# CDK StackSets Construct Library
---
> The APIs of higher level constructs in this module are experimental and under active development.
> They are subject to non-backward compatible changes or removal in any future version. These are
> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be
> announced in the release notes. This means that while you may use them, you may need to update
> your source code when upgrading to a newer version of this package.
---
This construct library allows you to define AWS CloudFormation StackSets.
```ts
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'MyStackSet');
new StackSet(stack, 'StackSet', {
target: StackSetTarget.fromAccounts({
regions: ['us-east-1'],
accounts: ['11111111111'],
parameterOverrides: {
SomeParam: 'overrideValue',
},
}),
template: StackSetTemplate.fromStackSetStack(stackSetStack),
});
```
## Installing
### TypeScript/JavaScript
```bash
npm install cdk-stacksets
```
### Python
```bash
pip install cdk-stacksets
```
### Java
```xml
// add this to your pom.xml
io.github.cdklabs
cdk-stacksets
0.0.0 // replace with version
```
### .NET
```bash
dotnet add package CdklabsCdkStacksets --version X.X.X
```
### Go
```bash
go get cdk-stacksets-go
```
## Creating a StackSet Stack
StackSets allow you to deploy a single CloudFormation template across multiple AWS accounts and regions.
Typically when creating a CDK Stack that will be deployed across multiple environments, the CDK will
synthesize separate Stack templates for each environment (account/region combination). Because of the
way that StackSets work, StackSet Stacks behave differently. For Stacks that will be deployed via StackSets
a single Stack is defined and synthesized. Any environmental differences must be encoded using Parameters.
A special class was created to handle the uniqueness of the StackSet Stack.
You declare a `StackSetStack` the same way that you declare a normal `Stack`, but there
are a couple of differences. `StackSetStack`s have a couple of special requirements/limitations when
compared to Stacks.
*Requirements*
- Must be created in the scope of a `Stack`
- Must be environment agnostic
*Limitations*
- Does not support Docker container assets
Once you create a `StackSetStack` you can create resources within the stack.
```ts
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'StackSet');
new iam.Role(stackSetStack, 'MyRole', {
assumedBy: new iam.ServicePrincipal('myservice.amazonaws.com'),
});
```
Or
```ts
class MyStackSet extends StackSetStack {
constructor(scope: Construct, id: string) {
super(scope, id);
new iam.Role(this, 'MyRole', {
assumedBy: new iam.ServicePrincipal('myservice.amazonaws.com'),
});
}
}
```
## Creating a StackSet
AWS CloudFormation StackSets enable you to create, update, or delete stacks across multiple accounts and AWS Regions
with a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use
the template as the basis for provisioning stacks into selected target accounts across specific AWS Regions.
There are two methods for defining _where_ the StackSet should be deployed. You can either define individual accounts, or
you can define AWS Organizations organizational units.
### Deploying to individual accounts
Deploying to individual accounts requires you to specify the account ids. If you want to later deploy to additional accounts,
or remove the stackset from accounts, this has to be done by adding/removing the account id from the list.
```ts
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'MyStackSet');
new StackSet(stack, 'StackSet', {
target: StackSetTarget.fromAccounts({
regions: ['us-east-1'],
accounts: ['11111111111'],
}),
template: StackSetTemplate.fromStackSetStack(stackSetStack),
});
```
### Deploying to organizational units
AWS Organizations is an AWS service that enables you to centrally manage and govern multiple accounts.
AWS Organizations allows you to define organizational units (OUs) which are logical groupings of AWS accounts.
OUs enable you to organize your accounts into a hierarchy and make it easier for you to apply management controls.
For a deep dive on OU best practices you can read the [Best Practices for Organizational Units with AWS Organizations](https://aws.amazon.com/blogs/mt/best-practices-for-organizational-units-with-aws-organizations/) blog post.
You can either specify the organization itself, or individual OUs. By default the StackSet will be deployed
to all AWS accounts that are part of the OU. If the OU is nested it will also deploy to all accounts
that are part of any nested OUs.
For example, given the following org hierarchy
```mermaid
graph TD
root-->ou-1;
root-->ou-2;
ou-1-->ou-3;
ou-1-->ou-4;
ou-3-->account-1;
ou-3-->account-2;
ou-4-->account-4;
ou-2-->account-3;
ou-2-->account-5;
```
You could deploy to all AWS accounts under OUs `ou-1`, `ou-3`, `ou-4` by specifying the following:
```ts
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'MyStackSet');
new StackSet(stack, 'StackSet', {
target: StackSetTarget.fromOrganizationalUnits({
regions: ['us-east-1'],
organizationalUnits: ['ou-1'],
}),
template: StackSetTemplate.fromStackSetStack(stackSetStack),
});
```
This would deploy the StackSet to `account-1`, `account-2`, `account-4`.
If there are specific AWS accounts that are part of the specified OU hierarchy that you would like
to exclude, this can be done by specifying `excludeAccounts`.
```ts
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'MyStackSet');
new StackSet(stack, 'StackSet', {
target: StackSetTarget.fromOrganizationalUnits({
regions: ['us-east-1'],
organizationalUnits: ['ou-1'],
excludeAccounts: ['account-2'],
}),
template: StackSetTemplate.fromStackSetStack(stackSetStack),
});
```
This would deploy only to `account-1` & `account-4`, and would exclude `account-2`.
Sometimes you might have individual accounts that you would like to deploy the StackSet to, but
you do not want to include the entire OU. To do that you can specify `additionalAccounts`.
```ts
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'MyStackSet');
new StackSet(stack, 'StackSet', {
target: StackSetTarget.fromOrganizationalUnits({
regions: ['us-east-1'],
organizationalUnits: ['ou-1'],
additionalAccounts: ['account-5'],
}),
template: StackSetTemplate.fromStackSetStack(stackSetStack),
});
```
This would deploy the StackSet to `account-1`, `account-2`, `account-4` & `account-5`.
### StackSet permissions
There are two modes for managing StackSet permissions (i.e. _where_ StackSets can deploy & _what_ resources they can create).
A StackSet can either be `Service Managed` or `Self Managed`.
You can control this through the `deploymentType` parameter.
#### Service Managed
When a StackSet is service managed, the permissions are managed by AWS Organizations. This allows the StackSet to deploy the Stack to _any_
account within the organization. In addition, the StackSet will be able to create _any_ type of resource.
```ts
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'MyStackSet');
new StackSet(stack, 'StackSet', {
target: StackSetTarget.fromOrganizationalUnits({
regions: ['us-east-1'],
organizationalUnits: ['ou-1'],
}),
deploymentType: DeploymentType.serviceManaged(),
template: StackSetTemplate.fromStackSetStack(stackSetStack),
});
```
When you specify `serviceManaged` deployment type, automatic deployments are enabled by default.
Automatic deployments allow the StackSet to be automatically deployed to or deleted from
AWS accounts when they are added or removed from the specified organizational units.
