If you want to automatically deploy stacks in specified accounts and regions, you can use the administrator account to create a stack group by using the self-managed permission model. This way, Resource Orchestration Service (ROS) uses self-managed permissions to deploy stacks within the accounts and regions.
The self-managed permissions are granted. For more information, see Step 1: Grant self-managed permissions.
Before you create a stack group, you must make sure that the following accounts are available:
Administrator account (Account A): the account within which you create a stack group.
Execution account (Account B): the account into which you deploy stacks in your stack group.
The administrator account and the execution account can be the same Alibaba Cloud account. For more information about administrator and execution accounts, see Terms.
This topic describes how to create a stack group to deploy stacks. In this example, the stack group is created within Account A. The stacks are deployed within Account B in the China (Hangzhou) and China (Beijing) regions.
Log on to the ROS console by using Account A.
In the left-side navigation pane, click Stack Groups.
In the top navigation bar, select the region where you want to create a stack group from the region drop-down list.
On the Stack Groups page, click Create Stack Group.
In the Select Template step, set Specify Template to one of the following values, specify a template based on your business requirements, and then click Next.
Select an Existing Template: If you use this value, specify Template Import Method and configure the template parameters. Valid values of Template Import Method:
Use URL: Enter the URL of the template and click Extract JSON Content. The template content is autopopulated.
If you want to use the URL of a ROS template that is stored in an Object Storage Service (OSS) bucket, you must configure cross-origin resource sharing (CORS). For more information, see Configure CORS for a template.
Enter Template Content: In the Template Content code editor, enter the content of the JSON or YAML template. For more information about how to create a JSON or YAML template, see Template structure.
My Templates: Select an existing template and a template version. The template content is autopopulated. For more information about how to create a template, see Create a template.
Shared Template: Select a shared template and a template version. The template content is autopopulated. For more information about how to share a template, see Share a template with Alibaba Cloud accounts.
Use a Sample Template: If you use this value, select a sample template from the Sample Templates drop-down list. The template content is autopopulated.
In the Configure Parameters step, configure the Stack Group Name and Stack Group Description parameters, and click Next.
In the Configure Stack Group step, select Self-managed Permissions, select AliyunROSStackGroupAdministrationRole from the Admin Role drop-down list, set Execution Role to AliyunROSStackGroupExecutionRole, and then click Next.Note
The administrator role and the execution role are the Resource Access Management (RAM) roles that you created for the administrator and execution accounts when you granted self-managed permissions. For more information, see Step 1: Grant self-managed permissions.
In the Set Deployment Options step, configure the following parameters and click Next.Note
The parameters that you must configure vary based on the template you use. Follow the on-screen instructions to configure the parameters.
The accounts within which you want to deploy stacks.
Set the Deployment Locations parameter to one of the following values and enter values in the Accounts field based on your business requirements:
Deploy Stacks Within Accounts: If you use an Alibaba Cloud account to create a stack group, you can select Deploy Stacks Within Accounts. Then, enter the IDs of Alibaba Cloud accounts in the Accounts field. This way, you can deploy stacks within the specified Alibaba Cloud accounts. For example, you can enter the ID of Account B in the Accounts field to deploy stacks within Account B.Note
If you enter multiple account IDs, separate the IDs with commas (,). You can also enter the ID of Account A in the Accounts field to deploy stacks within Account A.
Deploy Stacks Within Resource Directories: If you use the management account in an active resource directory to create a stack group, you can select folders in the resource directory and deploy stacks within all members in the folders.
The regions where you want to deploy stacks. Examples: China (Hangzhou) and China (Beijing).Note
You can select up to 20 regions.
The resource group that you want to use to manage the stack group.
Select the resource group to which you want to add the stack group based on your business requirements. If you do not select a resource group, the stack group is added to the default resource group.
For more information about how to create a resource group, see Create a resource group.
Add tags to or remove tags from resources. You can add up to 20 tags to each resource.
Maximum Number of Concurrent Accounts
The maximum number of accounts within which stacks are deployed at the same time in each region.
For more information about how to specify the value, see Overview.
The number of accounts within which stack operation failures are allowed in each region. If the value of this parameter is exceeded in a region, ROS stops the operation in the region. If the operation is stopped in one region, the operation is no longer performed in other regions.
For more information about how to specify the value, see Overview.
The mode that you want to use to deploy stack instances across regions.
Sequential: deploys stack instances in each specified region based on the specified sequence of regions. ROS deploys stack instances in one region at a time.
Parallel: deploys stack instances in parallel in all specified regions.
Whether to Expand Modules in Current Account
This parameter takes effect only when modules are used in the template. If you want to expand modules within the current account, the modules must exist in the current account. If you want to expand modules within execution accounts, the modules must exist in the execution accounts.Note
If you do not specify the Accounts or Regions parameter, you can create only a stack group in ROS. In this case, if you want to deploy stacks within specified accounts in specified regions, you must separately create stack instances. For more information, see Step 3: (Optional) Create stack instances.
In the Check and Confirm step, confirm the information about the stack group and click Create Stack Group.
Check the result
After the stack group is created, view the stack group within Account A on the Stack Groups page.
Click the name of the stack group. Then, click the Instances tab to view the status of the stack instances within Account B. If the stack instances are in the Current state, the stacks are deployed. In this case, you can log on to the ROS console by using Account B to view the stacks in the China (Hangzhou) and China (Beijing) regions.