Class GuStackSet

A construct to create a AWS::CloudFormation::StackSet.

The stack set will be configured to automatically deploy into accounts when they join an AWS Organisation Unit. It's assumed stack sets are only provisioned for infrastructure, therefore the STAGE value will always be INFRA.

Usage:

// the infrastructure to create in target accounts
class AccountAlertTopic extends GuStackForStackSetInstance {
  constructor(id: string, props: GuStackProps) {
    super(id, props);

    new GuSnsTopic(this, "topic-for-alerts");
  }
}

class ParentStack extends GuStackForInfrastructure {
  constructor(scope: App, id: string, props: GuStackProps) {
    super(scope, id, props);

    new GuStackSet(this, `${id}StackSet`, {
      stackSetInstance: new AccountAlertTopic("Alerts", { stack: props.stack }),
      name: "centralised-alarms",
      description: "Provisioning of standard account alerting resources",
      organisationUnitTargets: [ "o-abcde12345" ]
    });
  }
}

// contents of `bin/cdk.ts`
new ParentStack(new App(), "AccountAlarmResources", { stack: "alarms" })

This will produce a CloudFormation template like this:

Resources:
  AccountAlarmResourcesStackSet:
    Type: AWS::CloudFormation::StackSet
    Properties:
      PermissionModel: SERVICE_MANAGED
      StackSetName: centralised-alarms
      AutoDeployment:
        Enabled: true
        RetainStacksOnAccountRemoval: false
      Description: Provisioning of standard account alerting resources
      Parameters: []
      StackInstancesGroup:
        - DeploymentTargets:
            OrganizationalUnitIds:
              - o-abcde12345
          Regions:
            - Ref: AWS::Region
      Tags:
        - Key: gu:cdk:version
          Value: TEST
        - Key: gu:repo
          Value: guardian/cdk
        - Key: Stack
          Value: alarms
        - Key: Stage
          Value: INFRA
      TemplateBody: |-
        {
          "Resources": {
            "topicforalerts57330FBE": {
              "Type": "AWS::SNS::Topic",
              "Properties": {
                "Tags": [
                  {
                    "Key": "gu:cdk:version",
                    "Value": "TEST"
                  },
                  {
                    "Key": "gu:repo",
                    "Value": "guardian/cdk"
                  },
                  {
                    "Key": "Stack",
                    "Value": "alarms"
                  },
                  {
                    "Key": "Stage",
                    "Value": "INFRA"
                  }
                ]
              }
            }
          }
        }

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html

Hierarchy

  • CfnStackSet
    • GuStackSet

Constructors

constructor

Properties

_cfnProperties administrationRoleArn? attrStackSetId autoDeployment? callAs? capabilities? cfnOptions cfnResourceType description? executionRoleName? logicalId managedExecution? node operationPreferences? parameters? permissionModel stack stackInstancesGroup? stackSetName tags tagsRaw? templateBody? templateUrl? CFN_RESOURCE_TYPE_NAME

Accessors

cfnProperties creationStack ref updatedProperites updatedProperties

Methods

_addResourceDependency _lockLogicalId _removeResourceDependency _toCloudFormation addDeletionOverride addDependency addDependsOn addMetadata addOverride addPropertyDeletionOverride addPropertyOverride applyRemovalPolicy getAtt getMetadata inspect obtainDependencies obtainResourceDependencies overrideLogicalId removeDependency renderProperties replaceDependency shouldSynthesize toString validateProperties _fromCloudFormation isCfnElement isCfnResource isConstruct

Constructors

constructor

Properties

Protected Readonly Internal _cfnProperties

_cfnProperties: any

AWS CloudFormation resource properties.

This object is returned via cfnProperties

Optional administrationRoleArn

administrationRoleArn?: string

The Amazon Resource Number (ARN) of the IAM role to use to create this stack set.

Readonly attrStackSetId

attrStackSetId: string

The ID of the stack that you're creating.

Cloudformation Attribute

StackSetId

Optional autoDeployment

autoDeployment?: IResolvable | AutoDeploymentProperty

[ Service-managed permissions] Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU).

Optional callAs

callAs?: string

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

Optional capabilities

capabilities?: string[]

The capabilities that are allowed in the stack set.

Readonly cfnOptions

cfnOptions: ICfnResourceOptions

Options for this resource, such as condition, update policy etc.

