--- #Default region for deploying Custom Control Tower: Code Pipeline, Step functions, Lambda, SSM parameters, and StackSets region: us-east-1 version: 2021-03-15 # Control Tower Custom Resources (Service Control Policies or CloudFormation) resources: - name: stackset-1 resource_file: s3://bucket-name/key-name/create-ssm-parameter-keys-1.template parameter_file: parameters/create-ssm-parameter-keys-1.json deploy_method: stack_set deployment_targets: accounts: - Developer1 - Production1 export_outputs: - name: /org/member/test-ssm/app-id value: $[output_ApplicationId] regions: - us-east-1 - name: stackset-2 resource_file: templates/create-ssm-parameter-keys-2.template parameters: - parameter_key: ApplicationId parameter_value: App2 - parameter_key: EnvironmentType parameter_value: EnvType2 - parameter_key: EnvironmentNumber parameter_value: EnvNum2 deploy_method: stack_set deployment_targets: accounts: - Developer1 organizational_units: - Prod - Test regions: # :type: list - us-east-1 - us-east-2 - name: stackset-3 resource_file: https://bucket-name.s3.amazonaws.com/key-name/version/my-initiation.template deploy_method: stack_set deployment_targets: organizational_units: - EmptyOU regions: # :type: list - us-west-1 - name: test-preventive-guardrails description: To prevent from deleting or disabling resources in member accounts resource_file: s3://bucket-name/key-name/preventive-guardrails.json deploy_method: scp #Apply to the following OU(s) deployment_targets: # accounts property is not supported for SCPs organizational_units: - Prod - Dev - Test - name: test-guardrails-2 description: To prevent from deleting or disabling resources in member accounts resource_file: policies/preventive-guardrails.json deploy_method: scp #Apply to the following OU(s) deployment_targets: # accounts property is not supported for SCPs organizational_units: - Prod