1 Answer
- Newest
- Most votes
- Most comments
2
Hello.
I thought that if I set "AccountFilterType" to "INTERSECTION", I could deploy only to the specified account.
Also, try specifying the OU of the deployment destination AWS account in "OrganizationalUnitIds".
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-stackset-deploymenttargets.html
#-------- [TAcctStackSet] --------##
# GetAtt[StackSetId] || Ref[StackSetId]
TAcctStackSet:
Type: AWS::CloudFormation::StackSet
DeletionPolicy: Delete
DependsOn: [TAcct]
Properties:
StackSetName: TAcctStackSet
Description: "...."
TemplateURL: ./stacksets/TAcctStackSet.yaml
Parameters:
- {ParameterKey: ManagementAccountID, ParameterValue: !Ref ManagementAccountID}
Capabilities: [CAPABILITY_NAMED_IAM] #[Array of String]
PermissionModel: SERVICE_MANAGED #Allowed Values[SERVICE_MANAGED | SELF_MANAGED]
AutoDeployment: # Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target OU
Enabled: true
RetainStacksOnAccountRemoval: false #[Only Set When AutoDeployment is Enabled]
StackInstancesGroup: #[Array of StackInstances]
- Regions: #[Array of String]
- us-east-1
DeploymentTargets: # Note: [SERVICE_MANAGED permission model can only have OrganizationalUnit as target]
AccountFilterType: INTERSECTION
# AccountsUrl: [String]
OrganizationalUnitIds: [!Ref OrganizationRootID] #[Array of String] #Req in SERVICE_MANAGED
Accounts: [!Ref WorkloadsToolingAcct] #[Array of String]
# - !GetAtt TestingOUAccount20240413.AccountId #!RefTestingOUAccount20240411
ParameterOverrides: #[Array of Parameter]
- {ParameterKey: ManagementAccountID, ParameterValue: !Ref ManagementAccountID}
Relevant content
- asked a month ago
- asked 2 years ago
- asked 3 days ago
- Accepted Answerasked a month ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 9 months ago