AWS::CloudFormation::StackSet DeploymentTargets - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::CloudFormation::StackSet DeploymentTargets

The Amazon Organizations accounts or Amazon Web Services accounts to deploy stacks to in the specified Regions.

When deploying to Amazon Organizations accounts with SERVICE_MANAGED permissions:

  • You must specify the OrganizationalUnitIds property.

  • If you specify organizational units (OUs) for OrganizationalUnitIds and use either the Accounts or AccountsUrl property, you must also specify the AccountFilterType property.

When deploying to Amazon Web Services accounts with SELF_MANAGED permissions:

  • You must specify either the Accounts or AccountsUrl property, but not both.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "AccountFilterType" : String,
  "Accounts" : [ String, ... ],
  "AccountsUrl" : String,
  "OrganizationalUnitIds" : [ String, ... ]
}

YAML

  AccountFilterType: String
  Accounts: 
    - String
  AccountsUrl: String
  OrganizationalUnitIds: 
    - String

Properties

AccountFilterType

Refines which accounts to deploy stacks to by specifying how to use the Accounts and OrganizationalUnitIds properties together.

The following values determine how CloudFormation selects target accounts:

  • INTERSECTION: StackSet deploys to the accounts specified in the Accounts property.

  • DIFFERENCE: StackSet deploys to the OU, excluding the accounts specified in the Accounts property.

  • UNION: StackSet deploys to the OU, and the accounts specified in the Accounts property. UNION is not supported for create operations when using StackSet as a resource or the CreateStackInstances API.

Required: No

Type: String

Allowed values: NONE | UNION | INTERSECTION | DIFFERENCE

Update requires: No interruption

Accounts

The account IDs of the Amazon Web Services accounts. If you have many account numbers, you can provide those accounts using the AccountsUrl property instead.

Pattern: ^[0-9]{12}$

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption

AccountsUrl

The Amazon S3 URL path to a file that contains a list of Amazon Web Services account IDs. The file format must be either .csv or .txt, and the data can be comma-separated or new-line-separated. There is currently a 10MB limit for the data (approximately 800,000 accounts).

This property serves the same purpose as Accounts but allows you to specify a large number of accounts.

Required: No

Type: String

Pattern: (s3://|http(s?)://).+

Minimum: 1

Maximum: 5120

Update requires: No interruption

OrganizationalUnitIds

The organization root ID or organizational unit (OU) IDs.

Pattern: ^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}|r-[a-z0-9]{4,32})$

Required: No

Type: Array of String

Minimum: 1

Update requires: No interruption