![best antiope d setup best antiope d setup](https://i.ytimg.com/vi/gdgtkTwkPME/hqdefault.jpg)
![best antiope d setup best antiope d setup](https://i.redd.it/c63lovrzwg961.jpg)
There are also the soft-limits: 100 StackSets per admin account, and 2000 stack instances per stackset. StackSets themselves cannot be created via CloudFormation ( but that may be changing soon), so there are some gnarly CLI commands you need to run when deploying stacksets. It will not deploy a stackset to the payer account, so you need to deploy that manually. StackSets for Organizations does have some limits. However, you can choose to either delete or retain the resources managed by the stack. When an account leaves the organization, the stack will be removed from the management of StackSets. You do not need to remember to manually connect to the new account to deploy your common infrastructure or to delete infrastructure when an account is removed from your Organization. In addition to setting permissions, CloudFormation StackSets now offers the option for automatically creating or removing your CloudFormation stacks when a new AWS account joins or quits your Organization. It has some interesting capabilities, such as: Luckily, AWS Organizations does support StackSets. Config ServiceĪs of August 2020, Config Service’s recorder & delivery channel cannot be deployed via AWS Organizations like Macie, GuardDuty, and IAM Access Analyzer. Time to poke at it again as it has evolved since my last look at it. They also don’t always solve the “ghost-in-the-cloud” problem where the cloud heals itself but the human isn’t informed.ĪWS Config is Amazon’s cloud-provider-native answer to this. There are some vendors out there doing things, but at my scale the pricing is pretty brutal. Otherwise the human doesn’t learn (and the IaC templates get all outta wack). But the key is that the human has to know the cloud healed itself. How do I revert a bad state to a good state without asking a human to fix something. It’s a curse because the best way to accomplish an objective is constantly changing. It’s a blessing because things are getting better, cheaper, and faster. “Architect for the AWS you have, not the AWS you want” –Chris Farris, 2017ĪWS is constantly innovating.