### Using File Assets
You can use the StackSet's parent stack to facilitate file assets. Behind the scenes,
this is accomplished using the `BucketDeployment` construct from the
`aws_s3_deployment` module. You need to provide a bucket outside the scope of the CDK
managed asset buckets and ensure you have persmissions for the target accounts to pull
the artifacts from the supplied bucket.
As a basic example, if using a `serviceManaged` deployment, you just need to give read
access to the Organization. You can create the asset bucket in the parent stack, or another
stack in the same app and pass the object as a prop. Or, import an existing bucket as needed.
If creating in the parent or sibling stack you could create and export similar to this:
```ts
const bucket = new s3.Bucket(this, "Assets", {
bucketName: "cdkstacket-asset-bucket-xyz",
});
bucket.addToResourcePolicy(
new iam.PolicyStatement({
actions: ["s3:Get*", "s3:List*"],
resources: [bucket.arnForObjects("*"), bucket.bucketArn],
principals: [new iam.OrganizationPrincipal("o-xyz")],
})
);
```
Then pass as a prop to the StackSet stack:
```ts
declare const bucket: s3.Bucket;
const stack = new Stack();
const stackSetStack = new StackSetStack(stack, 'MyStackSet', {
assetBucket: bucket,
});
```
Then call `new StackSet` as described in the sections above.
You can use self-managed StackSet deployments with file assets too but will
need to ensure all target accounts roles will have access to the central asset
bucket you pass as the property.
## Deploying StackSets using CDK Pipelines
You can also deploy StackSets using [CDK Pipelines](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.pipelines-readme.html)
Below is an example of a Pipeline that deploys from a central account. It also
defines separate stages for each "environment" so that you can first test out
the stackset in pre-prod environments.
This would be an automated way of deploying the bootstrap stack described in
[this blog
post](https://aws.amazon.com/blogs/mt/bootstrapping-multiple-aws-accounts-for-aws-cdk-using-cloudformation-stacksets/).
```ts
declare const app: App;
interface BootstrapStageProps extends StageProps {
readonly initialBootstrapTarget: StackSetTarget;
readonly stacksetName?: string;
}
class BootstrapStage extends Stage {
constructor(scope: Construct, id: string, props: BootstrapStageProps) {
super(scope, id, props);
const stack = new Stack(this, 'BootstrapStackSet');
const bootstrap = new Bootstrap(stack, 'CDKToolkit');
const stackSet = new StackSet(stack, 'StackSet', {
template: StackSetTemplate.fromStackSetStack(bootstrap),
target: props.initialBootstrapTarget,
capabilities: [Capability.NAMED_IAM],
managedExecution: true,
stackSetName: props.stacksetName,
deploymentType: DeploymentType.serviceManaged({
delegatedAdmin: true,
autoDeployEnabled: true,
autoDeployRetainStacks: false,
}),
operationPreferences: {
regionConcurrencyType: RegionConcurrencyType.PARALLEL,
maxConcurrentPercentage: 100,
failureTolerancePercentage: 99,
},
});
}
}
const pipeline = new pipelines.CodePipeline(this, 'BootstrapPipeline', {
synth: new pipelines.ShellStep('Synth', {
commands: [
'yarn install --frozen-lockfile',
'npx cdk synth',
],
input: pipelines.CodePipelineSource.connection('myorg/myrepo', 'main', {
connectionArn: 'arn:aws:codestar-connections:us-east-2:111111111111:connection/ca65d487-ca6e-41cc-aab2-645db37fdb2b',
}),
}),
selfMutation: true,
});
const regions = [
'us-east-1',
'us-east-2',
'us-west-2',
'eu-west-2',
'eu-west-1',
'ap-south-1',
'ap-southeast-1',
];
pipeline.addStage(
new BootstrapStage(app, 'DevBootstrap', {
env: {
region: 'us-east-1',
account: '111111111111',
},
stacksetName: 'CDKToolkit-dev',
initialBootstrapTarget: StackSetTarget.fromOrganizationalUnits({
regions,
organizationalUnits: ['ou-hrza-ar333427'],
}),
}),
);
pipeline.addStage(
new BootstrapStage(app, 'ProdBootstrap', {
env: {
region: 'us-east-1',
account: '111111111111',
},
stacksetName: 'CDKToolkit-prd',
initialBootstrapTarget: StackSetTarget.fromOrganizationalUnits({
regions,
organizationalUnits: ['ou-hrza-bb999427', 'ou-hraa-ar111127'],
}),
}),
);
```
# API Reference
## Constructs
### StackSet
- *Implements:* IStackSet
#### Initializers
```typescript
import { StackSet } from 'cdk-stacksets'
new StackSet(scope: Construct, id: string, props: StackSetProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | StackSetProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Required
- *Type:* StackSetProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| applyRemovalPolicy | Apply the given removal policy to this resource. |
| addTarget | *No description.* |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `applyRemovalPolicy`
```typescript
public applyRemovalPolicy(policy: RemovalPolicy): void
```
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops
being managed by CloudFormation, either because you've removed it from the
CDK application or because you've made a change that requires the resource
to be replaced.
The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
###### `policy`Required
- *Type:* aws-cdk-lib.RemovalPolicy
---
##### `addTarget`
```typescript
public addTarget(target: StackSetTarget): void
```
###### `target`Required
- *Type:* StackSetTarget
---
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
| isOwnedResource | Returns true if the construct was created by CDK, and false otherwise. |
| isResource | Check whether the given construct is a Resource. |
---
##### ~~`isConstruct`~~
```typescript
import { StackSet } from 'cdk-stacksets'
StackSet.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
##### `isOwnedResource`
```typescript
import { StackSet } from 'cdk-stacksets'
StackSet.isOwnedResource(construct: IConstruct)
```
Returns true if the construct was created by CDK, and false otherwise.
###### `construct`Required
- *Type:* constructs.IConstruct
---
##### `isResource`
```typescript
import { StackSet } from 'cdk-stacksets'
StackSet.isResource(construct: IConstruct)
```
Check whether the given construct is a Resource.
###### `construct`Required
- *Type:* constructs.IConstruct
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. |
| stack | aws-cdk-lib.Stack | The stack in which this resource is defined. |
| role | aws-cdk-lib.aws_iam.IRole | Only available on self managed stacksets. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `env`Required
```typescript
public readonly env: ResourceEnvironment;
```
- *Type:* aws-cdk-lib.ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed by the CDK
(generally, those created by creating new class instances like Role, Bucket, etc.),
this is always the same as the environment of the stack they belong to;
however, for imported resources
(those obtained from static methods like fromRoleArn, fromBucketName, etc.),
that might be different than the stack they were imported into.
---
##### `stack`Required
```typescript
public readonly stack: Stack;
```
- *Type:* aws-cdk-lib.Stack
The stack in which this resource is defined.
---
##### `role`Optional
```typescript
public readonly role: IRole;
```
- *Type:* aws-cdk-lib.aws_iam.IRole
Only available on self managed stacksets.
