aws-cdk-lib.aws_codepipeline_actions.StackSetDeploymentModel

class StackSetDeploymentModel

LanguageType name
.NETAmazon.CDK.AWS.CodePipeline.Actions.StackSetDeploymentModel
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscodepipelineactions#StackSetDeploymentModel
Javasoftware.amazon.awscdk.services.codepipeline.actions.StackSetDeploymentModel
Pythonaws_cdk.aws_codepipeline_actions.StackSetDeploymentModel
TypeScript (source)aws-cdk-lib » aws_codepipeline_actions » StackSetDeploymentModel

Determines how IAM roles are created and managed.

Example

declare const pipeline: codepipeline.Pipeline;
declare const sourceOutput: codepipeline.Artifact;

pipeline.addStage({
  stageName: 'DeployStackSets',
  actions: [
    // First, update the StackSet itself with the newest template
    new codepipeline_actions.CloudFormationDeployStackSetAction({
      actionName: 'UpdateStackSet',
      runOrder: 1,
      stackSetName: 'MyStackSet',
      template: codepipeline_actions.StackSetTemplate.fromArtifactPath(sourceOutput.atPath('template.yaml')),

      // Change this to 'StackSetDeploymentModel.organizations()' if you want to deploy to OUs
      deploymentModel: codepipeline_actions.StackSetDeploymentModel.selfManaged(),
      // This deploys to a set of accounts
      stackInstances: codepipeline_actions.StackInstances.inAccounts(['111111111111'], ['us-east-1', 'eu-west-1']),
    }),

    // Afterwards, update/create additional instances in other accounts
    new codepipeline_actions.CloudFormationDeployStackInstancesAction({
      actionName: 'AddMoreInstances',
      runOrder: 2,
      stackSetName: 'MyStackSet',
      stackInstances: codepipeline_actions.StackInstances.inAccounts(
        ['222222222222', '333333333333'],
        ['us-east-1', 'eu-west-1']
      ),
    }),
  ],
});

Initializer

new StackSetDeploymentModel()

Methods

NameDescription
static organizations(props?)Deploy to AWS Organizations accounts.
static selfManaged(props?)Deploy to AWS Accounts not managed by AWS Organizations.

static organizations(props?)

public static organizations(props?: OrganizationsDeploymentProps): StackSetDeploymentModel

Parameters

  • props OrganizationsDeploymentProps

Returns

  • StackSetDeploymentModel

Deploy to AWS Organizations accounts.

AWS CloudFormation StackSets automatically creates the IAM roles required to deploy to accounts managed by AWS Organizations. This requires an account to be a member of an Organization.

Using this deployment model, you can specify either AWS Account Ids or Organization Unit Ids in the stackInstances parameter.


static selfManaged(props?)

public static selfManaged(props?: SelfManagedDeploymentProps): StackSetDeploymentModel

Parameters

  • props SelfManagedDeploymentProps

Returns

  • StackSetDeploymentModel

Deploy to AWS Accounts not managed by AWS Organizations.

You are responsible for creating Execution Roles in every account you will be deploying to in advance to create the actual stack instances. Unless you specify overrides, StackSets expects the execution roles you create to have the default name AWSCloudFormationStackSetExecutionRole. See the Grant self-managed permissions section of the CloudFormation documentation.

The CDK will automatically create the central Administration Role in the Pipeline account which will be used to assume the Execution Role in each of the target accounts.

If you wish to use a pre-created Administration Role, use Role.fromRoleName() or Role.fromRoleArn() to import it, and pass it to this function:

const existingAdminRole = iam.Role.fromRoleName(this, 'AdminRole', 'AWSCloudFormationStackSetAdministrationRole');

const deploymentModel = codepipeline_actions.StackSetDeploymentModel.selfManaged({
  // Use an existing Role. Leave this out to create a new Role.
  administrationRole: existingAdminRole,
});

Using this deployment model, you can only specify AWS Account Ids in the stackInstances parameter.

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html