You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have many accounts that I would like resource detail on.
The manual way to accomplish this, isn't an acceptable workflow:
I can't imagine a CZ user not wanting the additional resource detail for their entire AWS footprint. I would think that demographic would be the exception, rather than the rule.
As a fallback, I have modified the resource owner template so that when it is deployed as a StackSet, it will use a deterministic name for the IAM Role that is created in the child accounts.
Ideally, there would be an all-in-one template file as StackSets cannot use nested stacks with service managed permissions.
Maybe there's a valid reason for needing the sub stacks in the current method. I would think that there's value in connecting audit and CloudTrail owner accounts. Any Organization setup via AWS Control Tower would likely have dedicated accounts for those two account types. So unless someone is running the recommended/automatic Stack across their entire Landing Zone, I don't see those account types ever getting connected appropriately.
Thanks!
The text was updated successfully, but these errors were encountered:
I have many accounts that I would like resource detail on.
The manual way to accomplish this, isn't an acceptable workflow:
I can't imagine a CZ user not wanting the additional resource detail for their entire AWS footprint. I would think that demographic would be the exception, rather than the rule.
As a fallback, I have modified the resource owner template so that when it is deployed as a StackSet, it will use a deterministic name for the IAM Role that is created in the child accounts.
Ideally, there would be an all-in-one template file as StackSets cannot use nested stacks with service managed permissions.
Maybe there's a valid reason for needing the sub stacks in the current method. I would think that there's value in connecting audit and CloudTrail owner accounts. Any Organization setup via AWS Control Tower would likely have dedicated accounts for those two account types. So unless someone is running the recommended/automatic Stack across their entire Landing Zone, I don't see those account types ever getting connected appropriately.
Thanks!
The text was updated successfully, but these errors were encountered: