Interface ISelfManagedDeploymentProps
Properties for configuring self-managed permissions.
Namespace: Amazon.CDK.AWS.CodePipeline.Actions
Assembly: Amazon.CDK.AWS.CodePipeline.Actions.dll
Syntax (csharp)
public interface ISelfManagedDeploymentProps
Syntax (vb)
Public Interface ISelfManagedDeploymentProps
Remarks
ExampleMetadata: infused
Examples
var existingAdminRole = Role.FromRoleName(this, "AdminRole", "AWSCloudFormationStackSetAdministrationRole");
var deploymentModel = StackSetDeploymentModel.SelfManaged(new SelfManagedDeploymentProps {
// Use an existing Role. Leave this out to create a new Role.
AdministrationRole = existingAdminRole
});
Synopsis
Properties
AdministrationRole | The IAM role in the administrator account used to assume execution roles in the target accounts. |
ExecutionRoleName | The name of the IAM role in the target accounts used to perform stack set operations. |
Properties
AdministrationRole
The IAM role in the administrator account used to assume execution roles in the target accounts.
virtual IRole AdministrationRole { get; }
Property Value
Remarks
You must create this role before using the StackSet action.
The role needs to be assumable by CloudFormation, and it needs to be able
to sts:AssumeRole
each of the execution roles (whose names are specified
in the executionRoleName
parameter) in each of the target accounts.
If you do not specify the role, we assume you have created a role named
AWSCloudFormationStackSetAdministrationRole
.
Default: - Assume an existing role named AWSCloudFormationStackSetAdministrationRole
in the same account as the pipeline.
See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html
ExecutionRoleName
The name of the IAM role in the target accounts used to perform stack set operations.
virtual string ExecutionRoleName { get; }
Property Value
System.String
Remarks
You must create these roles in each of the target accounts before using the StackSet action.
The roles need to be assumable by by the administrationRole
, and need to
have the permissions necessary to successfully create and modify the
resources that the subsequent CloudFormation deployments need.
Administrator permissions would be commonly granted to these, but if you can
scope the permissions down frome there you would be safer.
Default: AWSCloudFormationStackSetExecutionRole
See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html