If you enable a resource directory and use the management account or a delegated administrator account in the resource directory to create a stack group that has service-managed permissions, you can enable automatic deployment for the stack group. If member accounts of folders in the resource directory are changed, Resource Orchestration Service (ROS) can automatically deploy stacks within the member accounts. This helps you manage stacks within member accounts in a centralized manner. You can modify automatic deployment settings based on your business requirements.

Prerequisites

A stack group that has service-managed permissions is created. For more information, see Step 3: Create a stack group.

Scenarios

If a member account is added to the folder to which a stack group belongs after you enable automatic deployment, ROS automatically deploys the stacks in the stack group within the member account. If a member account is deleted from the folder, ROS automatically deletes the stacks in the stack group from the member account.

Automatic deployment is suitable for the following scenarios:

  • Scenario 1: A member account is moved between folders.

    If you enable automatic deployment for the stack group whose resource directory contains Folder 1 and Folder 2 when a member account of Folder 1 is moved to Folder 2, ROS automatically deletes the stacks in the specified region from the member account of Folder 1, creates the same stacks, and then adds the stacks to the specified region within the member account of Folder 2.

  • Scenario 2: A member account is added to a folder.

    If you enable automatic deployment for a stack group whose folder contains stacks when Account A is added to the folder, ROS creates the stacks in a specified region within Account A. If Account B is added to the folder when the stacks are being created within Account A, ROS automatically creates the stacks within Account A and then creates the stacks in a specified region within Account B.

Note You can enable automatic deployment only for stack groups. You cannot enable automatic deployment for folders, member accounts, and regions.

Procedure

  1. Log on to the ROS console with a management account or a delegated administrator account in your resource directory.
    Note The logon account must be the same as the account within which you create the stack group.
  2. In the left-side navigation pane, click Stack Groups.
  3. In the upper-left corner, select the region where the stack group is deployed from the region drop-down list.
  4. Click the name of the stack group for which you want to enable automatic deployment.
  5. Click the Stack Group Information tab. In the Deployment Configurations section, click Edit Automatic Deployment.
  6. In the Edit Automatic Deployment dialog box, set Automatic Deployment to Enabled and specify Account Removal Behavior.
    For more information about automatic deployment and account removal, see Parameters.
    Important If you set Account Removal Behavior to Retain Stacks, the stack and the relevant resources are retained in the stack group when you delete the account. In this case, the resources remain unchanged. However, the resources no longer belong to the stack group. You cannot reassociate the stack with the stack group or a new stack group.
  7. Click Save.

Regions

When you create or move member accounts of a folder, the regions in which automatic deployment takes effect vary based on the regions of the stacks in the stack group.

If the stack group contains stacks, automatic deployment takes effect in the regions to which all stacks belong. If the stack group does not contain stacks, automatic deployment takes effect in the regions in which stacks are created for the first time.