The admin role that CloudFormation will use to perform stackset operations.
This role should only have permissions to be assumed by the CloudFormation service
and to assume the execution role in each individual account.
When you create the execution role it must have an assume role policy statement which
allows `sts:AssumeRole` from this admin role.
To grant specific users/groups access to use this role to deploy stacksets they must have
a policy that allows `iam:GetRole` & `iam:PassRole` on this role resource.
---
### StackSetStack
A StackSet stack, which is similar to a normal CloudFormation stack with some differences.
This stack will not be treated as an independent deployment
artifact (won't be listed in "cdk list" or deployable through "cdk deploy"),
but rather only synthesized as a template and uploaded as an asset to S3.
#### Initializers
```typescript
import { StackSetStack } from 'cdk-stacksets'
new StackSetStack(scope: Construct, id: string, props?: StackSetStackProps)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| scope | constructs.Construct | *No description.* |
| id | string | *No description.* |
| props | StackSetStackProps | *No description.* |
---
##### `scope`Required
- *Type:* constructs.Construct
---
##### `id`Required
- *Type:* string
---
##### `props`Optional
- *Type:* StackSetStackProps
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| toString | Returns a string representation of this construct. |
| addDependency | Add a dependency between this stack and another stack. |
| addMetadata | Adds an arbitary key-value pair, with information you want to record about the stack. |
| addTransform | Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template. |
| exportStringListValue | Create a CloudFormation Export for a string list value. |
| exportValue | Create a CloudFormation Export for a string value. |
| formatArn | Creates an ARN from components. |
| getLogicalId | Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource. |
| regionalFact | Look up a fact value for the given fact for the region of this stack. |
| renameLogicalId | Rename a generated logical identities. |
| reportMissingContextKey | Indicate that a context key was expected. |
| resolve | Resolve a tokenized value in the context of the current stack. |
| splitArn | Splits the provided ARN into its components. |
| toJsonString | Convert an object, potentially containing tokens, to a JSON string. |
| toYamlString | Convert an object, potentially containing tokens, to a YAML string. |
---
##### `toString`
```typescript
public toString(): string
```
Returns a string representation of this construct.
##### `addDependency`
```typescript
public addDependency(target: Stack, reason?: string): void
```
Add a dependency between this stack and another stack.
This can be used to define dependencies between any two stacks within an
app, and also supports nested stacks.
###### `target`Required
- *Type:* aws-cdk-lib.Stack
---
###### `reason`Optional
- *Type:* string
---
##### `addMetadata`
```typescript
public addMetadata(key: string, value: any): void
```
Adds an arbitary key-value pair, with information you want to record about the stack.
These get translated to the Metadata section of the generated template.
> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html)
###### `key`Required
- *Type:* string
---
###### `value`Required
- *Type:* any
---
##### `addTransform`
```typescript
public addTransform(transform: string): void
```
Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template.
Duplicate values are removed when stack is synthesized.
> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html)
*Example*
```typescript
declare const stack: Stack;
stack.addTransform('AWS::Serverless-2016-10-31')
```
###### `transform`Required
- *Type:* string
The transform to add.
---
##### `exportStringListValue`
```typescript
public exportStringListValue(exportedValue: any, options?: ExportValueOptions): string[]
```
Create a CloudFormation Export for a string list value.
Returns a string list representing the corresponding `Fn.importValue()`
expression for this Export. The export expression is automatically wrapped with an
`Fn::Join` and the import value with an `Fn::Split`, since CloudFormation can only
export strings. You can control the name for the export by passing the `name` option.
If you don't supply a value for `name`, the value you're exporting must be
a Resource attribute (for example: `bucket.bucketName`) and it will be
given the same name as the automatic cross-stack reference that would be created
if you used the attribute in another Stack.
One of the uses for this method is to *remove* the relationship between
two Stacks established by automatic cross-stack references. It will
temporarily ensure that the CloudFormation Export still exists while you
remove the reference from the consuming stack. After that, you can remove
the resource and the manual export.
See `exportValue` for an example of this process.
###### `exportedValue`Required
- *Type:* any
---
###### `options`Optional
- *Type:* aws-cdk-lib.ExportValueOptions
---
##### `exportValue`
```typescript
public exportValue(exportedValue: any, options?: ExportValueOptions): string
```
Create a CloudFormation Export for a string value.
Returns a string representing the corresponding `Fn.importValue()`
expression for this Export. You can control the name for the export by
passing the `name` option.
If you don't supply a value for `name`, the value you're exporting must be
a Resource attribute (for example: `bucket.bucketName`) and it will be
given the same name as the automatic cross-stack reference that would be created
if you used the attribute in another Stack.
One of the uses for this method is to *remove* the relationship between
two Stacks established by automatic cross-stack references. It will
temporarily ensure that the CloudFormation Export still exists while you
remove the reference from the consuming stack. After that, you can remove
the resource and the manual export.
## Example
Here is how the process works. Let's say there are two stacks,
`producerStack` and `consumerStack`, and `producerStack` has a bucket
called `bucket`, which is referenced by `consumerStack` (perhaps because
an AWS Lambda Function writes into it, or something like that).
It is not safe to remove `producerStack.bucket` because as the bucket is being
deleted, `consumerStack` might still be using it.
Instead, the process takes two deployments:
### Deployment 1: break the relationship
- Make sure `consumerStack` no longer references `bucket.bucketName` (maybe the consumer
stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just
remove the Lambda Function altogether).
- In the `ProducerStack` class, call `this.exportValue(this.bucket.bucketName)`. This
will make sure the CloudFormation Export continues to exist while the relationship
between the two stacks is being broken.
- Deploy (this will effectively only change the `consumerStack`, but it's safe to deploy both).
### Deployment 2: remove the bucket resource
- You are now free to remove the `bucket` resource from `producerStack`.
- Don't forget to remove the `exportValue()` call as well.
- Deploy again (this time only the `producerStack` will be changed -- the bucket will be deleted).
###### `exportedValue`Required
- *Type:* any
---
###### `options`Optional
- *Type:* aws-cdk-lib.ExportValueOptions
---
##### `formatArn`
```typescript
public formatArn(components: ArnComponents): string
```
Creates an ARN from components.
If `partition`, `region` or `account` are not specified, the stack's
partition, region and account will be used.
If any component is the empty string, an empty string will be inserted
into the generated ARN at the location that component corresponds to.
The ARN will be formatted as follows:
arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name}
The required ARN pieces that are omitted will be taken from the stack that
the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope
can be 'undefined'.
###### `components`Required
- *Type:* aws-cdk-lib.ArnComponents
---
##### `getLogicalId`
```typescript
public getLogicalId(element: CfnElement): string
```
Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource.
This method is called when a `CfnElement` is created and used to render the
initial logical identity of resources. Logical ID renames are applied at
this stage.
This method uses the protected method `allocateLogicalId` to render the
logical ID for an element. To modify the naming scheme, extend the `Stack`
class and override this method.
