Reputation: 1760
Can I use CloudFormation StackSets to deploy to multiple regions in my own account?
I have a simple CloudFormation stack that I want to deploy to all regions in my account so I don't have to manually go into each region to deploy the stack, or create a script that does that with the CLI.
I tried doing this with StackSets: I indicated that the account I want to deploy to is my own account number. Then I selected all the regions, and tried to deploy.
Unfortunately, it didn't work, saying:
Account 1234567867867 should have 'AWSCloudFormationStackSetExecutionRole' role with trust relationship to Role 'AWSCloudFormationStackSetAdministrationRole'.
So I looked into that and came across this tutorial on how to address that issue:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html
However, in going through that process, it wouldn't let me do the second step, where I create a role that trusts the administrator account... I'm guessing this is because the administrator account IS my account, so setting up the trust relationship doesn't work, but I'm not exactly sure. Here's the error I get:
AWSCloudFormationStackSetExecutionRole already exists
So is this even possible? Or should I just create a script that uses the CLI to deploy a normal CloudFormation stack across all the regions within my account?
Upvotes: 4
Views: 5903
Answers (1)
Reputation: 1760
The answer is yes, you can use StackSets to deploy across multiple regions within YOUR ONE SINGLE ACCOUNT.
You still need to create the master/child roles as described in the article I linked in my original question. In this special case, you're basically saying you trust yourself to use your own role. But once you do that, you should be able to set up a StackSet, specify your own account number as the account into which you want to deploy the StackSet, and choose all the regions you want.
The reason I was running into a problem earlier was because apparently someone had already added the child role to my account, so when I tried to create it myself, it was already there (causing the error). You probably won't run into that, assuming nobody's been messing with your account. But if you do find you run into that (maybe you're in a company with lots of people working on the same sets of accounts like I am), then all you need to do is find the AWSCloudFormationStackSetExecutionRole role in IAM, edit the Trust Relationships, and add another trust relationship to trust:
arn:aws:iam::<your account number>:role/AWSCloudFormationStackSetAdministrationRole
Upvotes: 6
Related Questions
- How to deploy the same stack across multiple regions using AWS CDK
- How to deploy multiple instances of the same stackset in the same AWS account and region?
- Is there a way to clone a Cloudformation stack in the same region?
- I'd like to create CloudFormation stack with resources in multiple regions. Is this possible?
- Deploy 2 dependent cloudformation stack parts in 2 regions
- How to implement region specific configuration for AWS CloudFormation stack and resources
- Cloudformation - Create resources in different regions
- Create CloudFormation resources in different region
- What is the proper way to deploy a multi-region CloudFormation stack that includes global resources?
- spinning up AWS cloudformation stack in multiple regions