The command example for the service-managed stacks is incomplete. The deployment-targets
argument needs to include additional values otherwise it will throw an error:
An error occurred (ValidationError) when calling the DeleteStackInstances operation: StackSets with SERVICE_MANAGED permission model can only have OrganizationalUnit as target
The solution for me to target an individual account or list of accounts was as follows. It was helpful to look closely at the cli docs especially around what AccountFilterType could be set to to understand how to single out a single account here https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudformation/delete-stack-instances.html:
$ aws cloudformation delete-stack-instances --stack-set-name YourStackSetName --deployment-targets Accounts=YourStackInstanceAccount,OrganizationalUnitIds=YourStackInstanceAccountOU,AccountFilterType=INTERSECTION --regions YourStackInstanceRegion --retain-stacks
Side note: it would be really great to have a --dry-run
option for this operation since there isn't a great way to "test" the deployment-targets
parameter to make sure it's actually hitting the right things.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
I have no idea about the OU of the account that has been suspended, I only have the account id. In this case what information should I input in OU?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago