agent-claw: automated task changes

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/index.d.ts

@@ -0,0 +1,4 @@
+export * from './pipeline-actions';
+export * from './stackset-action';
+export * from './stackinstances-action';
+export * from './stackset-types';

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/index.js

@@ -0,0 +1 @@
+"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.CloudFormationExecuteChangeSetAction=void 0,Object.defineProperty(exports,_noFold="CloudFormationExecuteChangeSetAction",{enumerable:!0,configurable:!0,get:()=>{var value=require("./pipeline-actions").CloudFormationExecuteChangeSetAction;return Object.defineProperty(exports,_noFold="CloudFormationExecuteChangeSetAction",{enumerable:!0,configurable:!0,value}),value}}),exports.CloudFormationCreateReplaceChangeSetAction=void 0,Object.defineProperty(exports,_noFold="CloudFormationCreateReplaceChangeSetAction",{enumerable:!0,configurable:!0,get:()=>{var value=require("./pipeline-actions").CloudFormationCreateReplaceChangeSetAction;return Object.defineProperty(exports,_noFold="CloudFormationCreateReplaceChangeSetAction",{enumerable:!0,configurable:!0,value}),value}}),exports.CloudFormationCreateUpdateStackAction=void 0,Object.defineProperty(exports,_noFold="CloudFormationCreateUpdateStackAction",{enumerable:!0,configurable:!0,get:()=>{var value=require("./pipeline-actions").CloudFormationCreateUpdateStackAction;return Object.defineProperty(exports,_noFold="CloudFormationCreateUpdateStackAction",{enumerable:!0,configurable:!0,value}),value}}),exports.CloudFormationDeleteStackAction=void 0,Object.defineProperty(exports,_noFold="CloudFormationDeleteStackAction",{enumerable:!0,configurable:!0,get:()=>{var value=require("./pipeline-actions").CloudFormationDeleteStackAction;return Object.defineProperty(exports,_noFold="CloudFormationDeleteStackAction",{enumerable:!0,configurable:!0,value}),value}}),exports.CloudFormationDeployStackSetAction=void 0,Object.defineProperty(exports,_noFold="CloudFormationDeployStackSetAction",{enumerable:!0,configurable:!0,get:()=>{var value=require("./stackset-action").CloudFormationDeployStackSetAction;return Object.defineProperty(exports,_noFold="CloudFormationDeployStackSetAction",{enumerable:!0,configurable:!0,value}),value}}),exports.CloudFormationDeployStackInstancesAction=void 0,Object.defineProperty(exports,_noFold="CloudFormationDeployStackInstancesAction",{enumerable:!0,configurable:!0,get:()=>{var value=require("./stackinstances-action").CloudFormationDeployStackInstancesAction;return Object.defineProperty(exports,_noFold="CloudFormationDeployStackInstancesAction",{enumerable:!0,configurable:!0,value}),value}}),exports.StackSetTemplate=void 0,Object.defineProperty(exports,_noFold="StackSetTemplate",{enumerable:!0,configurable:!0,get:()=>{var value=require("./stackset-types").StackSetTemplate;return Object.defineProperty(exports,_noFold="StackSetTemplate",{enumerable:!0,configurable:!0,value}),value}}),exports.StackInstances=void 0,Object.defineProperty(exports,_noFold="StackInstances",{enumerable:!0,configurable:!0,get:()=>{var value=require("./stackset-types").StackInstances;return Object.defineProperty(exports,_noFold="StackInstances",{enumerable:!0,configurable:!0,value}),value}}),exports.StackSetParameters=void 0,Object.defineProperty(exports,_noFold="StackSetParameters",{enumerable:!0,configurable:!0,get:()=>{var value=require("./stackset-types").StackSetParameters;return Object.defineProperty(exports,_noFold="StackSetParameters",{enumerable:!0,configurable:!0,value}),value}}),exports.StackSetDeploymentModel=void 0,Object.defineProperty(exports,_noFold="StackSetDeploymentModel",{enumerable:!0,configurable:!0,get:()=>{var value=require("./stackset-types").StackSetDeploymentModel;return Object.defineProperty(exports,_noFold="StackSetDeploymentModel",{enumerable:!0,configurable:!0,value}),value}}),exports.StackSetOrganizationsAutoDeployment=void 0,Object.defineProperty(exports,_noFold="StackSetOrganizationsAutoDeployment",{enumerable:!0,configurable:!0,get:()=>{var value=require("./stackset-types").StackSetOrganizationsAutoDeployment;return Object.defineProperty(exports,_noFold="StackSetOrganizationsAutoDeployment",{enumerable:!0,configurable:!0,value}),value}});

