What are StackSets?
- C/R/U/D stacks across multiple accounts/regions in a single operation
- Has to be a stack deployed from admin account
- Target account is where you create/update/delete 1+ stacks in the set
- Deploy stack sets to any account where you’re allowed
- Create IAM roles that set up trust between accounts
- Deploy stack instances to accounts managed by AWS Orgs
- IAM roles and trust are created for you
- (This is nice, but more up-front work)
Pipelines for StackSets
- In e.g. codeBuild, the buildspec file has changes against stack sets
Where can you deploy StackSets?
- Across accounts and regions
Which types of accounts are required for StackSets?
- An admin acct and target accounts
What permission models are used with StackSets?
- Self-managed (IAM DIY)
- Service-managed (AWS Orgs integration)