diff --git a/docs/_source/docs/stack_config.rst b/docs/_source/docs/stack_config.rst index aeb28afea..7dc54384f 100644 --- a/docs/_source/docs/stack_config.rst +++ b/docs/_source/docs/stack_config.rst @@ -20,6 +20,7 @@ particular Stack. The available keys are listed below. - `parameters`_ *(optional)* - `protected`_ *(optional)* - `role_arn`_ *(optional)* +- `iam_role`_ *(optional)* - `sceptre_user_data`_ *(optional)* - `stack_name`_ *(optional)* - `stack_tags`_ *(optional)* @@ -179,6 +180,28 @@ role_arn The ARN of a `CloudFormation Service Role`_ that is assumed by CloudFormation to create, update or delete resources. +iam_role +~~~~~~~~ + +This is the IAM Role ARN that **Sceptre** should *assume* using AWS STS when executing any actions +on the Stack. + +This is different from the ``role_arn`` option, which sets a CloudFormation service role for the +stack. The ``iam_role`` configuration does not configure anything on the stack itself. + +This is also different from the ``profile`` StackGroup configuration, though there are similarities. +``profile`` references the name of a locally-defined profile configured using the AWS CLI. This is +the *"user"* that Sceptre is operating as. However, `iam_role` is a defined role ARN (typically one +with elevated permissions the user doesn't otherwise have access to) that the user will assume in +order to execute the actions on a specific stack group. + +Using ``iam_role`` can be useful if the user or system executing Sceptre needs an alternative +permissions set to perform the required actions on that stack, such as might be the case with a +CI/CD system like Jenkins. + +In order to use this argument, however, the role needs to have an AssumeRolePolicyDocument that +permits the user to assume that role. + sceptre_user_data ~~~~~~~~~~~~~~~~~ diff --git a/docs/_source/docs/stack_group_config.rst b/docs/_source/docs/stack_group_config.rst index cff3aeabd..63462de6c 100644 --- a/docs/_source/docs/stack_group_config.rst +++ b/docs/_source/docs/stack_group_config.rst @@ -99,7 +99,6 @@ require_version A `PEP 440`_ compatible version specifier. If the Sceptre version does not fall within the given version requirement it will abort. - .. _stack_group_config_cascading_config: Cascading Config