Stack groups extend the functionality of stacks by enabling you to manage stacks across multiple accounts and regions with a single operation. With an administrator account, you can define and manage an ROS template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions. Stack groups simplify workflows and minimize maintenance costs.
A stack group lets you use a single ROS template to create stacks in multiple Alibaba Cloud accounts across regions. All resources included in each stack are defined by the ROS template of the stack group. When you create a stack group, you must specify the template, as well as any parameters and capabilities that the template requires.
After you define a stack group, you can create, update, or delete stacks in the target accounts and regions you specify. When you create, update, or delete stacks, you can also specify operation preferences. For example, you can specify the number of accounts in which operations are performed on stacks concurrently, the order of regions in which you want the operations to be performed, and the failure tolerance beyond which stack operations stop.
Stack groups are region-specific. If you create a stack group in a region such as China (Hangzhou), you cannot view the stack group or change it in other regions.
A stack instance is a reference to a stack in a target account within a region. A stack instance corresponds to a stack. However, a stack instance can exist without a stack. For example, if the stack could not be created for some reason, the stack instance shows the reason for the stack creation failure. A stack instance only belongs to one stack group.
- Administrator account
An administrator account is the Alibaba Cloud account in which you create stack groups. After logging on to the Resource Orchestration Service (ROS) console with the administrator account, you can create a stack group and its stack instances. The stack corresponding to each stack instance is created in a target account within a region.
- Target account
A target account is the account into which you create, update, or delete one or more stacks in your stack group. Before you can use a stack group to create stacks in a target account, you must set up a trust relationship between the administrator and target accounts. An administrator account can also be a target account.
Relationship among stack groups, stack instances, stacks, regions, and accounts
- Stack groups are region-specific. For example, stack groups created in the China (Hangzhou) region cannot be viewed in the China (Beijing) region.
- Stack groups can be used to provision resources across multiple accounts and regions. Assume that a stack group is created with an administrator account (Account A). You can create multiple stack instances in the stack group. When you create stack instances, you can specify the target accounts and regions. In the stack group created with Account A, you can create Stack Instance 1 for Account B and Stack Instance 2 for Account C within the China (Hangzhou) region, and create Stack Instance 3 for Account C within the China (Beijing) region.
- A stack instance is a reference to a stack
- A stack is created when you create a stack instance.
- When you delete a stack instance, you can choose to delete or retain its corresponding stack.
- Deleting a stack will not affect the stack instance.
Stack group deployment options
You can specify the maximum number or percentage of target accounts in which an operation is performed at one time. For example, if you are deploying stacks to five target accounts within two regions, setting MaxConcurrentCount to 3 or MaxConcurrentPercentage to 60 will deploy stacks to three accounts within the first region, then the other two accounts within the first region, before moving on to the next region and performing the same operation.
If the specified MaxConcurrentPercentage does not represent a whole number of your specified accounts, ROS rounds down. For example, if you are deploying stacks to five target accounts, and you set MaxConcurrentPercentage to 50, ROS deploys two stacks concurrently.
You can specify the maximum number or percentage of stack operation failures that can occur per region, beyond which ROS stops the operation automatically. For example, if you are creating stacks in five target accounts within two regions, setting FailureToleranceCount to 2 or FailureTolerancePercentage to 40 means that a maximum of two stack creation failures can occur in a region without stopping the operation. If stack creation fails in a third target account within the same region, ROS stops the operation. If the number of target accounts in which stack creation fails exceeds 2 in neither regions, ROS considers the operation successful.
If the specified FailureTolerancePercentage does not represent a whole number of your specified accounts, ROS rounds down. For example, if you are deploying stacks to five target accounts, and you set FailureTolerancePercentage to 50, ROS allows a maximum of two target accounts in which stack creation can fail.
Configuring the preceding parameters helps to control the time and number of failures allowed to successfully perform stack group operations, and to prevent you from losing stack resources.
|Grant permissions on stack group operations||Before you use a stack group, create the necessary RAM roles and grant required permissions to ROS.|
|Create a stack group||When you create a stack group, you must specify an ROS template that you want to use to create stacks, the target accounts in which you want to create stacks, and the regions in which you want to deploy stacks to your target accounts. A stack group ensures consistent deployment of identical stack resources with identical settings to all specified target accounts within the regions you choose.|
|Add a stack instance||In a stack group, you can add stack instances by specifying target accounts and regions.|
|Update a stack group||You can update a stack group to modify its template, parameter settings, administrator role, target accounts, and regions.|
|Override stack group parameter values||To modify the parameter values for stacks in a stack group, you can override the values specified in the stack group.|
|Delete a stack group||When you no longer need a stack group and its stacks, you can delete the stacks and all of their associated resources from the specified target accounts within the specified regions.|