Help Center/ Resource Formation Service/ API Reference/ API/ Stack Sets/ Creating Stack Instances
Updated on 2024-11-04 GMT+08:00
View PDF
Share

Creating Stack Instances

Function

CreateStackInstance

This API creates multiple stack instances in a specified stack set and returns the stack set operation ID (stack_set_operation_id).

This API uses var_overrides to specify the variable values for creating a stack instance to override variables. If var_overrides are not assigned, the variables recorded in the current stack are used for deployment by default. For details, see the description of the var_overrides.

After the stack set variables are updated through the DeployStackSet API, the overridden variables in the stack instance are not updated and the overridden values are retained.

You can override only the variables recorded in the stack set. If you want to add variables that can be overridden, use the DeployStackSet API to update the variable set recorded in the stack set.

  • You can obtain the stack set operation status by calling the ShowStackSetOperationMetadata API based on the stack set operation ID (stack_set_operation_id).

URI

POST /v1/stack-sets/{stack_set_name}/stack-instances

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

stack_set_name

Yes

String

Stack set name. The name is unique within its domain (domain_id) and region. Only letters, digits, underscores (_), and hyphens (-) are allowed. The name is case-sensitive and must start with a letter.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

Client-Request-Id

Yes

String

Unique request ID. It is specified by a user and is used to locate a request. UUID is recommended.
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

stack_set_id

No

String

Unique ID of a stack set.

It is a UUID generated by RFS when a stack is created.

Stack set names are unique only at one specific time, so you can create a stack set named HelloWorld and another stack set with the same name after deleting the first one.

For parallel development in a team, users may want to ensure that the stack set they operate is the one created by themselves, not the one with the same name created by other teammates after deleting the previous one. Therefore, they can use this ID for strong matching.

RFS ensures that the ID of each stack set is different and does not change with updates. If the stack_set_id value is different from the current stack set ID, 400 is returned.

deployment_targets

Yes

deployment_targets object

Deployment target information.

var_overrides

No

var_overrides object

Variables that the user expects to update in the stack instance. Related variables will be overridden in all stack instances specified in this request, and the stack instances will be deployed based on the updated variables. The overwritten variables are permanently recorded in the stack instances and continue to be used in subsequent deployment until they are overridden in the next update.

Only the variable set (vars) recorded in the stack set can be overridden. If a variable that does not exist in vars is specified, error code 400 is returned. If you want to add variables that can be overridden, use the DeployStackSet API to update the variable set (vars) recorded in the stack set. After the stack set variable set (vars) is updated through the DeployStackSet API, the overridden variables in the stack instance are not updated and the overridden values are retained.

Variable overriding applies only to the variables specified by vars in the stack set, excluding the variables that use default values as defined in the template. If you want to override the variables that use the default values, use the DeployStackSet API to update the vars recorded in the stack set and explicitly define related variables in the vars.

Each time a user use the DeployStackSet API to update the vars of the stack set, error code 400 is returned for loss of the overridden variables recorded in the stack instance deployed to any targets. (The current overridden variables are not a subset of the vars of the updated stack set.)

In a new update, existing variables cannot be retained. Instead, all existing variables should be overridden.

The total length of the overridden vars_body of the stack instance does not exceed 51,200. After variable overriding, the size of the vars_uri file of the stack instance does not exceed 1 MB.

For example, the vars_body recorded in the stack set is "key1=value1, key2=value2...", and the new vars_body in the stack instance is "key1=another_value1". The length of the overridden vars_body "key1=another_value1, key2=value2...." cannot exceed 51,200.

For example, the file content specified by the vars_uri recorded in the stack set is "key1=value1, key2=value2...", and that of the new vars_uri in the stack instance is "key1=another_value1". The size of the file specified by the overridden vars_body "key1=another_value1, key2=value2...." cannot exceed 1 MB.

If var_overrides is not assigned, the variables recorded in the overridden stack instance are not updated. If you have assigned at least one of vars_uri, vars_body, and use_stack_set_vars, the variables will be updated through replacement. The new variables assigned by you override related variables in the specified stack instance.

All variable sets declared in vars_body, vars_uri, and use_stack_set_vars must be consistent with those recorded in the stack set. Error code 400 is returned for the following scenarios: variables that do not exist in the stack set are declared, variables that have been recorded in the stack set are not declared, and duplicate variables are declared.

Note:

  • To override a specified variable value, specify the name and value of the variable to be overridden in vars_uri or vars_body.

  • To roll back an overridden variable to the value recorded in the stack set, specify the name of the variable to be rolled back to in use_stack_set_vars.

    • To roll back all overridden variables to the values recorded in the stack set, specify the names of all variables recorded in the stack set in use_stack_set_vars.

