Skip to content

Fix CloudFormation StackSet creation when deployed to the management account #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 29, 2025
Merged

Fix CloudFormation StackSet creation when deployed to the management account #91

merged 1 commit into from
Sep 29, 2025

Conversation

@kurtismash
Copy link
Member

@kurtismash kurtismash commented Sep 26, 2025

Although our documented advice is to deploy this to a dedicated backup account, it's likely some will want to deploy this to their management account. Sets the call_as argument on the aws_cloudformation_stack_set and aws_cloudformation_stack_instances to SELF when deployed to the management account.

@kurtismash kurtismash requested a review from Copilot September 26, 2025 19:56
Copilot AI reviewed Sep 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables the CloudFormation StackSet deployment module to work when deployed to an AWS management account by dynamically setting the call_as parameter based on the deployment context.

  • Adds organization management account ID to the current context variable
  • Conditionally sets call_as to "SELF" when deployed to management account, otherwise "DELEGATED_ADMIN"

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
modules/service-deployment/variables.tf Adds organization_management_account_id field to current variable structure
modules/service-deployment/cloudformation.tf Updates call_as parameter logic for both StackSet and StackSet instances resources
main.tf Retrieves organization management account ID and passes it to the deployment module

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@kurtismash kurtismash force-pushed the fix/management-account-deployment branch from 854609c to cecdc1c Compare September 26, 2025 19:58
@kurtismash kurtismash requested a review from Copilot September 26, 2025 19:58
Copilot AI reviewed Sep 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@kurtismash kurtismash force-pushed the fix/management-account-deployment branch from cecdc1c to 70e671e Compare September 26, 2025 20:00
paulschwarzenberger
paulschwarzenberger approved these changes Sep 29, 2025
View reviewed changes
Copy link
Contributor

@paulschwarzenberger paulschwarzenberger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kurtismash kurtismash merged commit 14c1069 into main Sep 29, 2025
12 checks passed
@kurtismash kurtismash deleted the fix/management-account-deployment branch September 29, 2025 09:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@paulschwarzenberger paulschwarzenberger paulschwarzenberger approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kurtismash @paulschwarzenberger