Working simultaneously with multiple accounts usually requires switching between many credentials or IAM roles. This poses a real risk of accidentally deploying infrastructure to the wrong account.
You can mitigate this risk with the
accountIds property, which lets you define a list of allowed accounts to deploy a stack. It accepts a single account id or a list of account ids.
A single allowed account:
A list of allowed accounts:
Where to define
accountIds property can be defined in stack and stack group configuration files. If specified in a stack group, the stack group's children and stacks inherit the value. Stack groups and stacks can override the value they have inherited from their parent.
accountIds property must satisfy these requirements:
- Must be a string or a list of strings
- Account ids must be valid AWS account ids