Get started with StackSets using a sample template

To create a StackSet that enables Amazon Config

1. Open the CloudFormation console.

2. On the navigation bar at the top of the screen, choose the Amazon Web Services Region that you want to manage the StackSet from.

   You can choose any Region that supports StackSets. The Region you select doesn't affect which Regions you can deploy to with your StackSet.

3. From the navigation pane, choose StackSets.

4. From the top of the StackSets page, choose Create StackSet.

5. Under Permissions, choose Self-service permissions and choose the IAM roles you created in the prerequisites.

   • For IAM admin role, choose AWSCloudFormationStackSetAdministrationRole.

   • For IAM execution role name, choose AWSCloudFormationStackSetExecutionRole.

6. Under Prerequisite - Prepare template, choose Use a sample template.

7. Under Select a sample template, choose the Enable Amazon Config template. Then, choose Next.

   This template creates the necessary resources to enable Amazon Config in your account, including a configuration recorder and delivery channel.

8. On the Specify StackSet details page, for StackSet name, enter my-awsconfig-stackset.

9. For StackSet description, enter A StackSet that enables Config across multiple Regions.

10. Under Parameters, configure the Amazon Config settings as follows:

    1. For Support all resource types, keep the default value, true, to record all supported resource types.

    2. For Include global resource types, keep the default value, false, to exclude global resources like IAM roles.

    3. Leave List of resource types if not all supported set to <All>.

    4. For The region containing the Config service-linked role resource, replace <DeployToAnyRegion> with us-west-2.

       This means that the service-linked role named AWSServiceRoleForConfig will only be created if a stack is deployed to the US West (Oregon) Region. You'll choose the deployment Regions later in this procedure.

    5. For Configuration recorder recording frequency, choose DAILY recording.

11. Choose Next to continue.

12. On the Configure StackSet options page, choose Add new tag and add a tag by specifying a key and value pair:

    1. For Key, enter Stage.

    2. For Value, enter Test.

    Tags that you apply to StackSets are applied to resources that are created by your stacks.

13. For Execution configuration, choose Active to enable CloudFormation's optimized operation handling:

    • Non-conflicting operations run concurrently for faster deployment times.

    • Conflicting operations are automatically queued and processed in the order they were requested.

    While operations are running or queued, CloudFormation queues all incoming operations even if they're non-conflicting. You can't change execution settings during this time.

14. Choose Next.

15. On the Set deployment options page, for Add stacks to StackSet, choose Deploy new stacks.

16. For Accounts, choose Deploy stacks in accounts.

17. In the text box, enter your Amazon Web Services account ID.

18. For Specify regions, select the following Regions in this order:

    1. US West (Oregon) Region (us-west-2)

    2. US East (N. Virginia) Region (us-east-1)

    Use the up arrow next to US West (Oregon) Region to move it to be the first entry in the list if needed. The order of the Regions determines their deployment order.

19. For Deployment options, configure the following settings:

    1. For Maximum concurrent accounts, keep the defaults of Number and 1.

       For multi-account deployments, this setting means that CloudFormation deploys your stack in only one account at a time.

    2. For Failure tolerance, keep the defaults of Number and 0.

       This means that a maximum of zero stack deployments can fail in one of your specified Regions before CloudFormation stops deployment in the current Region and cancels deployments in remaining Regions.

    3. For Region concurrency, choose Sequential (default).

       This setting ensures that CloudFormation completes deployments in one Region before moving to the next.

    4. For Concurrency mode, keep the default of Strict failure tolerance.

       For multi-account deployments, this reduces the account concurrency level when failures occur, staying within Failure tolerance +1.

20. Choose Next.

21. On the Review page, review your choices. To make changes, choose Edit on the related section.

22. When you are ready to create your StackSet, choose Submit.

To monitor the StackSet creation

1. On the StackSet details page, the Operations tab is displayed by default, showing the current operation in progress.

2. The operation status should be RUNNING initially. CloudFormation creates stacks in the Regions you specified according to the deployment options you configured.

3. To see more details about the operation, select the operation ID in the list.

4. On the operation details page, you can view the status of stack instances being created in each Region.

5. Wait for the operation status to change to SUCCEEDED, which indicates that the StackSet and all its stack instances were created successfully.

