execution roles in the target accounts.

You must create this role before using the StackSet action.

The role needs to be assumable by CloudFormation, and it needs to be able to sts:AssumeRole each of the execution roles (whose names are specified in the executionRoleName parameter) in each of the target accounts.

If you do not specify the role, we assume you have created a role named AWSCloudFormationStackSetAdministrationRole.

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html


executionRoleName?

Type: string (optional, default: AWSCloudFormationStackSetExecutionRole)

The name of the IAM role in the target accounts used to perform stack set operations.

You must create these roles in each of the target accounts before using the StackSet action.

The roles need to be assumable by by the administrationRole, and need to have the permissions necessary to successfully create and modify the resources that the subsequent CloudFormation deployments need. Administrator permissions would be commonly granted to these, but if you can scope the permissions down frome there you would be safer.

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html