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/pipeline-actions.d.ts

@@ -0,0 +1,270 @@
+import type { Construct } from 'constructs';
+import * as cloudformation from '../../../aws-cloudformation';
+import * as codepipeline from '../../../aws-codepipeline';
+import * as iam from '../../../aws-iam';
+import * as cdk from '../../../core';
+import { Action } from '../action';
+/**
+ * Properties common to all CloudFormation actions
+ */
+interface CloudFormationActionProps extends codepipeline.CommonAwsActionProps {
+    /**
+     * The name of the stack to apply this action to
+     */
+    readonly stackName: string;
+    /**
+     * A name for the filename in the output artifact to store the AWS CloudFormation call's result.
+     *
+     * The file will contain the result of the call to AWS CloudFormation (for example
+     * the call to UpdateStack or CreateChangeSet).
+     *
+     * AWS CodePipeline adds the file to the output artifact after performing
+     * the specified action.
+     *
+     * @default No output artifact generated
+     */
+    readonly outputFileName?: string;
+    /**
+     * The name of the output artifact to generate
+     *
+     * Only applied if `outputFileName` is set as well.
+     *
+     * @default Automatically generated artifact name.
+     */
+    readonly output?: codepipeline.Artifact;
+    /**
+     * The AWS region the given Action resides in.
+     * Note that a cross-region Pipeline requires replication buckets to function correctly.
+     * You can provide their names with the `PipelineProps#crossRegionReplicationBuckets` property.
+     * If you don't, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets,
+     * that you will need to `cdk deploy` before deploying the main, Pipeline-containing Stack.
+     *
+     * @default the Action resides in the same region as the Pipeline
+     */
+    readonly region?: string;
+    /**
+     * The AWS account this Action is supposed to operate in.
+     * **Note**: if you specify the `role` property,
+     * this is ignored - the action will operate in the same region the passed role does.
+     *
+     * @default - action resides in the same account as the pipeline
+     */
+    readonly account?: string;
+}
+/**
+ * Base class for Actions that execute CloudFormation
+ */
+declare abstract class CloudFormationAction extends Action {
+    private readonly props;
+    constructor(props: CloudFormationActionProps, inputs: codepipeline.Artifact[] | undefined);
+    protected bound(_scope: Construct, _stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+}
+/**
+ * Properties for the CloudFormationExecuteChangeSetAction.
+ */
+export interface CloudFormationExecuteChangeSetActionProps extends CloudFormationActionProps {
+    /**
+     * Name of the change set to execute.
+     */
+    readonly changeSetName: string;
+}
+/**
+ * CodePipeline action to execute a prepared change set.
+ */
+export declare class CloudFormationExecuteChangeSetAction extends CloudFormationAction {
+    private readonly props2;
+    constructor(props: CloudFormationExecuteChangeSetActionProps);
+    protected bound(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+}
+/**
+ * Properties common to CloudFormation actions that stage deployments
+ */
+interface CloudFormationDeployActionProps extends CloudFormationActionProps {
+    /**
+     * IAM role to assume when deploying changes.
+     *
+     * If not specified, a fresh role is created. The role is created with zero
+     * permissions unless `adminPermissions` is true, in which case the role will have
+     * full permissions.
+     *
+     * @default A fresh role with full or no permissions (depending on the value of `adminPermissions`).
+     */
+    readonly deploymentRole?: iam.IRole;
+    /**
+     * Acknowledge certain changes made as part of deployment.
+     *
+     * For stacks that contain certain resources,
+     * explicit acknowledgement is required that AWS CloudFormation might create or update those resources.
+     * For example, you must specify `ANONYMOUS_IAM` or `NAMED_IAM` if your stack template contains AWS
+     * Identity and Access Management (IAM) resources.
+     * For more information, see the link below.
+     *
+     * @default None, unless `adminPermissions` is true
+     *
+     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities
+     */
+    readonly cfnCapabilities?: cdk.CfnCapabilities[];
+    /**
+     * Whether to grant full permissions to CloudFormation while deploying this template.
+     *
+     * Setting this to `true` affects the defaults for `role` and `capabilities`, if you
+     * don't specify any alternatives.
+     *
+     * The default role that will be created for you will have full (i.e., `*`)
+     * permissions on all resources, and the deployment will have named IAM
+     * capabilities (i.e., able to create all IAM resources).
+     *
+     * This is a shorthand that you can use if you fully trust the templates that
+     * are deployed in this pipeline. If you want more fine-grained permissions,
+     * use `addToRolePolicy` and `capabilities` to control what the CloudFormation
+     * deployment is allowed to do.
+     */
+    readonly adminPermissions: boolean;
+    /**
+     * Input artifact to use for template parameters values and stack policy.
+     *
+     * The template configuration file should contain a JSON object that should look like this:
+     * `{ "Parameters": {...}, "Tags": {...}, "StackPolicy": {... }}`. For more information,
+     * see [AWS CloudFormation Artifacts](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/continuous-delivery-codepipeline-cfn-artifacts.html).
+     *
+     * Note that if you include sensitive information, such as passwords, restrict access to this
+     * file.
+     *
+     * @default No template configuration based on input artifacts
+     */
+    readonly templateConfiguration?: codepipeline.ArtifactPath;
+    /**
+     * Additional template parameters.
+     *
+     * Template parameters specified here take precedence over template parameters
+     * found in the artifact specified by the `templateConfiguration` property.
+     *
+     * We recommend that you use the template configuration file to specify
+     * most of your parameter values. Use parameter overrides to specify only
+     * dynamic parameter values (values that are unknown until you run the
+     * pipeline).
+     *
+     * All parameter names must be present in the stack template.
+     *
+     * Note: the entire object cannot be more than 1kB.
+     *
+     * @default No overrides
+     */
+    readonly parameterOverrides?: {
+        [name: string]: any;
+    };
+    /**
+     * The list of additional input Artifacts for this Action.
+     * This is especially useful when used in conjunction with the `parameterOverrides` property.
+     * For example, if you have:
+     *
+     *   parameterOverrides: {
+     *     'Param1': action1.outputArtifact.bucketName,
+     *     'Param2': action2.outputArtifact.objectKey,
+     *   }
+     *
+     * , if the output Artifacts of `action1` and `action2` were not used to
+     * set either the `templateConfiguration` or the `templatePath` properties,
+     * you need to make sure to include them in the `extraInputs` -
+     * otherwise, you'll get an "unrecognized Artifact" error during your Pipeline's execution.
+     */
+    readonly extraInputs?: codepipeline.Artifact[];
+}
+/**
+ * Base class for all CloudFormation actions that execute or stage deployments.
+ */
+declare abstract class CloudFormationDeployAction extends CloudFormationAction {
+    private _deploymentRole?;
+    private readonly props2;
+    constructor(props: CloudFormationDeployActionProps, inputs: codepipeline.Artifact[] | undefined);
+    /**
+     * Add statement to the service role assumed by CloudFormation while executing this action.
+     */
+    addToDeploymentRolePolicy(statement: iam.PolicyStatement): boolean;
+    get deploymentRole(): iam.IRole;
+    protected bound(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+    private getDeploymentRole;
+}
+/**
+ * Properties for the CloudFormationCreateReplaceChangeSetAction.
+ */
+export interface CloudFormationCreateReplaceChangeSetActionProps extends CloudFormationDeployActionProps {
+    /**
+     * Name of the change set to create or update.
+     */
+    readonly changeSetName: string;
+    /**
+     * Input artifact with the ChangeSet's CloudFormation template
+     */
+    readonly templatePath: codepipeline.ArtifactPath;
+}
+/**
+ * CodePipeline action to prepare a change set.
+ *
+ * Creates the change set if it doesn't exist based on the stack name and template that you submit.
+ * If the change set exists, AWS CloudFormation deletes it, and then creates a new one.
+ */
+export declare class CloudFormationCreateReplaceChangeSetAction extends CloudFormationDeployAction {
+    private readonly props3;
+    constructor(props: CloudFormationCreateReplaceChangeSetActionProps);
+    protected bound(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+}
+/**
+ * Properties for the CloudFormationCreateUpdateStackAction.
+ */
+export interface CloudFormationCreateUpdateStackActionProps extends CloudFormationDeployActionProps {
+    /**
+     * Input artifact with the CloudFormation template to deploy
+     */
+    readonly templatePath: codepipeline.ArtifactPath;
+    /**
+     * Replace the stack if it's in a failed state.
+     *
+     * If this is set to true and the stack is in a failed state (one of
+     * ROLLBACK_COMPLETE, ROLLBACK_FAILED, CREATE_FAILED, DELETE_FAILED, or
+     * UPDATE_ROLLBACK_FAILED), AWS CloudFormation deletes the stack and then
+     * creates a new stack.
+     *
+     * If this is not set to true and the stack is in a failed state,
+     * the deployment fails.
+     *
+     * @default false
+     */
+    readonly replaceOnFailure?: boolean;
+}
+/**
+ * CodePipeline action to deploy a stack.
+ *
+ * Creates the stack if the specified stack doesn't exist. If the stack exists,
+ * AWS CloudFormation updates the stack. Use this action to update existing
+ * stacks.
+ *
+ * AWS CodePipeline won't replace the stack, and will fail deployment if the
+ * stack is in a failed state. Use `ReplaceOnFailure` for an action that
+ * will delete and recreate the stack to try and recover from failed states.
+ *
+ * Use this action to automatically replace failed stacks without recovering or
+ * troubleshooting them. You would typically choose this mode for testing.
+ */
+export declare class CloudFormationCreateUpdateStackAction extends CloudFormationDeployAction {
+    private readonly props3;
+    constructor(props: CloudFormationCreateUpdateStackActionProps);
+    protected bound(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+}
+/**
+ * Properties for the CloudFormationDeleteStackAction.
+ */
+export interface CloudFormationDeleteStackActionProps extends CloudFormationDeployActionProps {
+}
+/**
+ * CodePipeline action to delete a stack.
+ *
+ * Deletes a stack. If you specify a stack that doesn't exist, the action completes successfully
+ * without deleting a stack.
+ */
+export declare class CloudFormationDeleteStackAction extends CloudFormationDeployAction {
+    private readonly props3;
+    constructor(props: CloudFormationDeleteStackActionProps);
+    protected bound(scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+}
+export {};