Readonly cfnResourceType

cfnResourceType: string

AWS resource type.

Optional description

description?: string

A description of the stack set.

Optional executionRoleName

executionRoleName?: string

The name of the IAM execution role to use to create the stack set.

Readonly logicalId

logicalId: string

The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Returns

the logical ID as a stringified token. This value will only get resolved during synthesis.

Optional managedExecution

managedExecution?: any

Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.

Readonly node

node: Node

The tree node.

Optional operationPreferences

operationPreferences?: IResolvable | OperationPreferencesProperty

The user-specified preferences for how AWS CloudFormation performs a stack set operation.

Optional parameters

parameters?: IResolvable | (IResolvable | ParameterProperty)[]

The input parameters for the stack set template.

permissionModel

permissionModel: string

Describes how the IAM roles required for stack set operations are created.

Readonly stack

stack: Stack

The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly).

Optional stackInstancesGroup

stackInstancesGroup?: IResolvable | (IResolvable | StackInstancesProperty)[]

A group of stack instances with parameters in some specific accounts and Regions.

stackSetName

stackSetName: string

The name to associate with the stack set.

Readonly tags

tags: TagManager

Tag Manager which manages the tags for this resource

Optional tagsRaw

tagsRaw?: CfnTag[]

The key-value pairs to associate with this stack set and the stacks created from it.

Optional templateBody

templateBody?: string

The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Optional templateUrl

templateUrl?: string

Location of file containing the template body.

Static Readonly CFN_RESOURCE_TYPE_NAME

CFN_RESOURCE_TYPE_NAME: string

The CloudFormation resource type name for this resource class.

Accessors

Protected cfnProperties

  • get cfnProperties(): Record<string, any>

  • Returns Record<string, any>

creationStack

  • get creationStack(): string[]

  • Returns string[]

    the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.

ref

  • get ref(): string

  • Return a string that will be resolved to a CloudFormation { Ref } for this element.

    If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).

    Returns string

Protected updatedProperites

  • get updatedProperites(): {
        [key: string]: any;
    }

  • Deprecated

    Returns {
        [key: string]: any;
    }

    • [key: string]: any

    Deprecated

    use updatedProperties

    Return properties modified after initiation

    Resources that expose mutable properties should override this function to collect and return the properties object for this resource.

Protected updatedProperties

  • get updatedProperties(): {
        [key: string]: any;
    }

  • Return properties modified after initiation

    Resources that expose mutable properties should override this function to collect and return the properties object for this resource.

    Returns {
        [key: string]: any;
    }

    • [key: string]: any

Methods

_addResourceDependency

  • _addResourceDependency(target): void
  • Internal

    Called by the addDependency helper function in order to realize a direct dependency between two resources that are directly defined in the same stacks.

    Use resource.addDependency to define the dependency between two resources, which also takes stack boundaries into account.

    Parameters

    • target: CfnResource

    Returns void

_lockLogicalId

  • _lockLogicalId(): void
  • Internal

    Lock the logicalId of the element and do not allow any updates (e.g. via overrideLogicalId)

    This is needed in cases where you are consuming the LogicalID of an element prior to synthesis and you need to not allow future changes to the id since doing so would cause the value you just consumed to differ from the synth time value of the logicalId.

    For example:

    const bucket = new Bucket(stack, 'Bucket'); stack.exportValue(bucket.bucketArn) <--- consuming the logicalId bucket.overrideLogicalId('NewLogicalId') <--- updating logicalId

    You should most likely never need to use this method, and if you are implementing a feature that requires this, make sure you actually require it.

    Returns void

_removeResourceDependency

  • _removeResourceDependency(target): void
  • Internal

    Remove a dependency between this resource and other resources in the same stack.

    Parameters

    • target: CfnResource

    Returns void

_toCloudFormation

  • _toCloudFormation(): object
  • Internal

    Emits CloudFormation for this resource.

    Returns object

addDeletionOverride

  • Syntactic sugar for addOverride(path, undefined).

    Parameters

    • path: string

      The path of the value to delete

    Returns void

addDependency

  • Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

    This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.