###### `element`Required
- *Type:* aws-cdk-lib.CfnElement
The CloudFormation element for which a logical identity is needed.
---
##### `regionalFact`
```typescript
public regionalFact(factName: string, defaultValue?: string): string
```
Look up a fact value for the given fact for the region of this stack.
Will return a definite value only if the region of the current stack is resolved.
If not, a lookup map will be added to the stack and the lookup will be done at
CDK deployment time.
What regions will be included in the lookup map is controlled by the
`@aws-cdk/core:target-partitions` context value: it must be set to a list
of partitions, and only regions from the given partitions will be included.
If no such context key is set, all regions will be included.
This function is intended to be used by construct library authors. Application
builders can rely on the abstractions offered by construct libraries and do
not have to worry about regional facts.
If `defaultValue` is not given, it is an error if the fact is unknown for
the given region.
###### `factName`Required
- *Type:* string
---
###### `defaultValue`Optional
- *Type:* string
---
##### `renameLogicalId`
```typescript
public renameLogicalId(oldId: string, newId: string): void
```
Rename a generated logical identities.
To modify the naming scheme strategy, extend the `Stack` class and
override the `allocateLogicalId` method.
###### `oldId`Required
- *Type:* string
---
###### `newId`Required
- *Type:* string
---
##### `reportMissingContextKey`
```typescript
public reportMissingContextKey(report: MissingContext): void
```
Indicate that a context key was expected.
Contains instructions which will be emitted into the cloud assembly on how
the key should be supplied.
###### `report`Required
- *Type:* aws-cdk-lib.cloud_assembly_schema.MissingContext
The set of parameters needed to obtain the context.
---
##### `resolve`
```typescript
public resolve(obj: any): any
```
Resolve a tokenized value in the context of the current stack.
###### `obj`Required
- *Type:* any
---
##### `splitArn`
```typescript
public splitArn(arn: string, arnFormat: ArnFormat): ArnComponents
```
Splits the provided ARN into its components.
Works both if 'arn' is a string like 'arn:aws:s3:::bucket',
and a Token representing a dynamic CloudFormation expression
(in which case the returned components will also be dynamic CloudFormation expressions,
encoded as Tokens).
###### `arn`Required
- *Type:* string
the ARN to split into its components.
---
###### `arnFormat`Required
- *Type:* aws-cdk-lib.ArnFormat
the expected format of 'arn' - depends on what format the service 'arn' represents uses.
---
##### `toJsonString`
```typescript
public toJsonString(obj: any, space?: number): string
```
Convert an object, potentially containing tokens, to a JSON string.
###### `obj`Required
- *Type:* any
---
###### `space`Optional
- *Type:* number
---
##### `toYamlString`
```typescript
public toYamlString(obj: any): string
```
Convert an object, potentially containing tokens, to a YAML string.
###### `obj`Required
- *Type:* any
---
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| isConstruct | Checks if `x` is a construct. |
| isStack | Return whether the given object is a Stack. |
| of | Looks up the first stack scope in which `construct` is defined. |
---
##### ~~`isConstruct`~~
```typescript
import { StackSetStack } from 'cdk-stacksets'
StackSetStack.isConstruct(x: any)
```
Checks if `x` is a construct.
###### `x`Required
- *Type:* any
Any object.
---
##### `isStack`
```typescript
import { StackSetStack } from 'cdk-stacksets'
StackSetStack.isStack(x: any)
```
Return whether the given object is a Stack.
We do attribute detection since we can't reliably use 'instanceof'.
###### `x`Required
- *Type:* any
---
##### `of`
```typescript
import { StackSetStack } from 'cdk-stacksets'
StackSetStack.of(construct: IConstruct)
```
Looks up the first stack scope in which `construct` is defined.
Fails if there is no stack up the tree.
###### `construct`Required
- *Type:* constructs.IConstruct
The construct to start the search from.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| account | string | The AWS account into which this stack will be deployed. |
| artifactId | string | The ID of the cloud assembly artifact for this stack. |
| availabilityZones | string[] | Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack. |
| bundlingRequired | boolean | Indicates whether the stack requires bundling or not. |
| dependencies | aws-cdk-lib.Stack[] | Return the stacks this stack depends on. |
| environment | string | The environment coordinates in which this stack is deployed. |
| nested | boolean | Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent. |
| notificationArns | string[] | Returns the list of notification Amazon Resource Names (ARNs) for the current stack. |
| partition | string | The partition in which this stack is defined. |
| region | string | The AWS region into which this stack will be deployed (e.g. `us-west-2`). |
| stackId | string | The ID of the stack. |
| stackName | string | The concrete CloudFormation physical stack name. |
| synthesizer | aws-cdk-lib.IStackSynthesizer | Synthesis method for this stack. |
| tags | aws-cdk-lib.TagManager | Tags to be applied to the stack. |
| templateFile | string | The name of the CloudFormation template file emitted to the output
directory during synthesis. |
| templateOptions | aws-cdk-lib.ITemplateOptions | Options for CloudFormation template (like version, transform, description). |
| urlSuffix | string | The Amazon domain suffix for the region in which this stack is defined. |
| nestedStackParent | aws-cdk-lib.Stack | If this is a nested stack, returns it's parent stack. |
| nestedStackResource | aws-cdk-lib.CfnResource | If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource. |
| terminationProtection | boolean | Whether termination protection is enabled for this stack. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `account`Required
```typescript
public readonly account: string;
```
- *Type:* string
The AWS account into which this stack will be deployed.
This value is resolved according to the following rules:
1. The value provided to `env.account` when the stack is defined. This can
either be a concrete account (e.g. `585695031111`) or the
`Aws.ACCOUNT_ID` token.
3. `Aws.ACCOUNT_ID`, which represents the CloudFormation intrinsic reference
`{ "Ref": "AWS::AccountId" }` encoded as a string token.
Preferably, you should use the return value as an opaque string and not
attempt to parse it to implement your logic. If you do, you must first
check that it is a concrete value an not an unresolved token. If this
value is an unresolved token (`Token.isUnresolved(stack.account)` returns
`true`), this implies that the user wishes that this stack will synthesize
into a **account-agnostic template**. In this case, your code should either
fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or
implement some other region-agnostic behavior.
---
##### `artifactId`Required
```typescript
public readonly artifactId: string;
```
- *Type:* string
The ID of the cloud assembly artifact for this stack.
---
##### `availabilityZones`Required
```typescript
public readonly availabilityZones: string[];
```
- *Type:* string[]
Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.
If the stack is environment-agnostic (either account and/or region are
tokens), this property will return an array with 2 tokens that will resolve
at deploy-time to the first two availability zones returned from CloudFormation's
`Fn::GetAZs` intrinsic function.
If they are not available in the context, returns a set of dummy values and
reports them as missing, and let the CLI resolve them by calling EC2
`DescribeAvailabilityZones` on the target environment.
