Create the Stackset for the child accounts
aws cloudformation create-stack-set --stack-set-name config-recorder-org-deploy \
--capabilities CAPABILITY_NAMED_IAM \
--template-url https://BUCKETNAME.s3.amazonaws.com/cloudformation/ConfigServiceRecorder-Template.yaml \
--auto-deployment Enabled=true,RetainStacksOnAccountRemoval=false \
--permission-model SERVICE_MANAGED --parameters \
ParameterKey=pOrganizationConfigBucket,ParameterValue=CONFIG_BUCKET \
ParameterKey=pSecurityAccountId,ParameterValue=CHANGEME
Now deploy it by creating the stack instances
aws cloudformation create-stack-instances --stack-set-name config-recorder-org-deploy \
--deployment-targets OrganizationalUnitIds=" r-CHANGEME" \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions ` aws ec2 describe-regions | jq -r ' .Regions[].RegionName' `
Now create the stackset for the payer
aws cloudformation create-stack-set --stack-set-name config-recorder-payer-deploy \
--capabilities CAPABILITY_NAMED_IAM \
--template-url https://BUCKETNAME.s3.amazonaws.com/cloudformation/ConfigServiceRecorder-Template.yaml \
--parameters \
ParameterKey=pOrganizationConfigBucket,ParameterValue=CONFIG_BUCKET \
ParameterKey=pSecurityAccountId,ParameterValue=CHANGEME
aws cloudformation create-stack-instances --stack-set-name config-recorder-payer-deploy \
--accounts PAYER_ACCOUNT_ID \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions ` aws ec2 describe-regions | jq -r ' .Regions[].RegionName' `
Delete the stack instances with this
aws cloudformation delete-stack-instances --stack-set-name config-recorder-payer-deploy \
--accounts PAYER_ACCOUNT_ID \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions ` aws ec2 describe-regions | jq -r ' .Regions[].RegionName' ` --no-retain-stacks