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/private/singleton-policy.d.ts

@@ -0,0 +1,62 @@
+import { Construct } from 'constructs';
+import * as iam from '../../../../aws-iam';
+import * as cdk from '../../../../core';
+/**
+ * Manages a bunch of singleton-y statements on the policy of an IAM Role.
+ * Dedicated methods can be used to add specific permissions to the role policy
+ * using as few statements as possible (adding resources to existing compatible
+ * statements instead of adding new statements whenever possible).
+ *
+ * Statements created outside of this class are not considered when adding new
+ * permissions.
+ */
+export declare class SingletonPolicy extends Construct implements iam.IGrantable {
+    private readonly role;
+    /**
+     * Obtain a SingletonPolicy for a given role.
+     * @param role the Role this policy is bound to.
+     * @returns the SingletonPolicy for this role.
+     */
+    static forRole(role: iam.IRole): SingletonPolicy;
+    private static readonly UUID;
+    readonly grantPrincipal: iam.IPrincipal;
+    private statements;
+    private constructor();
+    grantExecuteChangeSet(props: {
+        stackName: string;
+        changeSetName: string;
+        region?: string;
+    }): void;
+    grantCreateReplaceChangeSet(props: {
+        stackName: string;
+        changeSetName: string;
+        region?: string;
+    }): void;
+    grantCreateUpdateStack(props: {
+        stackName: string;
+        replaceOnFailure?: boolean;
+        region?: string;
+    }): void;
+    grantCreateUpdateStackSet(props: {
+        stackSetName: string;
+        region?: string;
+    }): void;
+    grantDeleteStack(props: {
+        stackName: string;
+        region?: string;
+    }): void;
+    grantPassRole(role: iam.IRole | string): void;
+    private statementFor;
+    private stackArnFromProps;
+    private stackSetArnFromProps;
+}
+export interface StatementTemplate {
+    actions: string[];
+    conditions?: StatementCondition;
+}
+export type StatementCondition = {
+    [op: string]: {
+        [attribute: string]: string;
+    };
+};
+export declare function parseCapabilities(capabilities: cdk.CfnCapabilities[] | undefined): string | undefined;

