Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Creating a Stack Set

Updated on 2024-12-12 GMT+08:00

Function

CreateStackSet

This is a synchronous API. This API creates an empty stack set that does not contain any stack instance and returns the stack set ID (stack_set_id).

URI

POST /v1/stack-sets

Request Parameters

Table 1 Request header parameters

Parameter

Mandatory

Type

Description

Client-Request-Id

Yes

String

Unique request ID. It is specified by a user and is used to locate a request. UUID is recommended.

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

stack_set_name

Yes

String

Name of a stack set. The name is unique within its domain (domain_id) and region. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is case-sensitive and must start with a letter.

stack_set_description

No

String

Description of a stack set. It can be used by customers to identify their own stack sets.

permission_model

No

String

Permission model. It defines the creation mode of the agency required for RFS to operate stack sets, default is SELF_MANAGED. You can use the CreateStackSet API to specify this parameter. This parameter does not support updating yet. If you want to update the permission model, you can delete and then create a stack set with the same name.

* SERVICE_MANAGED: Based on the Organization service, RFS will automatically create all IAM agency required when deploying organization member accounts. You can use this model to create stack sets only after setting "Resource Formation Stack Set service" as a trusted service in your organization. Only an organization administrator or a delegated administrator can create stack sets using SERVICE_MANAGED permissions.

* SELF_MANAGED: For deployment, you need to manually create agencies in advance, including the agency created by the management account for RFS and the agency created by the member account for the management account. The stack set creation will not fail if the agency does not exist or is incorrect. An error is reported only when the stack set or stack instance is deployed.

administration_agency_name

No

String

Administration agency names.

RFS uses this agency to obtain permissions that a member account grants to a management account.

This agency must contain the iam:tokens:assume permission to subsequently obtain the managed agency credentials. If it is not included, adding or deploying instances will fail.

When you define SELF_MANAGED permissions, you must specify either administration_agency_name or administration_agency_urn, but not both.

You are advised to specify administration_agency_urn when using a trust agency. administration_agency_name only receives agency names. If trust agency names are assigned to administration_agency_name, template fails to be deployed.

Do not specify this parameter when SERVICE_MANAGED permissions are used. Otherwise, error code 400 is returned.

managed_agency_name

No

String

Name of the managed agency.

RFS uses this agency to obtain the permissions required for deploying resources.

The names of the agencies that different member accounts grants to the management account must be the same. Currently, different agency permissions cannot be defined based on different providers.

This parameter must be specified when SELF_MANAGED permissions are defined. Do not specify this parameter when SERVICE_MANAGED permissions are used. Otherwise, error code 400 is returned.

template_body

No

String

HCL template, which describes the target status of a resource. RFS compares the difference between the statuses of this template and the current remote resource.

You can specify either template_body or template_uri, not both.

Note:

  • Stack sets do not encrypt sensitive data. RFS uses, logs, displays, and stores template_body as plaintext.

template_uri

No

String

OBS address of an HCL template. The template describes the target status of a resource. RFS compares the difference between the statuses of this template and the current remote resource.

Ensure that the OBS address is located in the same region as the RFS.

The corresponding file must be a tf file or a zip package.

A .tf file must be named with a .tf or .tf.json suffix, compatible with HCL, and UTF-8 encoded.

Currently, only the .zip package is supported. The file name extension must be .zip. The decompressed files cannot contain .tfvars files. The maximum size of the file is 1 MB before decompression and 1 MB after decompression. A maximum of 100 files can be archived to one .zip package.

You can specify either template_body or template_uri, not both.

Note:

  • Stack sets do not encrypt sensitive data. RFS uses, logs, displays, and stores the template file content corresponding to template_uri as plaintext.

    • If the template file specified by the template_uri is in .zip format, the names of the files or folders within the package contain a maximum of 255 bytes, the length of the longest directory cannot exceed 2048 bytes, and the size of the .zip package cannot exceed 1 MB.

vars_uri

No

String

OBS address of the HCL parameter file. Transferring parameters is supported by the HCL template. The same template can use different parameters for different purposes.

Ensure that the OBS address is located in the same region as the RFS.

  • vars_uri directs to a pre-signed URL of OBS. Currently, other addresses are not supported.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error 400 will be reported.

The content in vars_uri uses the tfvars format of HCL. You can save the content in .tfvars to a file, upload the file to OBS, and transfer the pre-signed URL of OBS to vars_uri.

  • Stack sets do not encrypt sensitive data. RFS uses, logs, displays, and stores the variable file content corresponding to vars_uri as plaintext.

vars_body

No

String

Content of the HCL variable file. Transferring parameters is supported by the HCL template. The same template can use different parameters for different purposes.

  • The vars_body uses the tfvars format of HCL. You can submit the content in the .tfvars file to the vars_body.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error 400 will be reported.

  • If vars_body is too large, you can use vars_uri.

  • Stack sets do not encrypt sensitive data. RFS uses, logs, displays, and stores vars_body as plaintext.

initial_stack_description

No

String

Description of stacks that is being initialized. It can be used to identify stacks managed by a stack set.