To specify a different strategy for selecting availability zones override this method.
---
##### `bundlingRequired`Required
```typescript
public readonly bundlingRequired: boolean;
```
- *Type:* boolean
Indicates whether the stack requires bundling or not.
---
##### `dependencies`Required
```typescript
public readonly dependencies: Stack[];
```
- *Type:* aws-cdk-lib.Stack[]
Return the stacks this stack depends on.
---
##### `environment`Required
```typescript
public readonly environment: string;
```
- *Type:* string
The environment coordinates in which this stack is deployed.
In the form
`aws://account/region`. Use `stack.account` and `stack.region` to obtain
the specific values, no need to parse.
You can use this value to determine if two stacks are targeting the same
environment.
If either `stack.account` or `stack.region` are not concrete values (e.g.
`Aws.ACCOUNT_ID` or `Aws.REGION`) the special strings `unknown-account` and/or
`unknown-region` will be used respectively to indicate this stack is
region/account-agnostic.
---
##### `nested`Required
```typescript
public readonly nested: boolean;
```
- *Type:* boolean
Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent.
---
##### `notificationArns`Required
```typescript
public readonly notificationArns: string[];
```
- *Type:* string[]
Returns the list of notification Amazon Resource Names (ARNs) for the current stack.
---
##### `partition`Required
```typescript
public readonly partition: string;
```
- *Type:* string
The partition in which this stack is defined.
---
##### `region`Required
```typescript
public readonly region: string;
```
- *Type:* string
The AWS region into which this stack will be deployed (e.g. `us-west-2`).
This value is resolved according to the following rules:
1. The value provided to `env.region` when the stack is defined. This can
either be a concrete region (e.g. `us-west-2`) or the `Aws.REGION`
token.
3. `Aws.REGION`, which is represents the CloudFormation intrinsic reference
`{ "Ref": "AWS::Region" }` encoded as a string token.
Preferably, you should use the return value as an opaque string and not
attempt to parse it to implement your logic. If you do, you must first
check that it is a concrete value an not an unresolved token. If this
value is an unresolved token (`Token.isUnresolved(stack.region)` returns
`true`), this implies that the user wishes that this stack will synthesize
into a **region-agnostic template**. In this case, your code should either
fail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or
implement some other region-agnostic behavior.
---
##### `stackId`Required
```typescript
public readonly stackId: string;
```
- *Type:* string
The ID of the stack.
---
*Example*
```typescript
// After resolving, looks like
'arn:aws:cloudformation:us-west-2:123456789012:stack/teststack/51af3dc0-da77-11e4-872e-1234567db123'
```
##### `stackName`Required
```typescript
public readonly stackName: string;
```
- *Type:* string
The concrete CloudFormation physical stack name.
This is either the name defined explicitly in the `stackName` prop or
allocated based on the stack's location in the construct tree. Stacks that
are directly defined under the app use their construct `id` as their stack
name. Stacks that are defined deeper within the tree will use a hashed naming
scheme based on the construct path to ensure uniqueness.
If you wish to obtain the deploy-time AWS::StackName intrinsic,
you can use `Aws.STACK_NAME` directly.
---
##### `synthesizer`Required
```typescript
public readonly synthesizer: IStackSynthesizer;
```
- *Type:* aws-cdk-lib.IStackSynthesizer
Synthesis method for this stack.
---
##### `tags`Required
```typescript
public readonly tags: TagManager;
```
- *Type:* aws-cdk-lib.TagManager
Tags to be applied to the stack.
---
##### `templateFile`Required
```typescript
public readonly templateFile: string;
```
- *Type:* string
The name of the CloudFormation template file emitted to the output
directory during synthesis.
Example value: `MyStack.template.json`
---
##### `templateOptions`Required
```typescript
public readonly templateOptions: ITemplateOptions;
```
- *Type:* aws-cdk-lib.ITemplateOptions
Options for CloudFormation template (like version, transform, description).
---
##### `urlSuffix`Required
```typescript
public readonly urlSuffix: string;
```
- *Type:* string
The Amazon domain suffix for the region in which this stack is defined.
---
##### `nestedStackParent`Optional
```typescript
public readonly nestedStackParent: Stack;
```
- *Type:* aws-cdk-lib.Stack
If this is a nested stack, returns it's parent stack.
---
##### `nestedStackResource`Optional
```typescript
public readonly nestedStackResource: CfnResource;
```
- *Type:* aws-cdk-lib.CfnResource
If this is a nested stack, this represents its `AWS::CloudFormation::Stack` resource.
`undefined` for top-level (non-nested) stacks.
---
##### `terminationProtection`Optional
```typescript
public readonly terminationProtection: boolean;
```
- *Type:* boolean
Whether termination protection is enabled for this stack.
---
## Structs
### AccountsTargetOptions
Options for deploying a StackSet to a list of AWS accounts.
#### Initializer
```typescript
import { AccountsTargetOptions } from 'cdk-stacksets'
const accountsTargetOptions: AccountsTargetOptions = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| regions | string[] | A list of regions the Stack should be deployed to. |
| parameterOverrides | {[ key: string ]: string} | Parameter overrides that should be applied to only this target. |
| accounts | string[] | A list of AWS accounts to deploy the StackSet to. |
---
##### `regions`Required
```typescript
public readonly regions: string[];
```
- *Type:* string[]
A list of regions the Stack should be deployed to.
If {@link StackSetProps.operationPreferences.regionOrder} is specified
then the StackSet will be deployed sequentially otherwise it will be
deployed to all regions in parallel.
---
##### `parameterOverrides`Optional
```typescript
public readonly parameterOverrides: {[ key: string ]: string};
```
- *Type:* {[ key: string ]: string}
- *Default:* use parameter overrides specified in {@link StackSetProps.parameterOverrides}
Parameter overrides that should be applied to only this target.
---
##### `accounts`Required
```typescript
public readonly accounts: string[];
```
- *Type:* string[]
A list of AWS accounts to deploy the StackSet to.
---
### OperationPreferences
#### Initializer
```typescript
import { OperationPreferences } from 'cdk-stacksets'
const operationPreferences: OperationPreferences = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| failureToleranceCount | number | *No description.* |
| failureTolerancePercentage | number | *No description.* |
| maxConcurrentCount | number | *No description.* |
| maxConcurrentPercentage | number | *No description.* |
| regionConcurrencyType | RegionConcurrencyType | *No description.* |
| regionOrder | string[] | *No description.* |
---
##### `failureToleranceCount`Optional
```typescript
public readonly failureToleranceCount: number;
```
- *Type:* number
---
##### `failureTolerancePercentage`Optional
```typescript
public readonly failureTolerancePercentage: number;
```
- *Type:* number
---
##### `maxConcurrentCount`Optional
```typescript
public readonly maxConcurrentCount: number;
```
- *Type:* number
---
##### `maxConcurrentPercentage`Optional
```typescript
public readonly maxConcurrentPercentage: number;
```
- *Type:* number
---
##### `regionConcurrencyType`Optional
```typescript
public readonly regionConcurrencyType: RegionConcurrencyType;
```
- *Type:* RegionConcurrencyType
---
##### `regionOrder`Optional
```typescript
public readonly regionOrder: string[];
```
- *Type:* string[]
---
### OrganizationsTargetOptions
Options for deploying a StackSet to a set of Organizational Units (OUs).