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/private/singleton-policy.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.SingletonPolicy=void 0,exports.parseCapabilities=parseCapabilities;var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../../../aws-iam");return iam=()=>tmp,tmp},cdk=()=>{var tmp=require("../../../../core");return cdk=()=>tmp,tmp};class SingletonPolicy extends constructs_1().Construct{role;static forRole(role){return role.node.tryFindChild(SingletonPolicy.UUID)||new SingletonPolicy(role)}static UUID="8389e75f-0810-4838-bf64-d6f85a95cf83";grantPrincipal;statements={};constructor(role){super(role,SingletonPolicy.UUID),this.role=role,this.grantPrincipal=role}grantExecuteChangeSet(props){this.statementFor({actions:["cloudformation:DescribeStacks","cloudformation:DescribeStackEvents","cloudformation:DescribeChangeSet","cloudformation:ExecuteChangeSet"],conditions:{StringEqualsIfExists:{"cloudformation:ChangeSetName":props.changeSetName}}}).addResources(this.stackArnFromProps(props))}grantCreateReplaceChangeSet(props){this.statementFor({actions:["cloudformation:CreateChangeSet","cloudformation:DeleteChangeSet","cloudformation:DescribeChangeSet","cloudformation:DescribeStacks"],conditions:{StringEqualsIfExists:{"cloudformation:ChangeSetName":props.changeSetName}}}).addResources(this.stackArnFromProps(props))}grantCreateUpdateStack(props){const actions=["cloudformation:DescribeStack*","cloudformation:CreateStack","cloudformation:UpdateStack","cloudformation:GetTemplate*","cloudformation:ValidateTemplate","cloudformation:GetStackPolicy","cloudformation:SetStackPolicy"];props.replaceOnFailure&&actions.push("cloudformation:DeleteStack"),this.statementFor({actions}).addResources(this.stackArnFromProps(props))}grantCreateUpdateStackSet(props){const actions=["cloudformation:CreateStackSet","cloudformation:UpdateStackSet","cloudformation:DescribeStackSet","cloudformation:DescribeStackSetOperation","cloudformation:ListStackInstances","cloudformation:CreateStackInstances"];this.statementFor({actions}).addResources(this.stackSetArnFromProps(props))}grantDeleteStack(props){this.statementFor({actions:["cloudformation:DescribeStack*","cloudformation:DeleteStack"]}).addResources(this.stackArnFromProps(props))}grantPassRole(role){this.statementFor({actions:["iam:PassRole"]}).addResources(typeof role=="string"?role:role.roleArn)}statementFor(template){const key=keyFor(template);return key in this.statements||(this.statements[key]=new(iam()).PolicyStatement({actions:template.actions}),template.conditions&&this.statements[key].addConditions(template.conditions),this.role.addToPolicy(this.statements[key])),this.statements[key];function keyFor(props){const actions=`${props.actions.sort().join("")}`,conditions=formatConditions(props.conditions);return`${actions}${conditions}`;function formatConditions(cond){if(cond==null)return"";let result="";for(const op of Object.keys(cond).sort()){result+=`${op}`;const condition=cond[op];for(const attribute of Object.keys(condition).sort()){const value=condition[attribute];result+=`${value}`}}return result}}}stackArnFromProps(props){return cdk().Stack.of(this).formatArn({region:props.region,service:"cloudformation",resource:"stack",resourceName:`${props.stackName}/*`})}stackSetArnFromProps(props){return cdk().Stack.of(this).formatArn({region:props.region,service:"cloudformation",resource:"stackset",resourceName:`${props.stackSetName}:*`})}}exports.SingletonPolicy=SingletonPolicy;function parseCapabilities(capabilities){if(capabilities!==void 0){if(capabilities.length===1){const capability=capabilities.toString();return capability===""?void 0:capability}else if(capabilities.length>1)return capabilities.join(",")}}

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackinstances-action.d.ts

@@ -0,0 +1,45 @@
+import type { Construct } from 'constructs';
+import type { CommonCloudFormationStackSetOptions, StackInstances, StackSetParameters } from './stackset-types';
+import * as codepipeline from '../../../aws-codepipeline';
+import { Action } from '../action';
+/**
+ * Properties for the CloudFormationDeployStackInstancesAction
+ */
+export interface CloudFormationDeployStackInstancesActionProps extends codepipeline.CommonAwsActionProps, CommonCloudFormationStackSetOptions {
+    /**
+     * The name of the StackSet we are adding instances to
+     */
+    readonly stackSetName: string;
+    /**
+     * Specify where to create or update Stack Instances
+     *
+     * You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
+     */
+    readonly stackInstances: StackInstances;
+    /**
+     * Parameter values that only apply to the current Stack Instances
+     *
+     * These parameters are shared between all instances added by this action.
+     *
+     * @default - no parameters will be overridden
+     */
+    readonly parameterOverrides?: StackSetParameters;
+}
+/**
+ * CodePipeline action to create/update Stack Instances of a StackSet
+ *
+ * After the initial creation of a stack set, you can add new stack instances by
+ * using CloudFormationStackInstances. Template parameter values can be
+ * overridden at the stack instance level during create or update stack set
+ * instance operations.
+ *
+ * Each stack set has one template and set of template parameters. When you
+ * update the template or template parameters, you update them for the entire
+ * set. Then all instance statuses are set to OUTDATED until the changes are
+ * deployed to that instance.
+ */
+export declare class CloudFormationDeployStackInstancesAction extends Action {
+    private readonly props;
+    constructor(props: CloudFormationDeployStackInstancesActionProps);
+    protected bound(scope: Construct, _stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+}

