john-bakker
commented
4 years ago An additional idea would be to support Organizational Units as well, as this is being supported in the AWS api as well.
Open abelmokadem opened 4 years ago
john-bakker
commented
4 years ago An additional idea would be to support Organizational Units as well, as this is being supported in the AWS api as well.
jonshern
commented
4 years ago I would be good with just the organization unit support
arundeepkurni
commented
4 years ago There is way, you can use "for_each" for multiple accounts
resource "aws_cloudformation_stack_set_instance" "config_instance"{ for_each = local.aws_accounts account_id = each.value region = "us-east-1" stack_set_name = aws_cloudformation_stack_set.config.name }
justinretzolk
commented
3 years ago Hi @abelmokadem 👋 Thank you for taking the time to file this issue! It looks like this functionality was added in the v3.62.0 release of the provider, specifically with this pull request.
Can you confirm whether this does indeed resolve the issue you were previously running into?
iamgeef
commented
2 years ago Suppporting multiple regions should also be included - through console and API I can add a stack instance to multiple regions, seems that the [cloudformation_stack_set_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set_instance) resource only supports a single region.
Entr04y
commented
2 years ago The PR doesn't appear to address the use case of deploying stack sets to multiple accounts that are not neatly grouped under an OU. OU boundaries don't always align with stack deployment needs, so it would be good to be able to specify a simple list of account ID's to deploy the stack to. The for each solution runs the stack instances serially and therefore takes a very long time to complete ( a test run with a single role across eight AWS accounts took over 13 minutes to deploy )
Fennerr
commented
1 year ago To follow up on @Entr04y's comment on how OU boundaries not always aligning with stack deployment needs - I would like to define a locals variable like this
locals {
all_accounts = data.aws_organizations_organization.current_org.accounts
excluded_accounts = ["excluded_account_id_1", "excluded_account_id_2"]
included_accounts = [for account in local.all_accounts : account.id if !contains(local.excluded_accounts, account.id)]
}And then deploy into the included_accounts like so:
resource "aws_cloudformation_stack_set_instance" "stack_set_instance" {
deployment_targets {
account_ids = local.included_accounts
}
region = var.region
stack_set_name = aws_cloudformation_stack_set.organization_stack_set.name
}Is there any update on this?
Community Note
Description
Currently there is a
resource_aws_cloudformation_stack_set_instanceresource. The problem with this resource is that it can only create a stack set instance in one account at a time. The next problem is that stack set can only handle one operation at a time. This means that if you need to create 5 stack set instances using the same stack set, that you will have to disable parallelism for your entire terraform project. Or add dependencies between the stack set instances. Both are not desirable, we have over 30 accounts.The AWS API, however, supports multiple account ids when creating stack set instances. I'm a bit confused as to why this was implemented with a single account id and not multiple account ids.
New or Affected Resource(s)
Allow the use of multiple account ids with the
resource_aws_cloudformation_stack_set_instanceresource or create a new resourceresource_aws_cloudformation_stack_set_instances.Potential Terraform Configuration
References
10969