💾 Archived View for cfdocs.wetterberg.nu › stacksets-orgs-enable-trusted-access.gemini captured on 2024-05-10 at 12:33:53. Gemini links have been rewritten to link to archived content
View Raw
More Information
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
Enable trusted access with AWS Organizations
Search
To set up the required permissions to create a stack set with *self\-managed* permissions, see Grant self\-managed permissions.
Grant self-managed permissions
Before you create a stack set with *service\-managed* permissions, you must first complete the following tasks:
- Enable all features in AWS Organizations. With only consolidated billing features enabled, you cannot create a stack set with service-managed permissions.
- Enable trusted access with AWS Organizations. After trusted access is enabled, StackSets creates the necessary IAM roles in the organization's management account and target accounts when you create stack sets with service-managed permissions.NoteThe IAM service-linked role created in the management account has the suffix CloudFormationStackSetsOrgAdmin. You can modify or delete this role only if trusted access with AWS Organizations is disabled. The IAM service-linked role created in each target account has the suffix CloudFormationStackSetsOrgMember. You can modify or delete this role only if trusted access with AWS Organizations is disabled, or if the account is removed from the target organization or organizational unit (OU).
Enable all features
This topic describes how to enable trusted access with AWS Organizations.
Only an account administrator in the management account has permissions to enable trusted access. An *administrator user* is an *IAM user* with full permissions to your AWS account. For more information, see IAM best practices and Creating your first IAM admin user and group in the IAM User Guide.
IAM best practices
Creating your first IAM admin user and group
- To enable trusted access in the Create StackSet wizard:*
See Create a stack set with service\-managed permissions.
Create a stack set with service-managed permissions
- To enable trusted access in the StackSets page of the AWS CloudFormation console:*
- Determine which AWS account is the stack set's administrator account. For stack sets with service-managed permissions, the administrator account is the organization's management account.Stack sets are created in the management account. A target account is the account to which stack instances are deployed.
- Sign in to AWS as an administrator of the management account and open the AWS CloudFormation console at https://console.aws.amazon.com/.
- From the navigation pane, choose StackSets. If trusted access is disabled, a banner displays that prompts you to enable trusted access.[Enable trusted access banner.]
- Choose Enable trusted access.Trusted access is successfully enabled when the following banner displays.[Trusted access is successfully enabled banner.]
https://console.aws.amazon.com/
- To enable trusted access in the Trusted access for AWS services page of the AWS Organizations console:*
See AWS CloudFormation StackSets and AWS Organizations in the AWS Organizations User Guide.
AWS CloudFormation StackSets and AWS Organizations
- To disable trusted access:*
See AWS CloudFormation StackSets and AWS Organizations in the AWS Organizations User Guide.
AWS CloudFormation StackSets and AWS Organizations