search

aws-solutions / aws-control-tower-customizations

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
Apache License 2.0
356 stars 205 forks source link

Create Cloudformation Stackset directly at the OU Level #57

Closed codemaestros-dev closed 3 years ago

codemaestros-dev commented 3 years ago

So we are starting to use this awesome project (thank you so much for putting this together) and really liking it so far, but I do have one question, wouldn't it be better if the stacksets were created directly as "Deploy to Organizational Unit" instead of doing what the manifest parser seems to be doing here: https://github.com/awslabs/aws-control-tower-customizations/blob/master/source/manifest/manifest_parser.py#L198 which is to build a list of accounts from the provided OU name.

Apologies, if this is a stupid question, but I think it would be great if there was some documentation around why the OU feature for cloudformation stacksets is not being used.

groverlalit commented 3 years ago

Thanks @codemaestros-dev for sharing your feedback. The solution currently only supports self-managed stack sets that only supports 'Accounts' property. The ability to deploy at the OU level is only supported for service-managed stack sets via DeploymentTargets property. API Reference: Link