    • To use the variable values recorded in the current stack instance for deployment, var_overrides are not required.

operation_preferences

No

operation_preferences object

The user-specified preferences for how to perform a stack set operation. This parameter takes effect only in a specified single operation.

If this parameter is not specified, the default operation preferences is that only one stack is deployed at a time and after all stack instances in a region are deployed completely, the next region will be selected randomly for deployment. The default value of failure tolerance count in a region is 0.

This parameter can be specified in the following APIs:

CreateStackInstance, DeployStackSet, UpdateStackInstance, DeleteStackInstance.

call_identity

No

String

This parameter is only supported when the stack set permission model is SERVICE_MANAGED. Specify whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. By default, SELF is specified.

Use SELF for stack sets with self-managed permissions.

  • No matter what call identity is specified, the stack set involved in request is always belonging to management account.*

    • SELF - Invoked as to the management account.

    • DELEGATED_ADMIN - Invoked as a delegated administrator account. User account must be registered as a delegated administrator in the management account.
Table 4 deployment_targets

Parameter

Mandatory

Type

Description

regions

Yes

Array of strings

Regions involved in the stack set operations are specified by the user.

  • If this parameter is specified in the DeployStackSet API, stack instances in the stack set are selected for deployment. This operation applies to the Cartesian product of the regions and domain_ids input by the user. If a region that is not managed by the stack set is specified, an error is reported. *

domain_ids

No

Array of strings

When the stack set permission model is SELF_MANAGED, the domain IDs involved in this operation is specified by the user.

  • If this parameter is specified in the DeployStackSet API, stack instances in the stack set are selected for deployment. This operation applies to the Cartesian product of the regions and domain_ids input by the user. If a domain_id that is not managed by the stack set is specified, an error is reported. *

When the stack set permission model is SERVICE_MANAGED, this parameter needs to be used with domain_id_filter_type. It's used to specify, exclude or additionally deploy the domain IDS of member accounts from the organizational units in deployment target.

You can specify either domain_ids or domain_ids_uri, but not both.

domain_ids_uri

No

String

When the stack set permission model is SELF_MANAGED, the OBS address of the domain IDs involved in this operation is specified by the user.

Tenant IDs are separated by commas (,) and line breaks are supported. Currently, only CSV files are supported, and the files should be encoded in UTF-8. The file size cannot exceed 100 KB.

Do not use Excel for operations on the CSV file to be uploaded. Otherwise, inconsistencies may occur in results read from the CSV file. You are advised to use Notepad to open the file and check whether the content complies with your expectation.

  • If this parameter is specified in the DeployStackSet API, stack instances in the stack set are selected for deployment. This operation applies to the Cartesian product of the domain_ids_uri file and regions input by the user. If a domain_id that is not managed by the stack set is specified, an error is reported. *

When the stack set permission model is SERVICE_MANAGED, this parameter needs to be used with domain_id_filter_type. Used to specify, exclude or additionally deploy the domain IDS of member accounts from the organizational units in deployment target.

You can specify either domain_ids or domain_ids_uri, but not both.

organizational_unit_ids

No

Array of strings

Organizational Unit (OU) IDs list. This parameter is only allowed to be specified when the stack set permission model is SERVICE_MANAGED.

The list of organizational_unit_ids, it can be the root organization (Root) ID or the ID of organizational units.

This parameter must be specified in the CreateStackInstances API. This API will asynchronously verify the OU IDs. Valid OU IDs and all non-empty sub-OU IDs will be managed by the stack set. This API allows specifying OU IDs that are not or already managed by the stack set.

  • If the stack set is not automatically deployed, it will not manage the empty sub-OUs (specifically, there are no member accounts under the sub-OU or the deployment excludes all member accounts). *

  • [Not supported] If the stack set is automatically deployed, it will also manage the empty sub-OUs (specifically, there are no member accounts under the sub-OU or the deployment excludes all member accounts). Automatic deployment only responds to changes in member accounts, not for organizational units changes, such as adding new OUs. Adding new OUs will not be automatically managed by the stack set. *

To deploy or delete resource stack instances (including DeployStackSet, UpdateStackInstances, DeleteStackInstances API) , only OU IDs that have been managed by the resource stack set are allowed to be specified. If you specify OU IDs that are not managed by the resource stack set records, an error will be reported.

This parameter must be specified in the DeleteStackInstances API.

You can call ShowStackSetMetadata API to get the OU IDs specified by CreateStackInstances API request.

Stack set will be deployed not only to users in the deployment target OUs, but also to users in all sub-OUs. Stack set assembly selects stack instances to create or deploy in the form of a Cartesian product based on all users under the OUs (including under sub-OUs) and the region list.

Stack sets will not choose administrator in organization as deployment target for stack instance creation or deployment, even if the organization administrator is in the given organization or the organization's OU.

domain_id_filter_type

No

String

Domain IDs filter type. This parameter is only supported when stack set permission model is SERVICE_MANAGED. By default, NONE is specified.

