aws-cloudformation-resource-providers-cloudformation icon indicating copy to clipboard operation
aws-cloudformation-resource-providers-cloudformation copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

AWS::CloudFormation::StackSet does not support AccountFilterType of UNION

Open mbarneyjr opened this issue 2 years ago • 2 comments

When defining an AWS::CloudFormation::StackSet resource with a PermissionModel of SERVICE_MANAGED and the following StackInstancesGroup:

        - DeploymentTargets:
            OrganizationalUnitIds:
              - !Ref OrganizationRoot
          Regions:
            - us-east-1

everything works as expected - stack instances are created in every account within the specified OU. Now if I want to include other accounts, as described here, I update that to the following lines:

        - DeploymentTargets:
            OrganizationalUnitIds:
              - !Ref OrganizationRoot
            AccountFilterType: UNION
            Accounts:
              - !Ref AWS::AccountId
          Regions:
            - us-east-1

But that throws an error that UNION is not a valid AccountFilterType, even though there's documentation (and raw API calls) supporting otherwise

mbarneyjr avatar Sep 13 '22 15:09 mbarneyjr

We seem to be getting a very similar error to this with SERVICE_MANAGED - we set accountFilterType in cdk to UNION, when it deploys with any value with the Cloudformation where we include both Accounts and OrganizationUnits, we get the error :

Resource handler returned message: "Invalid request provided: AccountFilterType should be specified when both OrganizationalUnitIds and Accounts are provided" even though it exists in our template or should default to Union - AccountFilterType with UNION does not seem to be working properly

UnbiasedGoat avatar Jan 16 '24 20:01 UnbiasedGoat

I am getting this on one org, but not another. Really strange.

moltar avatar May 23 '24 19:05 moltar