-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yaml
99 lines (95 loc) · 3.05 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
Metadata:
UserPool:
localTemplateFile: &user_pool_template_body ./stacksets/userpool/stackset.yaml
Products:
localTemplateFile: &products_template_body ./products/stackset.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: ServerlessOps API Authnz Service
Parameters:
TargetRegions:
Type: CommaDelimitedList
Description: "Regions to deploy to"
TargetOuIds:
Type: CommaDelimitedList
Description: "Organizational Units to deploy to"
TargetAccountIds:
Type: CommaDelimitedList
Description: "Accounts to deploy to"
UserPoolName:
Type: String
Description: Name of UserPool
UserPoolDomainName:
Type: String
Description: Name of UserPool Domain
ParentDnsZoneId:
Type: String
Description: "Route53 Hosted Zone ID of parent zone"
GitHubSha:
Type: String
Description: GitHub SHA
CfnTemplateBucket:
Type: String
Description: The S3 bucket CloudFormation templates are stored
Resources:
UserPoolStackSet:
Type: AWS::CloudFormation::StackSet
Properties:
StackSetName: ServerlessOpsAuthnz
Description: ServerlessOps Cognito User Pool
Parameters:
- ParameterKey: UserPoolName
ParameterValue: !Ref UserPoolName
- ParameterKey: UserPoolDomainName
ParameterValue: !Ref UserPoolDomainName
- ParameterKey: ParentDnsZoneId
ParameterValue: !Ref ParentDnsZoneId
StackInstancesGroup:
- DeploymentTargets:
AccountFilterType: INTERSECTION
OrganizationalUnitIds: !Ref TargetOuIds
Accounts: !Ref TargetAccountIds
Regions: !Ref TargetRegions
AutoDeployment:
Enabled: true
RetainStacksOnAccountRemoval: false
ManagedExecution:
Active: true
OperationPreferences:
RegionConcurrencyType: PARALLEL
FailureToleranceCount: 1
MaxConcurrentCount: 5
PermissionModel: SERVICE_MANAGED
Capabilities:
- CAPABILITY_NAMED_IAM
- CAPABILITY_AUTO_EXPAND
TemplateBody: *user_pool_template_body
ProductsStackSet:
Type: AWS::CloudFormation::StackSet
Properties:
StackSetName: ServerlessOpsAuthnzProducts
Description: ServerlessOps Authnz Service Catalog Products
Parameters:
- ParameterKey: GitHubSha
ParameterValue: !Ref GitHubSha
- ParameterKey: CfnTemplateBucket
ParameterValue: !Ref CfnTemplateBucket
StackInstancesGroup:
- DeploymentTargets:
AccountFilterType: INTERSECTION
OrganizationalUnitIds: !Ref TargetOuIds
Accounts: !Ref TargetAccountIds
Regions: !Ref TargetRegions
AutoDeployment:
Enabled: true
RetainStacksOnAccountRemoval: false
ManagedExecution:
Active: true
OperationPreferences:
RegionConcurrencyType: PARALLEL
FailureToleranceCount: 1
MaxConcurrentCount: 5
PermissionModel: SERVICE_MANAGED
Capabilities:
- CAPABILITY_NAMED_IAM
- CAPABILITY_AUTO_EXPAND
TemplateBody: *products_template_body