This description is used for stacks in the stack set only when they are created. To update the description of stacks that is being initialized, call the UpdateStackSet API.

If the stack set description is updated later, the managed stack description will not be updated synchronously.

administration_agency_urn

No

String

Administration agency URNs.

RFS uses this agency to obtain permissions that a member account grants to a management account.

This agency must contain the sts:tokens:assume permission to subsequently obtain the managed agency credentials. If it is not included, adding or deploying instances will fail.

When you define SELF_MANAGED permissions, you must specify either administration_agency_name or administration_agency_urn, but not both.

You are advised to specify administration_agency_urn when using a trust agency. administration_agency_name only receives agency names. If trust agency names are assigned to administration_agency_name, template fails to be deployed.

Do not specify this parameter when SERVICE_MANAGED permissions are used. Otherwise, error code 400 is returned.

managed_operation

No

managed_operation object

A set of properties used to manage the stack set operation.

call_identity

No

String

This parameter is only supported when the stack set permission model is SERVICE_MANAGED. Specify whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. By default, SELF is specified.

Use SELF for stack sets with self-managed permissions.

  • No matter what call identity is specified, the stack set involved in request is always belonging to management account.*

    • SELF - Invoked as to the management account.

    • DELEGATED_ADMIN - Invoked as a delegated administrator account. User account must be registered as a delegated administrator in the management account.

Table 3 managed_operation

Parameter

Mandatory

Type

Description

enable_parallel_operation

No

Boolean

This parameter indicates whether the stack set can create multiple stack set operations concurrently. As an attribute of the stack set, this parameter can be specified by using CreateStackSet API and updated by using UpdateStackSet API.

When false (default), the stack set performs one operation at a time in request order. To be specific, at a time, only one stack set operation in QUEUE_IN_PROGRESS or OPERATION_IN_PROGRESS status can be processed.

When true, the stack set can create operations concurrently, handle non-conflicting operations, and queue conflicting operations. When the conflicting operation is completed, the stack set continues to perform queuing operations in the order of requests. Currently, a maximum of 10 concurrent stack set operations are allowed to be created under the same stack set.

Note: When the stack set allows multiple operations to be created at the same time, if more than one operation deploys same stack instances, these operations are called conflicting operations.

When the stack set is in OPERATION_IN_PROGRESS status, this parameter is not allowed to be modified by UpdateStackSet API.

Currently, a maximum of 10 stack set operations in QUEUE_IN_PROGRESS or OPERATION_IN_PROGRESS status can exist in one stack set.

Response Parameters

Status code: 201

Table 4 Response body parameters

Parameter

Type

Description

stack_set_id

String

Unique ID of a stack set.

It is a UUID generated by RFS when a stack is created.

Stack set names are unique only at one specific time, so you can create a stack set named HelloWorld and another stack set with the same name after deleting the first one.

For parallel development in a team, users may want to ensure that the stack set they operate is the one created by themselves, not the one with the same name created by other teammates after deleting the previous one. Therefore, they can use this ID for strong matching.

RFS ensures that the ID of each stack set is different and does not change with updates. If the stack_set_id value is different from the current stack set ID, 400 is returned.

Status code: 400

Table 5 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 6 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 401

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 8 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 409

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 10 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 429

Table 11 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 12 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 500

Table 13 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.

Table 14 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Example Requests

  • Use the signed URL of OBS to transfer the template and administration agency names for creating a stack set.

    POST https://{endpoint}/v1/stack-sets
    
    {
      "stack_set_name" : "my_first_stack_set",
      "template_uri" : "https://my_hello_world_bucket.{region}.myhuaweicloud.com/vpc.tf",
      "managed_agency_name" : "my_managed_agency_name",
      "administration_agency_name" : "my_administration_agency_name"
    }
  • Use the template and administration agency URNs for creating a stack set.

    POST https://{endpoint}/v1/stack-sets
    
    {
      "stack_set_name" : "my_second_stack_set",
      "managed_agency_name" : "my_managed_agency_name",
      "administration_agency_urn" : "iam::my-domain-id:agency:my-agency-name",
      "template_body" : "terraform {\n    required_providers {\n      huaweicloud = {\n        source = \"huawei.com/provider/huaweicloud\"\n        version = \"1.41.0\"\n        }\n    }\n}\nprovider \"huaweicloud\"{\n    insecure = true\n    cloud = \"{cloud_name}\"\n    region = \"{region}\"\n    endpoints = {\n        iam = \"{iam_endpoint}\",\n    }\n}\n\nresource \"huaweicloud_vpc\" \"vpc\" {\n  cidr = \"172.16.0.0/16\"\n  name = \"my_vpc\"\n}"
    }

Example Responses

Status code: 201

Stack set created successfully

{
  "stack_set_id" : "1b15e005-bdbb-4bd7-8f9a-a09b6774b4b3"
}

Status Codes

Status Code

Description

201

Stack set created successfully

400

Invalid request.

401

Authentication failed.

403

  1. The user does not have the permission to call this API.

  2. The maximum number of stack sets has been reached.

409

Creation requests conflict. The stack set with the same name already exists.

429

Too frequent requests.

500

Internal server error.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback