My Saved Presets
You must be logged in to view saved presets

Loading Library ...

AWS CloudFormation StackSet Administration Role and StackSet Example

This template sets up an IAM role for AWS CloudFormation StackSet administration and defines a CloudFormation StackSet for deploying a VPC across multiple accounts or regions.

example

aws_cloudformation_stack_set


auto_deployment


capabilities

operation_preferences


region_order



managed_execution



depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



AWSCloudFormationStackSetAdministrationRole

aws_iam_role



inline_policy



managed_policy_arns





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy

aws_iam_role_policy





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



AWSCloudFormationStackSetAdministrationRole_assume_role_policy

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_iam_policy_document" "AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy" {

  statement {
    actions = ["sts:AssumeRole"]
    effect = "Allow"
    resources = ["arn:aws:iam::*:role/${aws_cloudformation_stack_set.example.execution_role_name}"]
  }
}

data "aws_iam_policy_document" "AWSCloudFormationStackSetAdministrationRole_assume_role_policy" {

  statement {
    actions = ["sts:AssumeRole"]
    effect = "Allow"

    principals {
      identifiers = ["cloudformation.amazonaws.com"]
      type = "Service"
    }
  }
}

resource "aws_cloudformation_stack_set" "example" {
  administration_role_arn = aws_iam_role.AWSCloudFormationStackSetAdministrationRole.arn
  name = "example"

  parameters = {
    VPCCidr = "10.0.0.0/16"
  }
  template_body = jsonencode({
 Parameters = {
 VPCCidr = {
 Type = "String"
 Default = "10.0.0.0/16"
 Description = "Enter the CIDR block for the VPC. Default is 10.0.0.0/16."
 }
 }
 Resources = {
 myVpc = {
 Type = "AWS::EC2::VPC"
 Properties = {
 CidrBlock = {
 Ref = "VPCCidr"
 }
 Tags = [
 {
 Key = "Name"
 Value = "Primary_CF_VPC"
 }
 ]
 }
 }
 }
 })
}

resource "aws_iam_role" "AWSCloudFormationStackSetAdministrationRole" {
  assume_role_policy = data.aws_iam_policy_document.AWSCloudFormationStackSetAdministrationRole_assume_role_policy.json
  name = "AWSCloudFormationStackSetAdministrationRole"
}

resource "aws_iam_role_policy" "AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy" {
  name = "ExecutionPolicy"
  policy = data.aws_iam_policy_document.AWSCloudFormationStackSetAdministrationRole_ExecutionPolicy.json
  role = aws_iam_role.AWSCloudFormationStackSetAdministrationRole.name
}

© 2024 asecurecloud. All rights reserved.