#### Initializer
```typescript
import { OrganizationsTargetOptions } from 'cdk-stacksets'
const organizationsTargetOptions: OrganizationsTargetOptions = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| regions | string[] | A list of regions the Stack should be deployed to. |
| parameterOverrides | {[ key: string ]: string} | Parameter overrides that should be applied to only this target. |
| organizationalUnits | string[] | A list of organizational unit ids to deploy to. |
| additionalAccounts | string[] | A list of additional AWS accounts to deploy the StackSet to. |
| excludeAccounts | string[] | A list of AWS accounts to exclude from deploying the StackSet to. |
---
##### `regions`Required
```typescript
public readonly regions: string[];
```
- *Type:* string[]
A list of regions the Stack should be deployed to.
If {@link StackSetProps.operationPreferences.regionOrder} is specified
then the StackSet will be deployed sequentially otherwise it will be
deployed to all regions in parallel.
---
##### `parameterOverrides`Optional
```typescript
public readonly parameterOverrides: {[ key: string ]: string};
```
- *Type:* {[ key: string ]: string}
- *Default:* use parameter overrides specified in {@link StackSetProps.parameterOverrides}
Parameter overrides that should be applied to only this target.
---
##### `organizationalUnits`Required
```typescript
public readonly organizationalUnits: string[];
```
- *Type:* string[]
A list of organizational unit ids to deploy to.
The StackSet will
deploy the provided Stack template to all accounts in the OU.
This can be further filtered by specifying either `additionalAccounts`
or `excludeAccounts`.
If the `deploymentType` is specified with `autoDeployEnabled` then
the StackSet will automatically deploy the Stack to new accounts as they
are added to the specified `organizationalUnits`
---
##### `additionalAccounts`Optional
```typescript
public readonly additionalAccounts: string[];
```
- *Type:* string[]
- *Default:* Stacks will only be deployed to accounts that exist in the specified organizationalUnits
A list of additional AWS accounts to deploy the StackSet to.
This can be
used to deploy the StackSet to additional AWS accounts that exist in a
different OU than what has been provided in `organizationalUnits`
---
##### `excludeAccounts`Optional
```typescript
public readonly excludeAccounts: string[];
```
- *Type:* string[]
- *Default:* Stacks will be deployed to all accounts that exist in the OUs specified in the organizationUnits property
A list of AWS accounts to exclude from deploying the StackSet to.
This can
be useful if there are accounts that exist in an OU that is provided in
`organizationalUnits`, but you do not want the StackSet to be deployed.
---
### SelfManagedOptions
Options for StackSets that are not managed by AWS Organizations.
#### Initializer
```typescript
import { SelfManagedOptions } from 'cdk-stacksets'
const selfManagedOptions: SelfManagedOptions = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| adminRole | aws-cdk-lib.aws_iam.IRole | The admin role that CloudFormation will use to perform stackset operations. |
| executionRoleName | string | The name of the stackset execution role that already exists in each target AWS account. |
---
##### `adminRole`Optional
```typescript
public readonly adminRole: IRole;
```
- *Type:* aws-cdk-lib.aws_iam.IRole
- *Default:* a default role will be created
The admin role that CloudFormation will use to perform stackset operations.
This role should only have permissions to be assumed by the CloudFormation service
and to assume the execution role in each individual account.
When you create the execution role it must have an assume role policy statement which
allows `sts:AssumeRole` from this admin role.
To grant specific users/groups access to use this role to deploy stacksets they must have
a policy that allows `iam:GetRole` & `iam:PassRole` on this role resource.
---
##### `executionRoleName`Optional
```typescript
public readonly executionRoleName: string;
```
- *Type:* string
- *Default:* AWSCloudFormationStackSetExecutionRole
The name of the stackset execution role that already exists in each target AWS account.
This role must be configured with a trust policy that allows `sts:AssumeRole` from the `adminRole`.
In addition this role must have the necessary permissions to manage the resources created by the stackset.
> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html#stacksets-prereqs-accountsetup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html#stacksets-prereqs-accountsetup)
---
### ServiceManagedOptions
Options for StackSets that are managed by AWS Organizations.
#### Initializer
```typescript
import { ServiceManagedOptions } from 'cdk-stacksets'
const serviceManagedOptions: ServiceManagedOptions = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| autoDeployEnabled | boolean | Whether or not the StackSet should automatically create/remove the Stack from AWS accounts that are added/removed from an organizational unit. |
| autoDeployRetainStacks | boolean | Whether stacks should be removed from AWS accounts that are removed from an organizational unit. |
| delegatedAdmin | boolean | Whether or not the account this StackSet is deployed from is the delegated admin account. |
---
##### `autoDeployEnabled`Optional
```typescript
public readonly autoDeployEnabled: boolean;
```
- *Type:* boolean
- *Default:* true
Whether or not the StackSet should automatically create/remove the Stack from AWS accounts that are added/removed from an organizational unit.
This has no effect if {@link StackSetTarget.fromAccounts} is used
---
##### `autoDeployRetainStacks`Optional
```typescript
public readonly autoDeployRetainStacks: boolean;
```
- *Type:* boolean
- *Default:* true
Whether stacks should be removed from AWS accounts that are removed from an organizational unit.
By default the stack will be retained (not deleted)
This has no effect if {@link StackSetTarget.fromAccounts} is used
---
##### `delegatedAdmin`Optional
```typescript
public readonly delegatedAdmin: boolean;
```
- *Type:* boolean
- *Default:* true
Whether or not the account this StackSet is deployed from is the delegated admin account.
Set this to `false` if you are using the AWS Organizations management account instead.
> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html)
---
### StackSetProps
#### Initializer
```typescript
import { StackSetProps } from 'cdk-stacksets'
const stackSetProps: StackSetProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| target | StackSetTarget | Which accounts/OUs and regions to deploy the StackSet to. |
| template | StackSetTemplate | The Stack that will be deployed to the target. |
| capabilities | Capability[] | Specify a list of capabilities required by your stackset. |
| deploymentType | DeploymentType | The type of deployment for this StackSet. |
| description | string | An optional description to add to the StackSet. |
| managedExecution | boolean | If this is `true` then StackSets will perform non-conflicting operations concurrently and queue any conflicting operations. |
| operationPreferences | OperationPreferences | *No description.* |
| stackSetName | string | The name of the stack set. |
---
##### `target`Required
```typescript
public readonly target: StackSetTarget;
```
- *Type:* StackSetTarget
Which accounts/OUs and regions to deploy the StackSet to.
