AWS::CloudFormation::StackSet DeploymentTargets - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::CloudFormation::StackSet DeploymentTargets

The AWS Organizations accounts or AWS accounts to deploy stacks to in the specified Regions.

When deploying to AWS Organizations accounts with SERVICE_MANAGED permissions:

  • You must specify the OrganizationalUnitIds property.

  • If you specify organizational units (OUs) for OrganizationalUnitIds and use either the Accounts or AccountsUrl property, you must also specify the AccountFilterType property.

When deploying to AWS accounts with SELF_MANAGED permissions:

  • You must specify either the Accounts or AccountsUrl property, but not both.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "AccountFilterType" : String,
  "Accounts" : [ String, ... ],
  "AccountsUrl" : String,
  "OrganizationalUnitIds" : [ String, ... ]
}

YAML

  AccountFilterType: String
  Accounts: 
    - String
  AccountsUrl: String
  OrganizationalUnitIds: 
    - String

Properties

AccountFilterType

Refines which accounts to deploy stacks to by specifying how to use the Accounts and OrganizationalUnitIds properties together.

The following values determine how CloudFormation selects target accounts:

  • INTERSECTION: StackSet deploys to the accounts specified in the Accounts property.

  • DIFFERENCE: StackSet deploys to the OU, excluding the accounts specified in the Accounts property.

  • UNION: StackSet deploys to the OU, and the accounts specified in the Accounts property. UNION is not supported for create operations when using StackSet as a resource or the CreateStackInstances API.

Required: No

Type: String

Allowed values: NONE | UNION | INTERSECTION | DIFFERENCE

Update requires: No interruption

Accounts

The account IDs of the AWS accounts. If you have many account numbers, you can provide those accounts using the AccountsUrl property instead.

Pattern: ^[0-9]{12}$

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

AccountsUrl

The Amazon S3 URL path to a file that contains a list of AWS account IDs. The file format must be either .csv or .txt, and the data can be comma-separated or new-line-separated. There is currently a 10MB limit for the data (approximately 800,000 accounts).

This property serves the same purpose as Accounts but allows you to specify a large number of accounts.

Required: No

Type: String

Pattern: (s3://|http(s?)://).+

Minimum: 1

Maximum: 5120

Update requires: No interruption

OrganizationalUnitIds

The organization root ID or organizational unit (OU) IDs.

Pattern: ^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}|r-[a-z0-9]{4,32})$

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption