How to provision a CloudFormation StackSet

You want to provision a AWS CloudFormation StackSet so that you can create, update, or delete stacks across multiple accounts and regions with a single operation.

Prerequisites

This requires an IAM role which (only) the CloudFormation service can assume. It should already be in place, refer to How to grant cross-account AWS access for CloudFormation StackSets if this is not the case anymore.

Step-by-step guide

A stack set is based on a regular AWS CloudFormation template, but requires a few more and slightly different steps than provisioning a standalone stack (notably there is no equivalent to the convenient 'Launch stack' URL feature yet). In order to get acquainted with the process, we recommend to create a test CloudFormation stack set from our cloudformation-stackset-skeleton.yaml template:

  1. Go to the CloudFormation StackSets console and click 'Create StackSet'

  2. Select 'Specify an Amazon S3 template URL', specify the URL of our cloudformation-stackset-skeleton.yaml, and click 'Next'

  3. Specify a name (say 'cross-account-skeleton'), keep the example parameters for now, and click 'Next'

  4. Specify one ore more of your organization's AWS account IDs as a comma separated list, select at least two 'Available regions' (say 'US East - N.Virginia' and 'EU West - Ireland') and click 'Add', then click 'Next'
    The 'Deployment options' default to the most conservative 'one by one' deployment for starters - once confident that the template provisions correctly, more aggressive settings can speed up the process.

  5. Skip the 'Options' by clicking 'Next', review the settings and click 'Create'.
    The resulting progress monitoring screen is similar to the regular CloudFormation one and also updated automatically, just not as quickly and slightly less intuitive, so a bit of patience is required here.

  6. (Optional) Assuming the stack set has been successfully created across multiple regions and accounts, select 'Manage StackSet' and play around by creating/deleting stack instances in particular regions or accounts, or by overriding parameters for selected stack instances.