---
##### `template`Required
```typescript
public readonly template: StackSetTemplate;
```
- *Type:* StackSetTemplate
The Stack that will be deployed to the target.
---
##### `capabilities`Optional
```typescript
public readonly capabilities: Capability[];
```
- *Type:* Capability[]
- *Default:* no specific capabilities
Specify a list of capabilities required by your stackset.
StackSets that contains certain functionality require an explicit acknowledgement
that the stack contains these capabilities.
If you deploy a stack that requires certain capabilities and they are
not specified, the deployment will fail with a `InsufficientCapabilities` error.
---
##### `deploymentType`Optional
```typescript
public readonly deploymentType: DeploymentType;
```
- *Type:* DeploymentType
- *Default:* DeploymentType.self()
The type of deployment for this StackSet.
The deployment can either be managed by
AWS Organizations (i.e. DeploymentType.serviceManaged()) or by the AWS account that
the StackSet is deployed from.
In order to use DeploymentType.serviceManaged() the account needs to either be the
organizations's management account or a delegated administrator account.
---
##### `description`Optional
```typescript
public readonly description: string;
```
- *Type:* string
- *Default:* no description
An optional description to add to the StackSet.
---
##### `managedExecution`Optional
```typescript
public readonly managedExecution: boolean;
```
- *Type:* boolean
- *Default:* true
If this is `true` then StackSets will perform non-conflicting operations concurrently and queue any conflicting operations.
This means that you can submit more than one operation per StackSet and they will be
executed concurrently. For example you can submit a single request that updates existing
stack instances *and* creates new stack instances. Any conflicting operations will be queued
for immediate processing once the conflict is resolved.
---
##### `operationPreferences`Optional
```typescript
public readonly operationPreferences: OperationPreferences;
```
- *Type:* OperationPreferences
---
##### `stackSetName`Optional
```typescript
public readonly stackSetName: string;
```
- *Type:* string
- *Default:* CloudFormation generated name
The name of the stack set.
---
### StackSetStackProps
StackSet stack props.
#### Initializer
```typescript
import { StackSetStackProps } from 'cdk-stacksets'
const stackSetStackProps: StackSetStackProps = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| assetBucket | aws-cdk-lib.aws_s3.IBucket | A Bucket can be passed to store assets, enabling StackSetStack Asset support. |
---
##### `assetBucket`Optional
```typescript
public readonly assetBucket: IBucket;
```
- *Type:* aws-cdk-lib.aws_s3.IBucket
- *Default:* No Bucket provided and Assets will not be supported.
A Bucket can be passed to store assets, enabling StackSetStack Asset support.
---
### TargetOptions
Common options for deploying a StackSet to a target.
#### Initializer
```typescript
import { TargetOptions } from 'cdk-stacksets'
const targetOptions: TargetOptions = { ... }
```
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| regions | string[] | A list of regions the Stack should be deployed to. |
| parameterOverrides | {[ key: string ]: string} | Parameter overrides that should be applied to only this target. |
---
##### `regions`Required
```typescript
public readonly regions: string[];
```
- *Type:* string[]
A list of regions the Stack should be deployed to.
If {@link StackSetProps.operationPreferences.regionOrder} is specified
then the StackSet will be deployed sequentially otherwise it will be
deployed to all regions in parallel.
---
##### `parameterOverrides`Optional
```typescript
public readonly parameterOverrides: {[ key: string ]: string};
```
- *Type:* {[ key: string ]: string}
- *Default:* use parameter overrides specified in {@link StackSetProps.parameterOverrides}
Parameter overrides that should be applied to only this target.
---
## Classes
### DeploymentType
#### Initializers
```typescript
import { DeploymentType } from 'cdk-stacksets'
new DeploymentType()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| selfManaged | StackSets deployed using the self managed model require you to create the necessary IAM roles in the source and target AWS accounts and to setup the required IAM permissions. |
| serviceManaged | StackSets deployed using service managed permissions allow you to deploy StackSet instances to accounts within an AWS Organization. |
---
##### `selfManaged`
```typescript
import { DeploymentType } from 'cdk-stacksets'
DeploymentType.selfManaged(options?: SelfManagedOptions)
```
StackSets deployed using the self managed model require you to create the necessary IAM roles in the source and target AWS accounts and to setup the required IAM permissions.
Using this model you can only deploy to AWS accounts that have the necessary IAM roles/permissions
pre-created.
###### `options`Optional
- *Type:* SelfManagedOptions
---
##### `serviceManaged`
```typescript
import { DeploymentType } from 'cdk-stacksets'
DeploymentType.serviceManaged(options?: ServiceManagedOptions)
```
StackSets deployed using service managed permissions allow you to deploy StackSet instances to accounts within an AWS Organization.
Using this module
AWS Organizations will handle creating the necessary IAM roles and setting up the
required permissions.
This model also allows you to enable automated deployments which allows the StackSet
to be automatically deployed to new accounts that are added to your organization in the future.
This model requires you to be operating in either the AWS Organizations management account
or the delegated administrator account
> [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stacksets-concepts-stackset-permission-models](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stacksets-concepts-stackset-permission-models)
###### `options`Optional
- *Type:* ServiceManagedOptions
---
### StackSetStackSynthesizer
Deployment environment for an AWS StackSet stack.
Interoperates with the StackSynthesizer of the parent stack.
#### Initializers
```typescript
import { StackSetStackSynthesizer } from 'cdk-stacksets'
new StackSetStackSynthesizer(assetBucket?: IBucket)
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| assetBucket | aws-cdk-lib.aws_s3.IBucket | *No description.* |
---
##### `assetBucket`Optional
- *Type:* aws-cdk-lib.aws_s3.IBucket
---
#### Methods
| **Name** | **Description** |
| --- | --- |
| addDockerImageAsset | Register a Docker Image Asset
Returns the parameters that can be used to refer to the asset inside the template. |
| addFileAsset | Register a File Asset
Returns the parameters that can be used to refer to the asset inside the template. |
| bind | Bind to the stack this environment is going to be used on. |
| synthesize | Synthesize the associated stack to the session. |
---
##### `addDockerImageAsset`
```typescript
public addDockerImageAsset(_asset: DockerImageAssetSource): DockerImageAssetLocation
```
Register a Docker Image Asset
Returns the parameters that can be used to refer to the asset inside the template.
The synthesizer must rely on some out-of-band mechanism to make sure the given files
are actually placed in the returned location before the deployment happens. This can
be by writing the instructions to the asset manifest (for use by the `cdk-assets` tool),
by relying on the CLI to upload files (legacy behavior), or some other operator controlled
mechanism.
###### `_asset`Required
- *Type:* aws-cdk-lib.DockerImageAssetSource
---
##### `addFileAsset`
```typescript
public addFileAsset(asset: FileAssetSource): FileAssetLocation
```
Register a File Asset
Returns the parameters that can be used to refer to the asset inside the template.
