AWS StackSets are a crucial tool that bring a dynamic and customizable approach to multi-account management, with enhanced flexibility and control, ensuring a seamless experience for managing multiple AWS accounts with ease.
Benefits of AWS StackSet
Improved Flexibility: With AWS StackSet, customers gain enhanced control over account configuration and management. You can now customize the account provisioning process to suit your organization's specific needs, ensuring a tailored onboarding experience.
Streamlined Deployment: AWS StackSet allows you to deploy and manage infrastructure, AWS resources, and configurations across multiple accounts and regions with ease. This simplifies the process of maintaining consistency and standardization throughout your AWS environment.
Simplified Account Management: Transitioning to AWS StackSet means you can continue to maintain governance and compliance policies across all your accounts, just as you did with AWS Control Tower. The StackSet framework enables you to enforce guardrails, implement security measures, and ensure compliance effortlessly.
Integration with Existing Services:AWS StackSet seamlessly integrates with various AWS services, such as AWS Identity and Access Management (IAM), AWS Organizations, AWS Config, and AWS CloudTrail, providing you with comprehensive control and monitoring capabilities.
Procedure
To add multiple AWS accounts:
Log into your Druva CloudRanger console and navigate to the Organization in which you wish to add new accounts.
Click Add New Account on the top right.
Copy or download the CloudFormation template to manually create the stack and provision the access role for your AWS environment.
Click Launch AWS Console to be automatically directed to the CloudFormation section of your AWS account.
Click StackSets on the left navigation menu and then click Create StackSet
π Note
β The Stack Names must be unique if you wish to link more than one CloudRanger account to the same AWS account.
The CRAccountIdparameter specified here cannot be modified when updating the CF stack.Select the Upload a template file option if you have downloaded the CloudFormation template in the previous step.
Alternatively, you may copy the CloudFormation URL and paste this into Amazon S3 template URL Click Next.Specify the AWS Account numbers to be configured with Druva CloudRanger via the CloudFormation StackSet.
Alternatively, you may upload a . csv file with the account numbers listed.Select the I acknowledge that AWS CloudFormation might create IAM resources with custom names check box, and then click Submit to generate the CloudFormation StackSet.
Refresh the StackSet until the Status reads CREATE_COMPLETE.
Once the AWS account access is setup, the Last Access Status displays the appropriate status, as described previously.
π Note
β IAM roles cannot be whitelisted with stacksets since the CRAccountIdParameter needs to be unique.
Import Stacks to StackSets
StackSets extend the functionality of stacks, so you can create, update, or delete stacks across multiple accounts and Regions with a single operation.
Prerequisites
The AWS Account where the StackSet is created, must have a StackSet Administration role, unless the AWS accounts are within an Organization. This role must have permission granted to assume Roles in the other AWS accounts.
Ensure that you have the AWS StackSets setup in the AWS accounts that you wish to onboard. For more information on StackSet operations, refer to the AWS documentation.
Ensure that the stacks that you want to import into a StackSet have the same template. To get started, you will first need to prepare your stacks for import.
Prepare stacks for import
Ensure that the stacks that you want to import into a StackSet have the same template. To determine the template versions:
Log into the AWS account and navigate to Cloudformation > Stacks.
For each of the stacks to be imported:
Click on the Stack Name and select the Template tab.
In the stack template, locate the CRTemplateVersion property, which corresponds to the version number.
β
If any of the template version numbers on the individual stacks are different, then the template must be updated.
To update the CloudFormation template, see Update CloudFormation stack.
This must be done for each of the accounts from which the Stack is to be imported into a StackSet.
β
Import Stacks
Once you establish that all stacks have the same template, proceed with importing the stacks into a StackSet:
Log into the AWS account and navigate to Cloudformation > Stacks > Create StackSet.
Under Specify Template, choose From Stack ID.
Since all the stacks have the same template, the template source can correspond to one of the stacks being imported.
βSpecify the Stack ID ARN in the From Stack ID textbox.
To locate the Stack ID ARN, navigate to Cloudformation > Stacks, and copy the Stack ID ARN available under Stack Info. Click Next.
β
Specify the StackSet Name. Proceed with the Configure StackSet options page and click Next.
Under Add stacks to stack set, select import stacks to stack set.
Under Stacks to import, select the Stack IDs Url.
Create a text file with all Stack IDs to be imported, upload this to an S3 bucket, and then provide the URL of the file under Stack ID Url.
To generate the text file:
Locate the Stack ID ARNs for each of the stacks to be imported into the StackSet.
To locate the Stack ID ARN, navigate to Cloudformation > Stacks, and copy the Stack ID ARN available under Stack Info.List each Stack ID ARN within a text file.
To upload the text file,
Navigate to Amazon S3 > Buckets > stacksetlist, and copy the Object URL of the Stack IDs text file.
8. Navigate back to the Stacks to import page, and enter this URL under Stack ID Url. Click Next.
9. Verify the details under Review and click Submit.