t04glovern/stackset-deployer.sh

## stackset-deployer.sh
#!/bin/bash

STACKSET_NAME="template-us-west-2-shared-services"
STACKSET_REGION="us-west-2"
STACKSET_DEPLOYMENT_REGIONS="us-west-2"
STACKSET_DEPLOYMENT_ACCOUNTS="123456789012"
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

STACK_STATE=$(aws cloudformation describe-stack-set --stack-set-name "$STACKSET_NAME" --region "$STACKSET_REGION" --query "StackSet.StackSetName" 2>/dev/null)
if [ -z "$STACK_STATE" ]
then
  aws cloudformation create-stack-set \
    --stack-set-name $STACKSET_NAME \
    --template-body file://template.yml \
    --parameters file://template-parameters.json \
    --capabilities "CAPABILITY_AUTO_EXPAND" "CAPABILITY_NAMED_IAM" \
    --administration-role-arn "arn:aws:iam::$ACCOUNT_ID:role/service-role/AWSControlTowerStackSetRole" \
    --execution-role-name "AWSControlTowerExecution" \
    --permission-model "SELF_MANAGED" \
    --region "$STACKSET_REGION"

  aws cloudformation create-stack-instances --stack-set-name "$STACKSET_NAME" \
    --regions "$STACKSET_DEPLOYMENT_REGIONS" \
    --accounts "$STACKSET_DEPLOYMENT_ACCOUNTS"
else
  aws cloudformation update-stack-set \
    --stack-set-name $STACKSET_NAME \
    --template-body file://template.yml \
    --parameters file://template-parameters.json \
    --capabilities "CAPABILITY_AUTO_EXPAND" "CAPABILITY_NAMED_IAM" \
    --administration-role-arn "arn:aws:iam::$ACCOUNT_ID:role/service-role/AWSControlTowerStackSetRole" \
    --execution-role-name "AWSControlTowerExecution" \
    --permission-model "SELF_MANAGED" \
    --region "$STACKSET_REGION"

  if $(aws cloudformation update-stack-instances --stack-set-name "$STACKSET_NAME" --region "$STACKSET_REGION" \
    --regions "$STACKSET_DEPLOYMENT_REGIONS" \
    --accounts "$STACKSET_DEPLOYMENT_ACCOUNTS") ; then
    :
  else
    aws cloudformation create-stack-instances --stack-set-name "$STACKSET_NAME" --region "$STACKSET_REGION" \
    --regions "$STACKSET_DEPLOYMENT_REGIONS" \
    --accounts "$STACKSET_DEPLOYMENT_ACCOUNTS"
  fi
fi
	#!/bin/bash

	STACKSET_NAME="template-us-west-2-shared-services"
	STACKSET_REGION="us-west-2"
	STACKSET_DEPLOYMENT_REGIONS="us-west-2"
	STACKSET_DEPLOYMENT_ACCOUNTS="123456789012"
	ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

	STACK_STATE=$(aws cloudformation describe-stack-set --stack-set-name "$STACKSET_NAME" --region "$STACKSET_REGION" --query "StackSet.StackSetName" 2>/dev/null)
	if [ -z "$STACK_STATE" ]
	then
	aws cloudformation create-stack-set \
	--stack-set-name $STACKSET_NAME \
	--template-body file://template.yml \
	--parameters file://template-parameters.json \
	--capabilities "CAPABILITY_AUTO_EXPAND" "CAPABILITY_NAMED_IAM" \
	--administration-role-arn "arn:aws:iam::$ACCOUNT_ID:role/service-role/AWSControlTowerStackSetRole" \
	--execution-role-name "AWSControlTowerExecution" \
	--permission-model "SELF_MANAGED" \
	--region "$STACKSET_REGION"

	aws cloudformation create-stack-instances --stack-set-name "$STACKSET_NAME" \
	--regions "$STACKSET_DEPLOYMENT_REGIONS" \
	--accounts "$STACKSET_DEPLOYMENT_ACCOUNTS"
	else
	aws cloudformation update-stack-set \
	--stack-set-name $STACKSET_NAME \
	--template-body file://template.yml \
	--parameters file://template-parameters.json \
	--capabilities "CAPABILITY_AUTO_EXPAND" "CAPABILITY_NAMED_IAM" \
	--administration-role-arn "arn:aws:iam::$ACCOUNT_ID:role/service-role/AWSControlTowerStackSetRole" \
	--execution-role-name "AWSControlTowerExecution" \
	--permission-model "SELF_MANAGED" \
	--region "$STACKSET_REGION"

	if $(aws cloudformation update-stack-instances --stack-set-name "$STACKSET_NAME" --region "$STACKSET_REGION" \
	--regions "$STACKSET_DEPLOYMENT_REGIONS" \
	--accounts "$STACKSET_DEPLOYMENT_ACCOUNTS") ; then
	:
	else
	aws cloudformation create-stack-instances --stack-set-name "$STACKSET_NAME" --region "$STACKSET_REGION" \
	--regions "$STACKSET_DEPLOYMENT_REGIONS" \
	--accounts "$STACKSET_DEPLOYMENT_ACCOUNTS"
	fi
	fi