    Parameters

    • target: CfnResource

    Returns void

addDependsOn

  • Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

    Parameters

    • target: CfnResource

    Returns void

    Deprecated

    use addDependency

addMetadata

  • Add a value to the CloudFormation Resource Metadata

    Parameters

    • key: string
    • value: any

    Returns void

    See

    https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

    Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

addOverride

  • Adds an override to the synthesized CloudFormation resource. To add a property override, either use addPropertyOverride or prefix path with "Properties." (i.e. Properties.TopicName).

    If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

    To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the `` itself will need to be escaped.

    For example,

    cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
    cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');

    would add the overrides

    "Properties": {
      "GlobalSecondaryIndexes": [
        {
          "Projection": {
            "NonKeyAttributes": [ "myattribute" ]
            ...
          }
          ...
        },
        {
          "ProjectionType": "INCLUDE"
          ...
        },
      ]
      ...
    }

    The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.

    Parameters

    • path: string

      The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.

    • value: any

      The value. Could be primitive or complex.

    Returns void

addPropertyDeletionOverride

  • Adds an override that deletes the value of a property from the resource definition.

    Parameters

    • propertyPath: string

      The path to the property.

    Returns void

addPropertyOverride

  • Adds an override to a resource property.

    Syntactic sugar for addOverride("Properties.<...>", value).

    Parameters

    • propertyPath: string

      The path of the property

    • value: any

      The value

    Returns void

applyRemovalPolicy

  • Sets the deletion policy of the resource based on the removal policy specified.

    The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

    The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:

    Parameters

    • policy: undefined | RemovalPolicy
    • Optional options: RemovalPolicyOptions

    Returns void

    See

    https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options

getAtt

  • Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.

    Parameters

    • attributeName: string

      The name of the attribute.

    • Optional typeHint: ResolutionTypeHint

    Returns Reference

getMetadata

  • Retrieve a value value from the CloudFormation Resource Metadata

    Parameters

    • key: string

    Returns any

    See

    https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

    Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

inspect

  • Examines the CloudFormation resource and discloses attributes

    Parameters

    • inspector: TreeInspector

      tree inspector to collect and process attributes

    Returns void

obtainDependencies

  • Retrieves an array of resources this resource depends on.

    This assembles dependencies on resources across stacks (including nested stacks) automatically.

    Returns Element[]

obtainResourceDependencies

  • Get a shallow copy of dependencies between this resource and other resources in the same stack.

    Returns CfnResource[]

overrideLogicalId

  • Overrides the auto-generated logical ID with a specific ID.

    Parameters

    • newLogicalId: string

      The new logical ID to use for this stack element.

    Returns void

removeDependency

  • Indicates that this resource no longer depends on another resource.

    This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.

    Parameters

    • target: CfnResource

    Returns void

Protected renderProperties

  • Parameters

    • props: Record<string, any>

    Returns Record<string, any>

replaceDependency

  • Replaces one dependency with another.

    Parameters

    • target: CfnResource

      The dependency to replace

    • newTarget: CfnResource

      The new dependency to add

    Returns void

Protected shouldSynthesize

  • Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.

    Returns boolean

    true if the resource should be included or false is the resource should be omitted.

toString

  • Returns string

    a string representation of this resource

Protected validateProperties

  • Parameters

    • _properties: any

    Returns void

Static _fromCloudFormation

  • _fromCloudFormation(scope, id, resourceAttributes, options): CfnStackSet
  • Internal

    Build a CfnStackSet from CloudFormation properties

    A factory method that creates a new instance of this class from an object containing the CloudFormation properties of this resource. Used in the @aws-cdk/cloudformation-include module.

    Parameters

    • scope: Construct
    • id: string
    • resourceAttributes: any
    • options: FromCloudFormationOptions

    Returns CfnStackSet

Static isCfnElement

  • Returns true if a construct is a stack element (i.e. part of the synthesized cloudformation template).

    Uses duck-typing instead of instanceof to allow stack elements from different versions of this library to be included in the same stack.

    Parameters

    • x: any

    Returns x is CfnElement

    The construct as a stack element or undefined if it is not a stack element.

Static isCfnResource

  • Check whether the given construct is a CfnResource

    Parameters

    • construct: IConstruct

    Returns construct is CfnResource

Static isConstruct

  • Checks if x is a construct.

    Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

    Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

    Parameters

    • x: any

      Any object

    Returns x is Construct

    true if x is an object created from a class which extends Construct.

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc