Module: `cloudformation-stack-set`

Terraform module to provision Cloudformation Stack Set and Administrator IAM role.

Usage

This example creates a role with the name cp-prod-app with permission to assume `` Chamber with S3 bucket as parameter store, and gives permission to the entities specified in assume_role_arns to assume the role.

module "default" {
  source = "git::https://github.com/cloudposse/terraform-aws-cloudformation-stack-set.git?ref=init"

  enabled            = "true"
  namespace          = "cp"
  stage              = "prod"
  name               = "app"
  template_url       = "https://aws-quickstart.s3.amazonaws.com/quickstart-compliance-cis-benchmark/templates/main.template"
  executor_role_name = "cis-executor"

  parameters         = {
    NotificationEmailAddressForCloudWatchAlarms = "[email protected]"
    ConfigureCloudtrail = "Yes"
    ConfigureConfig = "Yes"
    ProfileLevel = "Level 2"
    QSS3BucketName = "aws-quickstart"
    QSS3KeyPrefix = "quickstart-compliance-cis-benchmark/"
  }

  capabilities = ["CAPABILITY_IAM"]
}

Variables

Required Variables

template_url (any) required: Amazon S3 bucket URL location of a file containing the CloudFormation template body. Maximum file size: 460,800 bytes

Optional Variables

capabilities (list(string)) optional

A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND

Default value: [ ]

executor_role_name (string) optional

Name of the IAM Role in all target accounts for Stack Set operations

Default value: "AWSCloudFormationStackSetExecutionRole"

parameters (map(string)) optional

Key-value map of input parameters for the Stack Set template. (e.g. map("BusinessUnit","ABC")

Default value: { }

Context Variables

The following variables are defined in the context.tf file of this module and part of the terraform-null-label pattern.

namespace (string) required

Namespace (e.g. cp or cloudposse)
Required: Yes

Default value: ``

stage (string) required

Stage (e.g. prod, dev, staging)
Required: Yes

Default value: ``

attributes (list(string)) optional

Additional attributes (e.g. "1")
Required: No

Default value: [ ]

delimiter (string) optional

Delimiter between name, namespace, stage and attributes
Required: No

Default value: "-"

enabled (string) optional

Set to false to prevent the module from creating any resources
Required: No

Default value: "true"

name (string) optional

Name
Required: No

Default value: "cis"

tags (map(string)) optional

Additional tags (e.g. map("BusinessUnit","ABC")
Required: No

Default value: { }

Outputs

administrator_role_arn: Amazon Resource Number (ARN) of the IAM Role in the administrator account
executor_role_name: Name of the IAM Role in all target accounts for Stack Set operations
name: Name of the Stack Set

Dependencies

Providers

aws

Modules

Name	Version	Source	Description
`admin_role`	tags/0.4.0	`git::https://github.com/cloudposse/terraform-aws-iam-role.git`	n/a
`label`	tags/0.5.3	`git::https://github.com/cloudposse/terraform-null-label.git`	Define composite variables for resources

Resources

The following resources are used by this module:

aws_cloudformation_stack_set.default (resource)

Data Sources

The following data sources are used by this module:

aws_iam_policy_document.admin (data source)

Module: cloudformation-stack-set

Usage​

Variables​

Required Variables​

Optional Variables​

Context Variables​

Outputs​

Dependencies​

Providers​

Modules​

Resources​

Data Sources​