Before you can use StackSets, you must establish an account to be the administrator account, and then you must create roles in the administrator account and in the target accounts. In this recipe, you will deploy to a second region, rather than a second account, but those roles still must exist.

The roles must have the following names:

• AWSCloudFormationStackSetAdministrationRole
• AWSCloudFormationStackSetExecutionRole

Consult the AWS documentation for details on how to create these roles: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html.

You can create a stack with the following YAML, in order to create these roles in your account.

AWSTemplateFormatVersion: '2010-09-09'
Description: Deploys required roles for Stack Sets
Resources:
    AWSCloudFormationStackSetAdministrationRole:
        Type: AWS::CloudFormation::Stack
        Properties:
            TemplateURL: https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetAdministrationRole.yml 
            TimeoutInMinutes: '3'
    AWSCloudFormationStackSetExecutionRole:
        Type: AWS::CloudFormation::Stack
        Properties:
            TemplateURL: https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationStackSetExecutionRole.yml 
            TimeoutInMinutes: '3'
            Parameters:
                AdministratorAccountId : !Ref "AWS::AccountId"

Make sure that you take the time to fully understand how these roles work, since misconfiguration can allow the cross-account role to have more privileges than intended.