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackinstances-action.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CloudFormationDeployStackInstancesAction=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var singleton_policy_1=()=>{var tmp=require("./private/singleton-policy");return singleton_policy_1=()=>tmp,tmp},codepipeline=()=>{var tmp=require("../../../aws-codepipeline");return codepipeline=()=>tmp,tmp},action_1=()=>{var tmp=require("../action");return action_1=()=>tmp,tmp},common_1=()=>{var tmp=require("../common");return common_1=()=>tmp,tmp};class CloudFormationDeployStackInstancesAction extends action_1().Action{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_codepipeline_actions.CloudFormationDeployStackInstancesAction",version:"2.252.0"};props;constructor(props){super({...props,region:props.stackSetRegion,provider:"CloudFormationStackInstances",category:codepipeline().ActionCategory.DEPLOY,artifactBounds:{minInputs:0,maxInputs:3,minOutputs:0,maxOutputs:0},inputs:[...props.parameterOverrides?._artifactsReferenced??[],...props.stackInstances?._artifactsReferenced??[]]});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_codepipeline_actions_CloudFormationDeployStackInstancesActionProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,CloudFormationDeployStackInstancesAction),error}this.props=props,(0,common_1().validatePercentage)("failureTolerancePercentage",props.failureTolerancePercentage),(0,common_1().validatePercentage)("maxAccountConcurrencyPercentage",props.maxAccountConcurrencyPercentage)}bound(scope,_stage,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_codepipeline_IStage(_stage),jsiiDeprecationWarnings().aws_cdk_lib_aws_codepipeline_ActionBindOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.bound),error}const singletonPolicy=singleton_policy_1().SingletonPolicy.forRole(options.role);singletonPolicy.grantCreateUpdateStackSet(this.props);const instancesResult=this.props.stackInstances?._bind(scope);return(this.actionProperties.inputs||[]).length>0&&options.bucket.grantRead(singletonPolicy),{configuration:{StackSetName:this.props.stackSetName,ParameterOverrides:this.props.parameterOverrides?._render(),FailureTolerancePercentage:this.props.failureTolerancePercentage,MaxConcurrentPercentage:this.props.maxAccountConcurrencyPercentage,...instancesResult?.stackSetConfiguration}}}}exports.CloudFormationDeployStackInstancesAction=CloudFormationDeployStackInstancesAction;

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackset-action.d.ts

@@ -0,0 +1,108 @@
+import type { Construct } from 'constructs';
+import type { CommonCloudFormationStackSetOptions, StackInstances, StackSetParameters, StackSetTemplate } from './stackset-types';
+import { StackSetDeploymentModel } from './stackset-types';
+import * as codepipeline from '../../../aws-codepipeline';
+import type * as cdk from '../../../core';
+import { Action } from '../action';
+/**
+ * Properties for the CloudFormationDeployStackSetAction
+ */
+export interface CloudFormationDeployStackSetActionProps extends codepipeline.CommonAwsActionProps, CommonCloudFormationStackSetOptions {
+    /**
+     * The name to associate with the stack set. This name must be unique in the Region where it is created.
+     *
+     * The name may only contain alphanumeric and hyphen characters. It must begin with an alphabetic character and be 128 characters or fewer.
+     */
+    readonly stackSetName: string;
+    /**
+     * The location of the template that defines the resources in the stack set.
+     * This must point to a template with a maximum size of 460,800 bytes.
+     *
+     * Enter the path to the source artifact name and template file.
+     */
+    readonly template: StackSetTemplate;
+    /**
+     * A description of the stack set. You can use this to describe the stack set’s purpose or other relevant information.
+     *
+     * @default - no description
+     */
+    readonly description?: string;
+    /**
+     * Specify where to create or update Stack Instances
+     *
+     * You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
+     *
+     * @default - don't create or update any Stack Instances
+     */
+    readonly stackInstances?: StackInstances;
+    /**
+     * Determines how IAM roles are created and managed.
+     *
+     * The choices are:
+     *
+     * - Self Managed: you create IAM roles with the required permissions
+     *   in the administration account and all target accounts.
+     * - Service Managed: only available if the account and target accounts
+     *   are part of an AWS Organization. The necessary roles will be created
+     *   for you.
+     *
+     * If you want to deploy to all accounts that are a member of AWS
+     * Organizations Organizational Units (OUs), you must select Service Managed
+     * permissions.
+     *
+     * Note: This parameter can only be changed when no stack instances exist in
+     * the stack set.
+     *
+     * @default StackSetDeploymentModel.selfManaged()
+     */
+    readonly deploymentModel?: StackSetDeploymentModel;
+    /**
+     * The template parameters for your stack set
+     *
+     * These parameters are shared between all instances of the stack set.
+     *
+     * @default - no parameters will be used
+     */
+    readonly parameters?: StackSetParameters;
+    /**
+     * Indicates that the template can create and update resources, depending on the types of resources in the template.
+     *
+     * You must use this property if you have IAM resources in your stack template or you create a stack directly from a template containing macros.
+     *
+     * @default - the StackSet will have no IAM capabilities
+     */
+    readonly cfnCapabilities?: cdk.CfnCapabilities[];
+}
+/**
+ * CodePipeline action to deploy a stackset.
+ *
+ * CodePipeline offers the ability to perform AWS CloudFormation StackSets
+ * operations as part of your CI/CD process. You use a stack set to create
+ * stacks in AWS accounts across AWS Regions by using a single AWS
+ * CloudFormation template. All the resources included in each stack are defined
+ * by the stack set’s AWS CloudFormation template. When you create the stack
+ * set, you specify the template to use, as well as any parameters and
+ * capabilities that the template requires.
+ *
+ * For more information about concepts for AWS CloudFormation StackSets, see
+ * [StackSets
+ * concepts](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html)
+ * in the AWS CloudFormation User Guide.
+ *
+ * If you use this action to make an update that includes adding stack
+ * instances, the new instances are deployed first and the update is completed
+ * last. The new instances first receive the old version, and then the update is
+ * applied to all instances.
+ *
+ * As a best practice, you should construct your pipeline so that the stack set
+ * is created and initially deploys to a subset or a single instance. After you
+ * test your deployment and view the generated stack set, then add the
+ * CloudFormationStackInstances action so that the remaining instances are
+ * created and updated.
+ */
+export declare class CloudFormationDeployStackSetAction extends Action {
+    private readonly props;
+    private readonly deploymentModel;
+    constructor(props: CloudFormationDeployStackSetActionProps);
+    protected bound(scope: Construct, _stage: codepipeline.IStage, options: codepipeline.ActionBindOptions): codepipeline.ActionConfig;
+}