To view the StackSet results

1. On the StackSet details page, choose the Stack instances tab.

2. You should see a list of stack instances that were created in your account across the specified Regions. Each stack instance should have a status of SUCCEEDED, indicating that it was successfully deployed.

3. To verify that Amazon Config is enabled in your account, you can check the Amazon Config console in each of the deployed Regions.

To update your StackSet

1. On the StackSets page, select your my-awsconfig-stackset.

2. With the StackSet selected, choose Edit StackSet details from the Actions menu.

3. On the Choose a template page, for Prerequisite - Prepare template, choose Use current template.

4. Choose Next.

5. On the Specify StackSet details page, under Parameters, find Configuration recorder recording frequency and change it from DAILY to CONTINUOUS.

6. Choose Next.

7. On the Configure StackSet options page, leave the settings as they are and choose Next.

8. On the Set deployment options page, specify your account ID and the same Regions that you used when creating the StackSet.

9. For Deployment options, keep the same settings as before.

10. Choose Next.

11. On the Review page, review your changes and choose Submit.

12. CloudFormation starts updating your StackSet. You can monitor the progress on the Operations tab of the StackSet details page.

To add stacks to your StackSet

1. On the StackSets page, select your my-awsconfig-stackset.

2. With the StackSet selected, choose Add stacks to StackSet from the Actions menu.

3. On the Set deployment options page, for Add stacks to StackSet, choose Deploy new stacks.

4. For Accounts, choose Deploy stacks in accounts and enter your account ID.

5. For Specify regions, select a new Region, such as Europe (Ireland) (eu-west-1).

6. For Deployment options, keep the same settings as before.

7. Choose Next.

8. On the Specify Overrides page, leave the property values as specified and choose Next.

9. On the Review page, review your choices and choose Submit.

10. CloudFormation starts creating new stacks in the specified Region. You can monitor the progress on the Operations tab of the StackSet details page.

To delete stacks from your StackSet

1. On the StackSets page, select your my-awsconfig-stackset.

2. With the StackSet selected, choose Delete stacks from StackSet from the Actions menu.

3. On the Set deployment options page, for Accounts, choose Deploy stacks in accounts and enter your account ID.

4. For Specify regions, select all the Regions where you deployed stacks.

5. For Deployment options, keep the default settings.

6. Make sure Retain stacks is not turned on, so that the stacks and their resources are deleted.

7. Choose Next.

8. On the Review page, review your choices and choose Submit.

9. CloudFormation starts deleting the stacks from your StackSet. You can monitor the progress on the Operations tab of the StackSet details page.

To delete your StackSet

1. After all stacks have been deleted, on the StackSets page, select your my-awsconfig-stackset.

2. With the StackSet selected, choose Delete StackSet from the Actions menu.

3. When prompted to confirm, choose Delete.

To delete the IAM service roles

Since you deployed only to your account, you only need to delete the IAM roles from this single account, making cleanup much simpler than multi-account deployments.

1. Open the IAM console.

2. From the navigation pane, choose Roles.

3. In the search box, enter AWSCloudFormationStackSet to find the roles you created for this tutorial.

4. Select the checkbox next to AWSCloudFormationStackSetAdministrationRole.

5. Choose Delete from the top of the page.

6. In the confirmation dialog box, enter delete and choose Delete.

7. Repeat the same process to delete the AWSCloudFormationStackSetExecutionRole.

To empty and delete the Amazon S3 buckets

1. Open the Amazon S3 console.

2. In the navigation pane on the left side of the console, choose Buckets.

3. In the Buckets list, you'll see buckets created for this StackSet in each Region where you deployed. Select the option next to the name of the bucket created for this StackSet, and then choose Empty.

4. On the Empty bucket page, confirm that you want to empty the bucket by typing permanently delete into the text field, and then choose Empty.

5. Monitor the progress of the bucket emptying process on the Empty bucket: Status page.

6. To return to your bucket list, choose Exit.

7. Select the option next to the name of the bucket, and then choose Delete.

8. When prompted for confirmation, type the name of the bucket and then choose Delete bucket.

9. Monitor the progress of the bucket deletion process from the Buckets list. When Amazon S3 completes the deletion of the bucket, it removes the bucket from the list.

10. Repeat this process for each bucket created by the StackSet in the different Regions.