How can I include current acount id in CF stack that uses stackset?

Question

I am using StackSets to deploy my resources.

I am deploying in multiple accounts & I need to reference parameter store in the CF stack template for resources and parameters.  need to reference it to pass the external id values and account id that the resources are CURRENTLY being deployed in.

I am not sure how to achieve this, does anyone now how?

For example, here is my stackset implementation template.

` "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "PrismaReadOnly": {
            "Type": "AWS::CloudFormation::StackSet",
            "DeletionPolicy": "Retain",
            "Properties": {
                "StackSetName": "rl-read",
                "Description": "IAM Read only roles for Prisma Cloud",
                "PermissionModel": "SERVICE_MANAGED",
                "Capabilities": ["CAPABILITY_IAM"],
                "ManagedExecution": {
                    "Active": true
                },
                "TemplateURL": "https://s3.amazonaws.com/path",
                "StackInstancesGroup": [
                    {
                        "DeploymentTargets": {
                            "Accounts": ["111111111111"]
                        },
                        "Regions": ["us-west-2"]`

Now I want to pass the account listed in DeplomentTargets to my CF stackset here

`    "ExternalID": {
      "Type": "String",
      "Description": "Provide an ExternalID (Example: Xoih821ddwf)", //"**{{resolve:ssm::2}}**"
      "MinLength": "1",
      "AllowedPattern": "[a-zA-Z0-9\=\,\.\@\:\/\-_]*",
      "ConstraintDescription": "ExternalID must contain alphanumeric characters and only these special characters are allowed =,.@:/-. "`

Is there a way to achieve this or something similar?

Answer

Hi there,

Hope you are doing well!

If the key concern is to make sure the Stack Instance[1] of your stackset, basically the individual stack managed by the stackset, can create resources with value based on which account the stack isntance was CURRENTLY deployed into, there is a straight forward feature Pseudo parameters reference AWS::AccountId you can leverage.

For instance, in the template, you can simply assign current account ID value with !Ref intrinsic function[3]:

JSON:
"ExternalID" : { "Ref" : "AWS::AccountId" }

YAML:
    ExternalID:
      Ref: AWS::AccountId

In this approach, no SSM parameters and Dynamic References need to be involved.

Regards.

References:
[1] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stacksets-concepts-stackinstances
[2] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html#cfn-pseudo-param-accountid

How can I include current acount id in CF stack that uses stackset?

Conteúdo relevante