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackset-action.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CloudFormationDeployStackSetAction=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var singleton_policy_1=()=>{var tmp=require("./private/singleton-policy");return singleton_policy_1=()=>tmp,tmp},stackset_types_1=()=>{var tmp=require("./stackset-types");return stackset_types_1=()=>tmp,tmp},codepipeline=()=>{var tmp=require("../../../aws-codepipeline");return codepipeline=()=>tmp,tmp},action_1=()=>{var tmp=require("../action");return action_1=()=>tmp,tmp},common_1=()=>{var tmp=require("../common");return common_1=()=>tmp,tmp};class CloudFormationDeployStackSetAction extends action_1().Action{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_codepipeline_actions.CloudFormationDeployStackSetAction",version:"2.252.0"};props;deploymentModel;constructor(props){super({...props,region:props.stackSetRegion,provider:"CloudFormationStackSet",category:codepipeline().ActionCategory.DEPLOY,artifactBounds:{minInputs:1,maxInputs:3,minOutputs:0,maxOutputs:0},inputs:[...props.template._artifactsReferenced??[],...props.parameters?._artifactsReferenced??[],...props.stackInstances?._artifactsReferenced??[]]});try{jsiiDeprecationWarnings().aws_cdk_lib_aws_codepipeline_actions_CloudFormationDeployStackSetActionProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,CloudFormationDeployStackSetAction),error}this.props=props,this.deploymentModel=props.deploymentModel??stackset_types_1().StackSetDeploymentModel.selfManaged(),(0,common_1().validatePercentage)("failureTolerancePercentage",props.failureTolerancePercentage),(0,common_1().validatePercentage)("maxAccountConcurrencyPercentage",props.maxAccountConcurrencyPercentage)}bound(scope,_stage,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_codepipeline_IStage(_stage),jsiiDeprecationWarnings().aws_cdk_lib_aws_codepipeline_ActionBindOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.bound),error}const singletonPolicy=singleton_policy_1().SingletonPolicy.forRole(options.role);singletonPolicy.grantCreateUpdateStackSet(this.props);const instancesResult=this.props.stackInstances?._bind(scope),permissionModelBind=this.deploymentModel?._bind(scope);for(const role of permissionModelBind?.passedRoles??[])singletonPolicy.grantPassRole(role);return(this.actionProperties.inputs||[]).length>0&&options.bucket.grantRead(singletonPolicy),{configuration:{StackSetName:this.props.stackSetName,Description:this.props.description,TemplatePath:this.props.template._render(),Parameters:this.props.parameters?._render(),Capabilities:(0,singleton_policy_1().parseCapabilities)(this.props.cfnCapabilities),FailureTolerancePercentage:this.props.failureTolerancePercentage,MaxConcurrentPercentage:this.props.maxAccountConcurrencyPercentage,...instancesResult?.stackSetConfiguration,...permissionModelBind?.stackSetConfiguration}}}}exports.CloudFormationDeployStackSetAction=CloudFormationDeployStackSetAction;

cdk/node_modules/aws-cdk-lib/aws-codepipeline-actions/lib/cloudformation/stackset-types.d.ts

