By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWSCloudFormationStackSetAdministrationRole' role with trust relationship to CloudFormation service

0

Hello i get this error when deploying my SELF Managed stack set using cloudformation I need help to deploy my stackset pls

i have my custom cloudformation StackSetAdministrationRole witch is [AWSOrgMngtAcctCloudFormationStackSetAdministrationRole]

ERROR

Resource handler returned message: "Resource of type 'Stack set operation [6c9e91a5-2ef0-4262-ac4c-685ff0c76691] was unexpectedly stopped or failed. status reason(s): [Account 2322444544 should have 'AWSCloudFormationStackSetAdministrationRole' role with trust relationship to CloudFormation service.]' with identifier

WLOUAcctStackSet:
    Type: AWS::CloudFormation::StackSet
    DeletionPolicy: Delete
    DependsOn: [WLOUsAcct]
    Properties:
      StackSetName: WLOUAcctStackSet
      Description: "...."
      TemplateURL: ./stacksets/StackSet.yaml
      Parameters:
      - {ParameterKey: ManagementAccountID, ParameterValue: !Ref ManagementAccountID}
      - {ParameterKey: ToolingAccountID, ParameterValue: !Ref WorkloadsToolingAcct}
      Capabilities: [CAPABILITY_NAMED_IAM] #[Array of String]
      PermissionModel: SELF_MANAGED #Allowed Values[SERVICE_MANAGED(OUs Only) | SELF_MANAGED]
      ExecutionRoleName: "AWSOrgMngtAcctCloudFormationStackSetExecutionRole" #Name of the IAM execution role to use
      StackInstancesGroup: #[Array of StackInstances]
      - Regions: #[Array of String] 
        - us-east-1
        DeploymentTargets: # Note: [SERVICE_MANAGED permission model can only have OrganizationalUnit as target]
          # AccountFilterType: INTERSECTION #Allowed Values[NONE | UNION | INTERSECTION | DIFFERENCE]
          # AccountsUrl: [String]
          # OrganizationalUnitIds:[!Ref OrganizationRootID] #[Array of String] #Req in SERVICE_MANAGED
          Accounts: [!Ref WorkloadsToolingAcct] #[Array of String]
          # - !GetAtt TestingOUAccount20240413.AccountId #!RefTestingOUAccount20240411
        ParameterOverrides: #[Array of Parameter]
        - {ParameterKey: ManagementAccountID, ParameterValue: !Ref ManagementAccountID}
        - {ParameterKey: ToolingAccountID, ParameterValue: !Ref WorkloadsToolingAcct,}
Topics
Management & GovernanceDevOps
Tags
AWS CloudFormationAWS OrganizationsDevOpsStackSets
Language
English
Nafiu
asked 14 days ago83 views
1 Answer
1
Accepted Answer

Hello.

Try creating an IAM role named "AWSCloudFormationStackSetAdministrationRole" as described in the documentation below.
You also need to create an IAM role named "AWSCloudFormationStackSetExecutionRole" in the target account.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html#stacksets-prereqs-accountsetup

Or specify the ARN of "AWSOrgMngtAcctCloudFormationStackSetAdministrationRole" in "AdministrationRoleARN".
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html

WLOUAcctStackSet:
    Type: AWS::CloudFormation::StackSet
    DeletionPolicy: Delete
    DependsOn: [WLOUsAcct]
    Properties:
      AdministrationRoleARN: AWSOrgMngtAcctCloudFormationStackSetAdministrationRole-ARN # Add
      StackSetName: WLOUAcctStackSet
      .....
profile picture
EXPERT
Riku_Kobayashi
answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content