When you enable a resource directory and use the management account or a delegated administrator account of the resource directory to create a service-managed stack group, Resource Orchestration Service (ROS) can use service-managed permissions to deploy stacks within member accounts.
- Log on to the ROS console with the management account or a delegated administrator account.
- In the left-side navigation pane, click Stack Groups.
- In the upper-left corner, select the region where you want to create the stack group from the region drop-down list.
- On the Stack Groups page, click Create Stack Group.
- In the Select Template step, select Select an Existing Template or Use a Sample Template, and click Next.
- In the Configure Template Parameters step, configure Stack Group Name, Stack Group Description, and other parameters, and then click Next. Note The parameters that you must configure vary based on the template. Follow on-screen instructions to configure the parameters.
- In the Configure Stack Group step, set Permissions to Service-managed Permissions and click Next.
- In the Set Deployment Options step, configure the following parameters and click Next.
Parameter Description Resource Directories The resource directory in which you can select a folder to deploy stacks in all member accounts in the folder.
If you select the Root folder, ROS deploys the stacks within all the member accounts in the resource directory.
Automatic Deployment Specifies whether ROS deploys stack instances within member accounts when you change the member accounts in the folder. Valid values:
Note You can perform the following operations to modify automatic deployment settings: On the Stack Group Information tab, click Edit Automatic Deployment. In the dialog box that appears, modify the parameter settings.
- Enabled: If you add member accounts to the folder after you enable automatic deployment, the stack group deploys its stack instances within the accounts. If you delete accounts from the folder, the stack group deletes its stack instances within the accounts.
- Disabled: After you disable automatic deployment, the stack instances remain unchanged when you change member accounts in the folder.
Account Removal Behavior Specifies whether to delete stacks within member accounts when you delete the member accounts. Valid values:
- Delete Stacks: When you delete member accounts from the folder, the stacks within the member accounts are deleted.
- Retain Stacks: When you delete member accounts from the folder, the stacks within the member accounts are retained.
Regions The regions where you want to deploy stacks. Resource Group The resource group in which you manage stack groups.
Select the resource group to which you want to add the stack group. If you do not specify this parameter, the stack group is added to the default resource group.
For more information about how to create a resource group, see Create a resource group.
Maximum Number of Concurrent Accounts The maximum number of accounts within which multiple stacks are deployed at a time in each region.
For more information about how to specify Maximum Number of Concurrent Accounts, see Stack group deployment options.
Fault Tolerance The maximum number of accounts within which stack operation failures can occur in each region. When the value is exceeded, ROS stops the operation in the region. If ROS stops the operation in one region, ROS stops the operation in other regions.
For more information about how to specify Fault Tolerance, see Stack group deployment options.Note If you do not specify Accounts and Regions, ROS creates only the stack group but not stack instances. If you want to deploy stacks within specified accounts in specified regions, you must create stack instances. For more information, see Step 4: (Optional) Create stack instances.
- In the Check and Confirm step, check whether the information about the stack group is valid and click Create Stack Group.
What to do next
After the stack group is created, you can view the stack group that is created within the management account or delegated administrator account in your resource directory on the Stack Groups page.
Click the name of the stack group. Click the Instances tab to view the status of stack instances that you create within the member accounts. If the stack instances are in the Current state, the stacks that correspond to the stack instances are deployed. In this case, you can log on to the ROS console with the member accounts to view the stacks in the specified regions. For more information about how to log on to the ROS console with member accounts, see Access a member.