Skip to content

Instantly share code, notes, and snippets.

@jchrisfarris
Created August 29, 2020 20:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jchrisfarris/b9613fa9f21eeb4a356b5e2840b190c8 to your computer and use it in GitHub Desktop.
Save jchrisfarris/b9613fa9f21eeb4a356b5e2840b190c8 to your computer and use it in GitHub Desktop.

Create the Stackset for the child accounts

aws cloudformation create-stack-set --stack-set-name config-recorder-org-deploy \
--capabilities CAPABILITY_NAMED_IAM \
--template-url https://BUCKETNAME.s3.amazonaws.com/cloudformation/ConfigServiceRecorder-Template.yaml \
--auto-deployment Enabled=true,RetainStacksOnAccountRemoval=false \
--permission-model SERVICE_MANAGED --parameters \
	ParameterKey=pOrganizationConfigBucket,ParameterValue=CONFIG_BUCKET \
	ParameterKey=pSecurityAccountId,ParameterValue=CHANGEME

Now deploy it by creating the stack instances

aws cloudformation create-stack-instances --stack-set-name config-recorder-org-deploy \
--deployment-targets OrganizationalUnitIds="r-CHANGEME" \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions `aws ec2 describe-regions  | jq -r '.Regions[].RegionName'`

Now create the stackset for the payer

aws cloudformation create-stack-set --stack-set-name config-recorder-payer-deploy \
--capabilities CAPABILITY_NAMED_IAM \
--template-url https://BUCKETNAME.s3.amazonaws.com/cloudformation/ConfigServiceRecorder-Template.yaml \
--parameters \
	ParameterKey=pOrganizationConfigBucket,ParameterValue=CONFIG_BUCKET \
	ParameterKey=pSecurityAccountId,ParameterValue=CHANGEME

And deploy that

aws cloudformation create-stack-instances --stack-set-name config-recorder-payer-deploy \
--accounts PAYER_ACCOUNT_ID \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions `aws ec2 describe-regions  | jq -r '.Regions[].RegionName'`

Delete the stack instances with this

aws cloudformation delete-stack-instances --stack-set-name config-recorder-payer-deploy \
--accounts PAYER_ACCOUNT_ID \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions `aws ec2 describe-regions  | jq -r '.Regions[].RegionName'` --no-retain-stacks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment