search

aws-cloudformation / aws-cloudformation-resource-providers-cloudformation

The CloudFormation Resource Provider Package For AWS CloudFormation
https://aws.amazon.com/cloudformation/
Apache License 2.0
48 stars 35 forks source link

AWS::CloudFormation::StackSet does not support AccountFilterType of UNION #100

Open mbarneyjr opened 2 years ago

mbarneyjr commented 2 years ago

When defining an AWS::CloudFormation::StackSet resource with a PermissionModel of SERVICE_MANAGED and the following StackInstancesGroup:

        - DeploymentTargets:
            OrganizationalUnitIds:
              - !Ref OrganizationRoot
          Regions:
            - us-east-1

everything works as expected - stack instances are created in every account within the specified OU. Now if I want to include other accounts, as described here, I update that to the following lines:

        - DeploymentTargets:
            OrganizationalUnitIds:
              - !Ref OrganizationRoot
            AccountFilterType: UNION
            Accounts:
              - !Ref AWS::AccountId
          Regions:
            - us-east-1

But that throws an error that UNION is not a valid AccountFilterType, even though there's documentation (and raw API calls) supporting otherwise

UnbiasedGoat commented 8 months ago

We seem to be getting a very similar error to this with SERVICE_MANAGED - we set accountFilterType in cdk to UNION, when it deploys with any value with the Cloudformation where we include both Accounts and OrganizationUnits, we get the error :

Resource handler returned message: "Invalid request provided: AccountFilterType should be specified when both OrganizationalUnitIds and Accounts are provided" even though it exists in our template or should default to Union - AccountFilterType with UNION does not seem to be working properly

moltar commented 4 months ago

I am getting this on one org, but not another. Really strange.