@@ -0,0 +1,369 @@
+import type { Construct } from 'constructs';
+import type * as codepipeline from '../../../aws-codepipeline';
+import * as iam from '../../../aws-iam';
+/**
+ * Options in common between both StackSet actions
+ */
+export interface CommonCloudFormationStackSetOptions {
+    /**
+     * The percentage of accounts per Region for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. If
+     * the operation is stopped in a Region, AWS CloudFormation doesn't attempt the operation in subsequent Regions. When calculating the number
+     * of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number.
+     *
+     * @default 0%
+     */
+    readonly failureTolerancePercentage?: number;
+    /**
+     * The maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified
+     * percentage, AWS CloudFormation rounds down to the next whole number. If rounding down would result in zero, AWS CloudFormation sets the number as
+     * one instead. Although you use this setting to specify the maximum, for large deployments the actual number of accounts acted upon concurrently
+     * may be lower due to service throttling.
+     *
+     * @default 1%
+     */
+    readonly maxAccountConcurrencyPercentage?: number;
+    /**
+     * The AWS Region the StackSet is in.
+     *
+     * Note that a cross-region Pipeline requires replication buckets to function correctly.
+     * You can provide their names with the `PipelineProps.crossRegionReplicationBuckets` property.
+     * If you don't, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets,
+     * that you will need to `cdk deploy` before deploying the main, Pipeline-containing Stack.
+     *
+     * @default - same region as the Pipeline
+     */
+    readonly stackSetRegion?: string;
+}
+/**
+ * The source of a StackSet template
+ */
+export declare abstract class StackSetTemplate {
+    /**
+     * Use a file in an artifact as Stack Template.
+     */
+    static fromArtifactPath(artifactPath: codepipeline.ArtifactPath): StackSetTemplate;
+    /**
+     * Which artifacts are referenced by this template
+     *
+     * Does not need to be called by app builders.
+     *
+     * @internal
+     */
+    abstract readonly _artifactsReferenced?: codepipeline.Artifact[] | undefined;
+    /**
+     * Render the template to the pipeline
+     *
+     * Does not need to be called by app builders.
+     *
+     * @internal
+     */
+    abstract _render(): any;
+}
+/**
+ * Where Stack Instances will be created from the StackSet
+ */
+export declare abstract class StackInstances {
+    /**
+     * Create stack instances in a set of accounts and regions passed as literal lists
+     *
+     * Stack Instances will be created in every combination of region and account.
+     *
+     * > NOTE: `StackInstances.inAccounts()` and `StackInstances.inOrganizationalUnits()`
+     * > have exactly the same behavior, and you can use them interchangeably if you want.
+     * > The only difference between them is that your code clearly indicates what entity
+     * > it's working with.
+     */
+    static inAccounts(accounts: string[], regions: string[]): StackInstances;
+    /**
+     * Create stack instances in all accounts in a set of Organizational Units (OUs) and regions passed as literal lists
+     *
+     * If you want to deploy to Organization Units, you must choose have created the StackSet
+     * with `deploymentModel: DeploymentModel.organizations()`.
+     *
+     * Stack Instances will be created in every combination of region and account.
+     *
+     * > NOTE: `StackInstances.inAccounts()` and `StackInstances.inOrganizationalUnits()`
+     * > have exactly the same behavior, and you can use them interchangeably if you want.
+     * > The only difference between them is that your code clearly indicates what entity
+     * > it's working with.
+     */
+    static inOrganizationalUnits(ous: string[], regions: string[]): StackInstances;
+    /**
+     * Create stack instances in a set of accounts or organizational units taken from the pipeline artifacts, and a set of regions
+     *
+     * The file must be a JSON file containing a list of strings. For example:
+     *
+     * ```json
+     * [
+     *   "111111111111",
+     *   "222222222222",
+     *   "333333333333"
+     * ]
+     * ```
+     *
+     * Stack Instances will be created in every combination of region and account, or region and
+     * Organizational Units (OUs).
+     *
+     * If this is set of Organizational Units, you must have selected `StackSetDeploymentModel.organizations()`
+     * as deployment model.
+     */
+    static fromArtifactPath(artifactPath: codepipeline.ArtifactPath, regions: string[]): StackInstances;
+    /**
+     * Create stack instances in a literal set of accounts or organizational units, and a set of regions
+     *
+     * Stack Instances will be created in every combination of region and account, or region and
+     * Organizational Units (OUs).
+     *
+     * If this is set of Organizational Units, you must have selected `StackSetDeploymentModel.organizations()`
+     * as deployment model.
+     */
+    private static fromList;
+    /**
+     * The artifacts referenced by the properties of this deployment target
+     *
+     * Does not need to be called by app builders.
+     *
+     * @internal
+     */
+    readonly _artifactsReferenced?: codepipeline.Artifact[];
+    /**
+     * Called to attach the stack set instances to a stackset action
+     *
+     * Does not need to be called by app builders.
+     *
+     * @internal
+     */
+    abstract _bind(scope: Construct): StackInstancesBindResult;
+}
+/**
+ * Returned by the StackInstances.bind() function
+ *
+ * Does not need to be used by app builders.
+ *
+ * @internal
+ */
+export interface StackInstancesBindResult {
+    /**
+     * Properties to mix into the Action configuration
+     */
+    readonly stackSetConfiguration: any;
+}
+/**
+ * Base parameters for the StackSet
+ */
+export declare abstract class StackSetParameters {
+    /**
+     * A list of template parameters for your stack set.
+     *
+     * You must specify all template parameters. Parameters you don't specify will revert
+     * to their `Default` values as specified in the template.
+     *
+     * Specify the names of parameters you want to retain their existing values,
+     * without specifying what those values are, in an array in the second
+     * argument to this function. Use of this feature is discouraged. CDK is for
+     * specifying desired-state infrastructure, and use of this feature makes the
+     * parameter values unmanaged.
+     *
+     * @example
+     *
+     * const parameters = codepipeline_actions.StackSetParameters.fromLiteral({
+     *  BucketName: 'my-bucket',
+     *  Asset1: 'true',
+     * });
+     */
+    static fromLiteral(parameters: Record<string, string>, usePreviousValues?: string[]): StackSetParameters;
+    /**
+     * Read the parameters from a JSON file from one of the pipeline's artifacts
+     *
+     * The file needs to contain a list of `{ ParameterKey, ParameterValue, UsePreviousValue }` objects, like
+     * this:
+     *
+     * ```
+     * [
+     *     {
+     *         "ParameterKey": "BucketName",
+     *         "ParameterValue": "my-bucket"
+     *     },
+     *     {
+     *         "ParameterKey": "Asset1",
