Posted On: Apr 10, 2018
AWS CloudFormation StackSets now allows you to create multiple roles in which your users can perform stack set operations in target accounts. This allows you to restrict specific sets of users from using stack set operations such as creating or updating stack sets in specific target accounts. Please see the documentation to learn more about creating multiple roles.
You can also now use the Amazon Resource Name (ARN) of a stack set in Identity and Access Management (IAM) policies to create resource level permissions for StackSets. Previously, you could not create an IAM policy for a specific stack set. Now, you can set the access control of specific stack sets to specific roles using the stack set’s ARN.