This example demonstrates how to implement a custom resolver that utilizes an IAM role to access a stack in another account and read value from its outputs.
See the complete example at GitHub.
The example consists of the following files:
There are two stacks of which the stacks/iam-roles-example/stack-02.yml is more interesting as it uses the custom resolver output-reader. The stack configuration looks like this:
The custom resolver needs values for properties stackName, role, region, and outputName to access the target stack and read the value from its output.
This example uses the following environment variables:
- ACCOUNT_1_ID = An id of the first account
- ACCOUNT_1_ROLE = An IAM role ARN used to manage the first account
- ACCOUNT_2_ID = An id of the second account
- ACCOUNT_2_ROLE = An IAM role ARN used to manage the second account
You need to provide values for these variables before you can run the deploy or undeploy commands described below.
To deploy the example stack, run command:
To remove the created stack, run command:
Find more information from the documentation: