anupinder
commented
6 months ago I am looking for same feature
Open robertjan-b opened 7 months ago
anupinder
commented
6 months ago I am looking for same feature
phlrnnr
commented
6 months ago This would be a great feature enhancement. ServiceManaged stack sets require you add an OU. When trying to deploy using StackSetTarget.from_accounts, this fails when the DeploymentType is service_managed.
You get this error: Resource handler returned message: "Invalid request provided: OrganizationalUnitIds should be specified in SERVICE_MANAGED mode"
It seems that StackSetTarget.from_organizational_units already supports:
additional_accounts (filter type = Union) exclude_accounts (filter type = Difference)
It just does not support only_these_accounts (filter type = Intersection)
douglasnaphas
commented
5 months ago I desperately need this.
In the meantime, does anyone have a workaround for modifying the underlying L1 CfnStackSet construct to modify the AccountFilterType to "INTERSECTION"?
I tried, in Python, with
cfn_stack_set = stack_set.node.default_child
cfn_stack_set.stack_instances_group[1].deployment_targets.account_filter_type = "INTERSECTION"
# [1] because it's my second Stack Instances Group that I want to modifybased on the escape-hatch method described here:
https://docs.aws.amazon.com/cdk/v2/guide/cfn_layer.html#cfn_layer_resource
but I got:
TypeError: 'InterfaceDynamicProxy' object is not subscriptableprint(cfn_stack_set.stack_instances_group)
print(dir(cfn_stack_set.stack_instances_group))gives
<jsii._reference_map.InterfaceDynamicProxy object at 0x7fc82886f460>
['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattr__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_delegates']Does anyone know how I can edit the L1 CfnStackSet as a workaround for not currently being able to set an AccountFilterType of INTERSECTION for a service-managed stack with this construct?
Daniel-ZA
commented
2 months ago I desperately need this.
In the meantime, does anyone have a workaround for modifying the underlying L1 CfnStackSet construct to modify the AccountFilterType to "INTERSECTION"?
I tried, in Python, with
cfn_stack_set = stack_set.node.default_child cfn_stack_set.stack_instances_group[1].deployment_targets.account_filter_type = "INTERSECTION" # [1] because it's my second Stack Instances Group that I want to modifybased on the escape-hatch method described here:
https://docs.aws.amazon.com/cdk/v2/guide/cfn_layer.html#cfn_layer_resource
but I got:
TypeError: 'InterfaceDynamicProxy' object is not subscriptableprint(cfn_stack_set.stack_instances_group) print(dir(cfn_stack_set.stack_instances_group))gives
<jsii._reference_map.InterfaceDynamicProxy object at 0x7fc82886f460> ['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattr__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_delegates']Does anyone know how I can edit the L1 CfnStackSet as a workaround for not currently being able to set an AccountFilterType of INTERSECTION for a service-managed stack with this construct?
I can do this in TypeScript by doing:
const set = new ss.StackSet(...)
const child = set.node.defaultChild as cdk.CfnStackSet
child.addPropertyOverride('StackInstancesGroup.0.DeploymentTargets.AccountFilterType', 'INTERSECTION')
I want to deploy a StackSet to an OU, but I only want to deploy it to a sub-set of accounts in the same OU. In CloudFormation I would use the AccountFilterType: INTERSECTION (StackSets deploys to the accounts specified in Accounts parameter). However I cannot generate this code with the L2 StackSet Construct.