Variables

You can specify variables for organizational units and accounts with the vars property. It is an object whose keys are variable names and values contain the values for the corresponding variables. Variable values can be strings, numbers, booleans, objects or lists of the aforementioned types. 
Organizational units inherit variables from their parents, and accounts inherit variables from the organizational unit they belong to.
If you want to apply variables to all organizational units groups and accounts, you can define the vars property at the top-level of the organization configuration.
Example
This is how you use variables.
organization.yml
# Top-level variables
vars:
  cost-center: 12345
  budget: 2000
​
accountCreation:
  defaults:
    iamUserAccessToBilling: true
    roleName: MyAccountAdminRole  
  constraints:
    namePattern: "^my-account-[a-z0-9-]+$"
    emailPattern: "^admin\\+my-account-[0-9a-z-][email protected]$"
​
masterAccountId: "098765432100"
​
organizationAdminRoleName: MyOrganizationAdminRole
accountAdminRoleName: MyAccountAdminRole
accountBootstrapRoleName: MyBootstrapRole
 
serviceControlPolicies:
  restrict-by-regions:
    description: Restrict regions
  FullAWSAccess:
    description: AWS managed default policy
    awsManaged: true
    
backupPolicies:
  MyBackups:
    description: Backup policy    
    
organizationalUnits:
  Root:
    serviceControlPolicies: FullAWSAccess
    accounts:
      - "098765432100"
    configSets: common
    bootstrapConfigSets: deployment-role 
  Root/Workloads:
    serviceControlPolicies: restrict-by-regions
    accountAdminRoleName: AnotherAdminRole
    accountBootstrapRoleName: AnotherBootstrapRole
    
    # Variables for organizational unit.
    # Inherit all variables from the top-level,
    # add a new variable named 'projectCode',
    # and override the 'budget' variable. 
    vars:
      projectCode: 1234
      budget: 3000
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        email: [email protected]
        description: This is a production account
        configSets: 
          - networking
  Root/Sandbox:
    accounts:
      - id: "123456789012"
        accountAdminRoleName: AccountSpecificRole
        accountBootstrapRoleName: AccountBootstrapRole
        backupPolicies:
          - MyBackups
  
        # Add account-specific variables
        vars:
          environmentName: sandbox
          foo: bar
          someList:
            - one
            - two
            - three  
      - "448873940474"
Last modified 1yr ago