Enhancement: support OrganizationalUnit ID as parameter in the template

[wellsiau-aws]

Summary

The solution accept comma delimited list of accounts to be included in the initial launch as parameter LaunchAccountList. This could range from 10 to 100s of account depending on the size of the organization.

Desired Behaviour

The template should take new parameter LaunchOUList or reuse the existing parameter LaunchAccountList by accepting both account ids and Organizational Unit (OU) ids.

Possible Solution

Modify the StackSet to use service-managed permission, which allow us to pass either account ids or OU ids.

Additional context

Changes required on: https://github.com/newrelic-experimental/newrelic-control-tower-customization/blob/aws-quick-start/functions/source/stackset/stackset.py#L63

Ref: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cloudformation.html#CloudFormation.Client.create_stack_instances

DeploymentTargets (dict) --

[Service-managed permissions] The AWS Organizations accounts for which to create stack instances in the specified Regions.

You can specify Accounts or DeploymentTargets , but not both.