The synthesizer must rely on some out-of-band mechanism to make sure the given files
are actually placed in the returned location before the deployment happens. This can
be by writing the instructions to the asset manifest (for use by the `cdk-assets` tool),
by relying on the CLI to upload files (legacy behavior), or some other operator controlled
mechanism.
###### `asset`Required
- *Type:* aws-cdk-lib.FileAssetSource
---
##### `bind`
```typescript
public bind(stack: Stack): void
```
Bind to the stack this environment is going to be used on.
Must be called before any of the other methods are called.
###### `stack`Required
- *Type:* aws-cdk-lib.Stack
---
##### `synthesize`
```typescript
public synthesize(session: ISynthesisSession): void
```
Synthesize the associated stack to the session.
###### `session`Required
- *Type:* aws-cdk-lib.ISynthesisSession
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| bootstrapQualifier | string | The qualifier used to bootstrap this stack. |
---
##### `bootstrapQualifier`Optional
```typescript
public readonly bootstrapQualifier: string;
```
- *Type:* string
The qualifier used to bootstrap this stack.
---
### StackSetTarget
Which organizational units and/or accounts the stack set should be deployed to.
`fromAccounts` can be used to deploy the stack set to specific AWS accounts
`fromOrganizationalUnits` can be used to deploy the stack set to specific organizational units
and optionally include additional accounts from other OUs, or exclude accounts from the specified
OUs
*Example*
```typescript
// deploy to specific accounts
StackSetTarget.fromAccounts({
accounts: ['11111111111', '22222222222'],
regions: ['us-east-1', 'us-east-2'],
});
// deploy to OUs and 1 additional account
StackSetTarget.fromOrganizationalUnits({
regions: ['us-east-1', 'us-east-2'],
organizationalUnits: ['ou-1111111', 'ou-2222222'],
additionalAccounts: ['33333333333'],
});
// deploy to OUs but exclude 1 account
StackSetTarget.fromOrganizationalUnits({
regions: ['us-east-1', 'us-east-2'],
organizationalUnits: ['ou-1111111', 'ou-2222222'],
excludeAccounts: ['11111111111'],
});
```
#### Initializers
```typescript
import { StackSetTarget } from 'cdk-stacksets'
new StackSetTarget()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| fromAccounts | Deploy the StackSet to a list of accounts. |
| fromOrganizationalUnits | Deploy the StackSet to a list of AWS Organizations organizational units. |
---
##### `fromAccounts`
```typescript
import { StackSetTarget } from 'cdk-stacksets'
StackSetTarget.fromAccounts(options: AccountsTargetOptions)
```
Deploy the StackSet to a list of accounts.
*Example*
```typescript
StackSetTarget.fromAccounts({
accounts: ['11111111111', '22222222222'],
regions: ['us-east-1', 'us-east-2'],
});
```
###### `options`Required
- *Type:* AccountsTargetOptions
---
##### `fromOrganizationalUnits`
```typescript
import { StackSetTarget } from 'cdk-stacksets'
StackSetTarget.fromOrganizationalUnits(options: OrganizationsTargetOptions)
```
Deploy the StackSet to a list of AWS Organizations organizational units.
You can optionally include/exclude individual AWS accounts.
*Example*
```typescript
StackSetTarget.fromOrganizationalUnits({
regions: ['us-east-1', 'us-east-2'],
organizationalUnits: ['ou-1111111', 'ou-2222222'],
});
```
###### `options`Required
- *Type:* OrganizationsTargetOptions
---
### StackSetTemplate
Represents a StackSet CloudFormation template.
#### Initializers
```typescript
import { StackSetTemplate } from 'cdk-stacksets'
new StackSetTemplate()
```
| **Name** | **Type** | **Description** |
| --- | --- | --- |
---
#### Static Functions
| **Name** | **Description** |
| --- | --- |
| fromStackSetStack | *No description.* |
---
##### `fromStackSetStack`
```typescript
import { StackSetTemplate } from 'cdk-stacksets'
StackSetTemplate.fromStackSetStack(stack: StackSetStack)
```
###### `stack`Required
- *Type:* StackSetStack
the stack to use as the base for the stackset template.
---
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| templateUrl | string | The S3 URL of the StackSet template. |
---
##### `templateUrl`Required
```typescript
public readonly templateUrl: string;
```
- *Type:* string
The S3 URL of the StackSet template.
---
## Protocols
### IStackSet
- *Extends:* aws-cdk-lib.IResource
- *Implemented By:* StackSet, IStackSet
Represents a CloudFormation StackSet.
#### Properties
| **Name** | **Type** | **Description** |
| --- | --- | --- |
| node | constructs.Node | The tree node. |
| env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. |
| stack | aws-cdk-lib.Stack | The stack in which this resource is defined. |
| role | aws-cdk-lib.aws_iam.IRole | Only available on self managed stacksets. |
---
##### `node`Required
```typescript
public readonly node: Node;
```
- *Type:* constructs.Node
The tree node.
---
##### `env`Required
```typescript
public readonly env: ResourceEnvironment;
```
- *Type:* aws-cdk-lib.ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed by the CDK
(generally, those created by creating new class instances like Role, Bucket, etc.),
this is always the same as the environment of the stack they belong to;
however, for imported resources
(those obtained from static methods like fromRoleArn, fromBucketName, etc.),
that might be different than the stack they were imported into.
---
##### `stack`Required
```typescript
public readonly stack: Stack;
```
- *Type:* aws-cdk-lib.Stack
The stack in which this resource is defined.
---
##### `role`Optional
```typescript
public readonly role: IRole;
```
- *Type:* aws-cdk-lib.aws_iam.IRole
Only available on self managed stacksets.
The admin role that CloudFormation will use to perform stackset operations.
This role should only have permissions to be assumed by the CloudFormation service
and to assume the execution role in each individual account.
When you create the execution role it must have an assume role policy statement which
allows `sts:AssumeRole` from this admin role.
To grant specific users/groups access to use this role to deploy stacksets they must have
a policy that allows `iam:GetRole` & `iam:PassRole` on this role resource.
---
## Enums
### Capability
StackSets that contains certain functionality require an explicit acknowledgement that the stack contains these capabilities.
#### Members
| **Name** | **Description** |
| --- | --- |
| NAMED_IAM | Required if the stack contains IAM resources with custom names. |
| IAM | Required if the stack contains IAM resources. |
| AUTO_EXPAND | Required if the stack contains macros. |
---
##### `NAMED_IAM`
Required if the stack contains IAM resources with custom names.
---
##### `IAM`
Required if the stack contains IAM resources.
If the IAM resources
also have custom names then specify {@link Capability.NAMED_IAM} instead.
---
##### `AUTO_EXPAND`
Required if the stack contains macros.
Not supported if deploying
a service managed stackset.
---
### RegionConcurrencyType
#### Members
| **Name** | **Description** |
| --- | --- |
| SEQUENTIAL | *No description.* |
| PARALLEL | *No description.* |
---
##### `SEQUENTIAL`
---
##### `PARALLEL`
---