+     *         "ParameterValue": "true"
+     *     },
+     *     {
+     *         "ParameterKey": "Asset2",
+     *         "UsePreviousValue": true
+     *     }
+     * ]
+     * ```
+     *
+     * You must specify all template parameters. Parameters you don't specify will revert
+     * to their `Default` values as specified in the template.
+     *
+     * For of parameters you want to retain their existing values
+     * without specifying what those values are, set `UsePreviousValue: true`.
+     * Use of this feature is discouraged. CDK is for
+     * specifying desired-state infrastructure, and use of this feature makes the
+     * parameter values unmanaged.
+     */
+    static fromArtifactPath(artifactPath: codepipeline.ArtifactPath): StackSetParameters;
+    /**
+     * Artifacts referenced by this parameter set
+     *
+     * @internal
+     */
+    abstract readonly _artifactsReferenced: codepipeline.Artifact[];
+    /**
+     * Converts Parameters to a string.
+     *
+     * @internal
+     */
+    abstract _render(): string;
+}
+/**
+ * Determines how IAM roles are created and managed.
+ */
+export declare abstract class StackSetDeploymentModel {
+    /**
+     * Deploy to AWS Organizations accounts.
+     *
+     * AWS CloudFormation StackSets automatically creates the IAM roles required
+     * to deploy to accounts managed by AWS Organizations. This requires an
+     * account to be a member of an Organization.
+     *
+     * Using this deployment model, you can specify either AWS Account Ids or
+     * Organization Unit Ids in the `stackInstances` parameter.
+     */
+    static organizations(props?: OrganizationsDeploymentProps): StackSetDeploymentModel;
+    /**
+     * Deploy to AWS Accounts not managed by AWS Organizations
+     *
+     * You are responsible for creating Execution Roles in every account you will
+     * be deploying to in advance to create the actual stack instances. Unless you
+     * specify overrides, StackSets expects the execution roles you create to have
+     * the default name `AWSCloudFormationStackSetExecutionRole`. See the [Grant
+     * self-managed
+     * permissions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html)
+     * section of the CloudFormation documentation.
+     *
+     * The CDK will automatically create the central Administration Role in the
+     * Pipeline account which will be used to assume the Execution Role in each of
+     * the target accounts.
+     *
+     * If you wish to use a pre-created Administration Role, use `Role.fromRoleName()`
+     * or `Role.fromRoleArn()` to import it, and pass it to this function:
+     *
+     * ```ts
+     * const existingAdminRole = iam.Role.fromRoleName(this, 'AdminRole', 'AWSCloudFormationStackSetAdministrationRole');
+     *
+     * const deploymentModel = codepipeline_actions.StackSetDeploymentModel.selfManaged({
+     *   // Use an existing Role. Leave this out to create a new Role.
+     *   administrationRole: existingAdminRole,
+     * });
+     * ```
+     *
+     * Using this deployment model, you can only specify AWS Account Ids in the
+     * `stackInstances` parameter.
+     *
+     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html
+     */
+    static selfManaged(props?: SelfManagedDeploymentProps): StackSetDeploymentModel;
+    /**
+     * Bind to the Stack Set action and return the Action configuration
+     *
+     * Does not need to be called by app builders.
+     *
+     * @internal
+     */
+    abstract _bind(scope: Construct): StackSetDeploymentModelBindResult;
+}
+/**
+ * Returned by the StackSetDeploymentModel.bind() function
+ *
+ * Does not need to be used by app builders.
+ *
+ * @internal
+ */
+export interface StackSetDeploymentModelBindResult {
+    /**
+     * Properties to mix into the Action configuration
+     */
+    readonly stackSetConfiguration: any;
+    /**
+     * Roles that need to be passed by the pipeline action
+     *
+     * @default - No roles
+     */
+    readonly passedRoles?: iam.IRole[];
+}
+/**
+ * Properties for configuring service-managed (Organizations) permissions
+ */
+export interface OrganizationsDeploymentProps {
+    /**
+     * Automatically deploy to new accounts added to Organizational Units
+     *
+     * Whether AWS CloudFormation StackSets automatically deploys to AWS
+     * Organizations accounts that are added to a target organization or
+     * organizational unit (OU).
+     *
+     * @default Disabled
+     */
+    readonly autoDeployment?: StackSetOrganizationsAutoDeployment;
+}
+/**
+ * Describes whether AWS CloudFormation StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or
+ * organizational unit (OU).
+ */
+export declare enum StackSetOrganizationsAutoDeployment {
+    /**
+     * StackSets automatically deploys additional stack instances to AWS Organizations accounts that are added to a target organization or
+     * organizational unit (OU) in the specified Regions. If an account is removed from a target organization or OU, AWS CloudFormation StackSets
+     * deletes stack instances from the account in the specified Regions.
+     */
+    ENABLED = "Enabled",
+    /**
+     * StackSets does not automatically deploy additional stack instances to AWS Organizations accounts that are added to a target organization or
+     * organizational unit (OU) in the specified Regions.
+     */
+    DISABLED = "Disabled",
+    /**
+     * Stack resources are retained when an account is removed from a target organization or OU.
+     */
+    ENABLED_WITH_STACK_RETENTION = "EnabledWithStackRetention"
+}
+/**
+ * Properties for configuring self-managed permissions
+ */
+export interface SelfManagedDeploymentProps {
+    /**
+     * The IAM role in the administrator account used to assume execution roles in the target accounts
+     *
+     * You must create this role before using the StackSet action.
+     *
+     * The role needs to be assumable by CloudFormation, and it needs to be able
+     * to `sts:AssumeRole` each of the execution roles (whose names are specified
+     * in the `executionRoleName` parameter) in each of the target accounts.
+     *
+     * If you do not specify the role, we assume you have created a role named
+     * `AWSCloudFormationStackSetAdministrationRole`.
+     *
+     * @default - Assume an existing role named `AWSCloudFormationStackSetAdministrationRole` in the same account as the pipeline.
+     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html
+     */
+    readonly administrationRole?: iam.IRole;
+    /**
+     * The name of the IAM role in the target accounts used to perform stack set operations.
+     *
+     * You must create these roles in each of the target accounts before using the
+     * StackSet action.
+     *
+     * The roles need to be assumable by by the `administrationRole`, and need to
+     * have the permissions necessary to successfully create and modify the
+     * resources that the subsequent CloudFormation deployments need.
+     * Administrator permissions would be commonly granted to these, but if you can
+     * scope the permissions down frome there you would be safer.
+     *
+     * @default AWSCloudFormationStackSetExecutionRole
+     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html
+     */
+    readonly executionRoleName?: string;
+}