Make a StackSet friendly Cloudformation template. #77
Description
I have many accounts that I would like resource detail on.
The manual way to accomplish this, isn't an acceptable workflow:
I can't imagine a CZ user not wanting the additional resource detail for their entire AWS footprint. I would think that demographic would be the exception, rather than the rule.
As a fallback, I have modified the resource owner template so that when it is deployed as a StackSet, it will use a deterministic name for the IAM Role that is created in the child accounts.
Ideally, there would be an all-in-one template file as StackSets cannot use nested stacks with service managed permissions.
Maybe there's a valid reason for needing the sub stacks in the current method. I would think that there's value in connecting audit and CloudTrail owner accounts. Any Organization setup via AWS Control Tower would likely have dedicated accounts for those two account types. So unless someone is running the recommended/automatic Stack across their entire Landing Zone, I don't see those account types ever getting connected appropriately.
Thanks!