You can specify different filter types to include or exclude deployment target users by providing either domain_ids or domain_ids_uri, thus increasing or limiting the scope of deployment target and implement different deployment strategies.

  • INTERSECTION - Select specified accounts from the OUs in deployment target for deployment. You can specify either domain_ids or domain_ids_uri, but not both.

  • DIFFERENCE - Exclude specified accounts from the OUs in deployment target for deployment. You can specify either domain_ids or domain_ids_uri, but not both.

  • UNION - In addition to deploy all accounts from the OUs in deployment target, it will also deploy to the specified account. Users can deploy the OU and specific individual accounts in stack set operation by specifying both organizational_unit_ids and domain_ids/domain_ids_uri. You can specify either domain_ids or domain_ids_uri, but not both. CreateStackInstances does not allow using this type.

  • NONE - Only deploy to all accounts from the OUs in deployment target. You can not specify domain_ids or domain_ids_uri.
Table 5 var_overrides

Parameter

Mandatory

Type

Description

vars_uri

No

String

OBS address of the HCL parameter file. Transferring parameters is supported by the HCL template. The same template can use different parameters for different purposes.

Ensure that the OBS address is located in the same region as the RFS.

  • vars_uri directs to a pre-signed URL of OBS. Currently, other addresses are not supported.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error 400 will be reported.

The content in vars_uri uses the tfvars format of HCL. You can save the content in .tfvars to a file, upload the file to OBS, and transfer the pre-signed URL of OBS to vars_uri.

  • Stack sets do not encrypt sensitive data. RFS uses, logs, displays, and stores the variable file content corresponding to vars_uri as plaintext.

vars_body

No

String

Content of the HCL variable file. Transferring parameters is supported by the HCL template. The same template can use different parameters for different purposes.

  • The vars_body uses the tfvars format of HCL. You can submit the content in the .tfvars file to the vars_body.

  • RFS supports vars_structure, vars_body, and vars_uri. If they declare the same variable, error 400 will be reported.

  • If vars_body is too large, you can use vars_uri.

  • Stack sets do not encrypt sensitive data. RFS uses, logs, displays, and stores vars_body as plaintext.

use_stack_set_vars

No

Array of strings

Names of the variables whose values are recorded in the stack set and expected to be used for deployment.

You can select only the variables that have been recorded in the stack set. Otherwise, error code 400 is returned.

If the use_stack_set_vars contains name of a variable that has been overridden in the stack instance, the value of the variable is rolled back to that recorded in the stack set.
Table 6 operation_preferences

Parameter

Mandatory

Type

Description

region_concurrency_type

No

String

The concurrency type of deploying stack instances in regions. The value can be SEQUENTIAL (default) or PARALLEL. The value is case-sensitive.

Detailed introduction:

  • SEQUENTIAL: Stack instances are deployed in sequence among regions, that is, after all stack instances in a region are deployed completely, the next region will be selected for deployment.

  • PARALLEL: Stack instances are deployed in all specified regions concurrently.

region_order

No

Array of strings

Region deployment order. This parameter can be specified only when region_concurrency_type is set to SEQUENTIAL. The region_order must only contain all regions in this deployment target.

If this parameter is not specified, the region deployment order is random. The region_order takes effect only during a specified single operation.

failure_tolerance_count

No

Long

The maximum number of failed stack instances in a region. The value must be 0 or a positive integer. The default value is 0.

If the value of region_concurrency_type is SEQUENTIAL, when the number of stack instances that deploy failed in a region exceeds the failure_tolerance_count, all other instances that are still in WAIT_IN_PROGRESS status will be canceled. The status of the canceled instance changes to CANCEL_COMPLETE;

If the value of region_concurrency_type is PARALLEL, when the number of stack instances that deploy failed in a region exceeds the failure_tolerance_count, the stack set only cancels all instances that are still in WAIT_IN_PROGRESS status in this region. The status of the canceled instance changes to CANCEL_COMPLETE.

Stack instances that are in OPERATION_IN_PROGRESS status or have been deployed (that is, in OPERATION_COMPLETE or OPERATION_FAILED status) are not affected.

Only one of failure_tolerance_count and failure_tolerance_percentage can exist.

failure_tolerance_percentage

No

Long

The maximum percentage of failed stack instances in a region. The value must be 0 or a positive integer. The default value is 0.

By multiplying the failure_tolerance_percentage by the number of stack instances in the region and rounding it down, the actual number of failure tolerance count can be obtained.

Only one of failure_tolerance_count and failure_tolerance_percentage can exist.

max_concurrent_count

No

Long

The maximum number of concurrent accounts can be deployed in a region. The value must be a positive integer. The default value is 1.

max_concurrent_count is at most one more than the failure tolerance count. If failure_tolerance_percentage is specified, max_concurrent_count is at most one more than the result of failure_tolerance_percentage multiplied by the number of stack instances in a region to guarantee that the deployment stops at the required level of failure tolerance.

