Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Create the Stackset for the child accounts

aws cloudformation create-stack-set --stack-set-name config-recorder-org-deploy \
--capabilities CAPABILITY_NAMED_IAM \
--template-url https://BUCKETNAME.s3.amazonaws.com/cloudformation/ConfigServiceRecorder-Template.yaml \
--auto-deployment Enabled=true,RetainStacksOnAccountRemoval=false \
--permission-model SERVICE_MANAGED --parameters \
	ParameterKey=pOrganizationConfigBucket,ParameterValue=CONFIG_BUCKET \
	ParameterKey=pSecurityAccountId,ParameterValue=CHANGEME

Now deploy it by creating the stack instances

aws cloudformation create-stack-instances --stack-set-name config-recorder-org-deploy \
--deployment-targets OrganizationalUnitIds="r-CHANGEME" \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions `aws ec2 describe-regions  | jq -r '.Regions[].RegionName'`

Now create the stackset for the payer

aws cloudformation create-stack-set --stack-set-name config-recorder-payer-deploy \
--capabilities CAPABILITY_NAMED_IAM \
--template-url https://BUCKETNAME.s3.amazonaws.com/cloudformation/ConfigServiceRecorder-Template.yaml \
--parameters \
	ParameterKey=pOrganizationConfigBucket,ParameterValue=CONFIG_BUCKET \
	ParameterKey=pSecurityAccountId,ParameterValue=CHANGEME

And deploy that

aws cloudformation create-stack-instances --stack-set-name config-recorder-payer-deploy \
--accounts PAYER_ACCOUNT_ID \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions `aws ec2 describe-regions  | jq -r '.Regions[].RegionName'`

Delete the stack instances with this

aws cloudformation delete-stack-instances --stack-set-name config-recorder-payer-deploy \
--accounts PAYER_ACCOUNT_ID \
--operation-preferences MaxConcurrentCount=20,FailureToleranceCount=20,RegionOrder=us-east-1 \
--regions `aws ec2 describe-regions  | jq -r '.Regions[].RegionName'` --no-retain-stacks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.