Error: Parameters: must have values

[schnipseljagd]

When using StackSetTarget.fromAccounts with parameterOverrides the CDK synth works fine but when trying to deploy it the deployment fails:

TestStack failed: Error: The stack named TestStack failed to deploy: UPDATE_ROLLBACK_COMPLETE: Resource handler returned message: "Parameters: [DevopsAccountId] must have values (Service: CloudFormation, Status Code: 400, Request ID: xxx)"

class TeamWorkloadAccountStackSet extends StackSetStack {
  constructor(scope: Construct, id: string) {
    super(scope, id)

    const devopsAccountIdParameter = new CfnParameter(this, 'DevopsAccountId', {
      type: 'String',
      description: 'The account ID of the associated devops account',
    })

    const role = new iam.Role(this, 'DevopsCrossAccountRole:', {
      roleName: 'devops-cross-account-role',
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'),
      ],
      assumedBy: new iam.AccountPrincipal(
        devopsAccountIdParameter
      ),
    })
    Tags.of(role).add('Pulumi', 'DevopsCrossAccountRole')
  }
}

 const teamWorkloadAccountStackSetStack = new TeamWorkloadAccountStackSet(
      this,
      'TeamWorkloadAccountStackSetStack',
    )
 const stackSet = new StackSet(this, 'TeamWorkloadAccountStackSet', {
      capabilities: [Capability.NAMED_IAM],
      template: StackSetTemplate.fromStackSetStack(
        teamWorkloadAccountStackSetStack,
      ),
      deploymentType: DeploymentType.selfManaged({
        adminRole: this.selfManagedStackSetAdministratorRole,
        executionRoleName: 'AWSCloudFormationStackSetExecutionRole',
      }),
      target: StackSetTarget.fromAccounts({
        regions: ['eu-central-1'],
        accounts: ['xxx'],
        parameterOverrides: {
          DevopsAccountId: 'xxx',
        },
      })
    })

A workaround is to fix the parameters via Cloudformation:

// this fixes a bug with the parameters in the cdk-stacksets library
    const cfnStackSet = stackSet.node.defaultChild as CfnStackSet
    cfnStackSet.addOverride('Properties.Parameters', [{
      'ParameterKey': 'DevopsAccountId',
      'ParameterValue': ''
    }])

[barticus]

Thanks for this, it helped me out. I made a little helper method if anyone wants it:

function createStackSet(scope: Construct, id: string, props: StackSetProps & { parameters?: Record<string, string> }) {
  const { parameters, ...stackSetProps } = props;
  const stackSet = new StackSet(scope, id, stackSetProps);
  if (parameters) {
    const cfnStackSet = stackSet.node.defaultChild as CfnStackSet;
    cfnStackSet.addOverride(
      'Properties.Parameters',
      Object.entries(parameters).map(([ParameterKey, ParameterValue]) => ({ ParameterKey, ParameterValue }))
    );
  }
  return stackSet;
}

[pcholakov]

Bumped into the same issue; it seems to me like overrides are for per-target overrides, and parameters have to be provided via the top-level StackSet parameters property. I ended up having to patch the Cfn output to work around the lack of an exposed parameters property.

For workarounds, you can access the parameters property of CfnStackSet directly:

(stackSet.node.defaultChild as CfnStackSet).parameters = [
  {
    parameterKey: "Key",
    parameterValue: "Value",
  },
];

[pcholakov]

I have proposed adding a parameters attribute directly to the StackSetProps to remove the need to set overrides directly in the CloudFormation schema: #447. Would love to know your thoughts before I go add coverage to the integration test.