En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How can I include current acount id in CF stack that uses stackset?

0

I am using StackSets to deploy my resources.

I am deploying in multiple accounts & I need to reference parameter store in the CF stack template for resources and parameters. need to reference it to pass the external id values and account id that the resources are CURRENTLY being deployed in.

I am not sure how to achieve this, does anyone now how?

For example, here is my stackset implementation template.

"AWSTemplateFormatVersion": "2010-09-09", "Resources": { "PrismaReadOnly": { "Type": "AWS::CloudFormation::StackSet", "DeletionPolicy": "Retain", "Properties": { "StackSetName": "rl-read", "Description": "IAM Read only roles for Prisma Cloud", "PermissionModel": "SERVICE_MANAGED", "Capabilities": ["CAPABILITY_IAM"], "ManagedExecution": { "Active": true }, "TemplateURL": "https://s3.amazonaws.com/path", "StackInstancesGroup": [ { "DeploymentTargets": { "Accounts": ["111111111111"] }, "Regions": ["us-west-2"]

Now I want to pass the account listed in DeplomentTargets to my CF stackset here

"ExternalID": { "Type": "String", "Description": "Provide an ExternalID (Example: Xoih821ddwf)", //"**{{resolve:ssm:<account-id>:2}}**" "MinLength": "1", "AllowedPattern": "[a-zA-Z0-9\\=\\,\\.\\@\\:\\/\\-_]*", "ConstraintDescription": "ExternalID must contain alphanumeric characters and only these special characters are allowed =,.@:/-. "

Is there a way to achieve this or something similar?

Sujets
Sécurité, identité et conformitéGestion et gouvernanceDevOps
Balises
Sécurité, identité et conformitéAWS CloudFormationDevOpsStackSetsParameter Store
Langue
English
rePost-User-1974302
demandé il y a un mois191 vues
1 réponse
1

Hi there,

Hope you are doing well!

If the key concern is to make sure the Stack Instance[1] of your stackset, basically the individual stack managed by the stackset, can create resources with value based on which account the stack isntance was CURRENTLY deployed into, there is a straight forward feature Pseudo parameters reference AWS::AccountId you can leverage.

For instance, in the template, you can simply assign current account ID value with !Ref intrinsic function[3]:

JSON: "ExternalID" : { "Ref" : "AWS::AccountId" }

YAML: ExternalID: Ref: AWS::AccountId

In this approach, no SSM parameters and Dynamic References need to be involved.

Regards.

References: [1] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stacksets-concepts-stackinstances [2] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html#cfn-pseudo-param-accountid

AWS
Clive_Ying
répondu il y a un mois
profile picture
EXPERT
Giovanni Lauria
vérifié il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents