Posted On: Feb 19, 2021

AWS CloudFormation StackSets extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation. Last year, we introduced StackSets integration with AWS Organizations, allowing you to define a central template that can be applied across AWS accounts, reducing the need for you to set up permissions, networking needs, and infrastructure for each new account, and allowing you to easily apply changes across your organization. We are now announcing the ability to delegate an AWS member account in your organization as an administrator to create and manage stack sets for your entire organization. Delegated administration removes the need for you to access the management account for stack sets administration on behalf of the organization. Using this feature enables you to adopt an AWS security best-practice, which recommends that you delegate responsibilities outside of the management account where possible.

To get started use the CloudFormation console, AWS CLI, or AWS SDKs as an administrator of the organization management account and register a delegated administrator using the member account number.

This feature is available in all commercial regions where AWS CloudFormation StackSets/Organizations is currently available. You can nominate up to five member accounts to be delegated administrators for your AWS Organization. For more information, please refer to the documentation.