Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make a StackSet friendly Cloudformation template. #77

Open
matthewhembree opened this issue Dec 16, 2023 · 0 comments
Open

Make a StackSet friendly Cloudformation template. #77

matthewhembree opened this issue Dec 16, 2023 · 0 comments

Comments

@matthewhembree
Copy link

I have many accounts that I would like resource detail on.

The manual way to accomplish this, isn't an acceptable workflow:

CleanShot 2023-12-15 at 18 15 44

I can't imagine a CZ user not wanting the additional resource detail for their entire AWS footprint. I would think that demographic would be the exception, rather than the rule.

As a fallback, I have modified the resource owner template so that when it is deployed as a StackSet, it will use a deterministic name for the IAM Role that is created in the child accounts.

Ideally, there would be an all-in-one template file as StackSets cannot use nested stacks with service managed permissions.

Maybe there's a valid reason for needing the sub stacks in the current method. I would think that there's value in connecting audit and CloudTrail owner accounts. Any Organization setup via AWS Control Tower would likely have dedicated accounts for those two account types. So unless someone is running the recommended/automatic Stack across their entire Landing Zone, I don't see those account types ever getting connected appropriately.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant