StackSets can automatically deploy additional stack instances to new AWS Organizations accounts when they're added to your target organization or organizational units (OUs). You can enable automatic deployments and choose whether to delete or retain stacks and their associated resources when accounts are removed from target OUs. These settings can be modified anytime.
Topics
How automatic deployments
work
When automatic deployments are enabled, they're triggered when accounts are added to a target organization or OU, removed from a target organization or OU, or moved between target OUs.
For example, consider StackSet1 that targets OU1 in the
us-east-1 Region and StackSet2 that targets
OU2 in the us-east-1 Region. OU1 contains
AccountA.
If we move AccountA from OU1 to OU2 with
automatic deployments enabled, StackSets automatically runs a delete operation
to remove the StackSet1 instance from AccountA and queues
a create operation that adds the StackSet2 instance to
AccountA.
Note
Be aware of the following when setting up automatic deployments:
-
The automatic deployments feature is enabled at the stack set level. You can't adjust automatic deployments selectively for OUs, accounts, or Regions.
-
Overridden parameter values only apply to the accounts that are currently in the target OUs and their child OUs. Accounts added to the target OUs and their child OUs in the future will use the stack set default values and not the overridden values.
-
When account level targets are used with an automatic deployment, StackSets will continue to use the account level filter defined in the last deployment, and continue to deploy to new accounts added to the deployed Organizations.
If you want to prevent this, choose Deactivated for Automatic deployment in the console, or set
--auto-deployment Enabled=tofalsein the CLI.For more information on account level targets, see Account level targets for service-managed StackSets.
Manage automatic
deployments (console)
-
Sign in to the AWS Management Console and open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation
. -
On the navigation bar at the top of the screen, choose the AWS Region you created the stack set in.
-
From the navigation pane, choose StackSets.
-
On the StackSets page, select the option next to the name of the stack set to update.
-
Choose Edit automatic deployment from the Actions menu in the upper right corner.
-
From the dialog box that opens, do the following:
-
For Automatic deployment, choose Activated or Deactivated.
-
For Account removal behavior, choose Delete stacks or Retain stacks. Retained resources stay in their current state, but will no longer be part of the stack set.
-
-
Choose Save.
Manage automatic
deployments (AWS CLI)
-
Use the update-stack-set command with the
--auto-deploymentoption.The following command enables automatic deployments.
aws cloudformation update-stack-set --stack-set-namemy-stackset\ --use-previous-template --auto-deployment Enabled=true,RetainStacksOnAccountRemoval=trueAlternatively, to disable automatic deployments, specify
Enabled=falseas the value for the--auto-deploymentoption, as in the following example.aws cloudformation update-stack-set --stack-set-namemy-stackset\ --use-previous-template --auto-deployment Enabled=false -
Using the operation ID that was returned as part of the update-stack-set output in step 2, run describe-stack-set-operation to verify that your stack set was updated successfully.
aws cloudformation describe-stack-set-operation --operation-idoperation_ID