Only one of max_concurrent_count and max_concurrent_percentage can exist.

max_concurrent_percentage

No

Long

The maximum percentage of concurrent accounts can be deployed in a region. The value must be a positive integer. The default value is 1.

The RFS calculates the actual maximum number of concurrent accounts by rounding down the value obtained by multiplying the percentage by the number of stack instances in each region.

This actual maximum number of concurrent accounts is at most one more than the failure tolerance count. If failure_tolerance_percentage is specified, this actual maximum number of concurrent accounts is at most one more than the result of failure_tolerance_percentage multiplied by the number of stack instances in a region to guarantee that the deployment stops at the required level of failure tolerance.

Only one of max_concurrent_count and max_concurrent_percentage can exist.

failure_tolerance_mode

No

String

The failure tolerance mode of deploying stack instances in regions. The value can be STRICT_FAILURE_TOLERANCE or SOFT_FAILURE_TOLERANCE. The default value is STRICT_FAILURE_TOLERANCE. The value is case-sensitive.

Detailed introduction:

  • STRICT_FAILURE_TOLERANCE: This option dynamically lowers the concurrency level to ensure the number of failed stack instances never exceeds the value of failure_tolerance_count + 1. If failure_tolerance_percentage is specified, this option ensures the number of failed stack instances never exceeds the result of failure_tolerance_percentage multiplied by the number of stack instances in a region.

  • The initial actual maximum number of concurrent accounts is max_concurrent_count. If max_concurrent_percentage is specified, the initial actual maximum number of concurrent accounts is the result of max_concurrent_percentage multiplied by the number of stack instances. The actual maximum number of concurrent accounts is then reduced proportionally by the number of failed stack instances.

  • SOFT_FAILURE_TOLERANCE: This option separates failure_tolerance_count (failure_tolerance_percentage) from the actual maximum number of concurrent accounts. This option allows actual maximum number of concurrent accounts to keep at the concurrency level set by the max_concurrent_count, or max_concurrent_percentage.

  • This option does not ensure the number of failed stack instances is less than failure_tolerance_count + 1. If failure_tolerance_percentage is specified, this option does not ensure the number of failed stack instances is less than the result of max_concurrent_percentage multiplied by the number of stack instances.

Response Parameters

Status code: 202

Table 7 Response body parameters

Parameter

Type

Description

stack_set_operation_id

String

Unique ID of a stack set operation.

It is a UUID generated by RFS when a stack set operation is created.

Status code: 400

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.
Table 9 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 401

Table 10 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.
Table 11 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 403

Table 12 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.
Table 13 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 404

Table 14 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.
Table 15 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 429

Table 16 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.
Table 17 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Status code: 500

Table 18 Response body parameters

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

encoded_authorization_message

String

The message contains information about unauthorized requests.

details

Array of Detail objects

Detailed error messages returned by service when permission is denied.
Table 19 Detail

Parameter

Type

Description

error_code

String

Response code.

error_msg

String

Response message.

Example Requests

  • Assign member account information through the array of domain IDs. Stack instances are created in sequential mode among regions.

    POST https://{endpoint}/v1/stack-sets/my_hello_world_stack_set/stack-instances

{
  "deployment_targets" : {
    "regions" : [ "cn-north-7" ],
    "domain_ids" : [ "6cbcca2a2f114a63841bdbc7a19b7b12", "1e03325ba3cc47b1fdb03f3771bbb4f3" ]
  },
  "operation_preferences" : {
    "region_concurrency_type" : "SEQUENTIAL"
  }
}

  • Assign member account information through the URL signed by domain IDs. Stack instances are created in parallel mode among regions.

    POST https://{endpoint}/v1/stack-sets/my_hello_world_stack_set/stack-instances

{
  "deployment_targets" : {
    "regions" : [ "cn-north-7" ],
    "domain_ids_uri" : "https://my-obs.obs.cn-north-7.ulanqab.huawei.com/domain_ids.csv",
    "operation_preferences" : {
      "region_concurrency_type" : "PARALLEL"
    }
  }
}

Example Responses

Status code: 202

The request is accepted and processed asynchronously.

{
  "stack_set_operation_id" : "fb5e781e-a27d-46e2-9954-242753857a9f"
}

Status Codes

Status Code

Description

202

The request is accepted and processed asynchronously.

400

Invalid request.

401

Authentication failed.

403

  1. The user does not have the permission to call this API.

  2. The stack set status is invalid. Parallel operations are not allowed.

404

The stack set does not exist.

429

Too frequent requests.

500

Internal server error.
Parent topic: Stack Sets