Variables

You can specify variables for organizational units and accounts with the vars property. It is an object whose keys are variable names and values contain the values for the corresponding variables. Variable values can be strings, numbers, booleans, objects or lists of the aforementioned types.

Organizational units inherit variables from their parents, and accounts inherit variables from the organizational unit they belong to.

If you want to apply variables to all organizational units groups and accounts, you can define the vars property at the top-level of the organization configuration.

Example

This is how you use variables.

organization.yml
# Top-level variables
vars:
  cost-center: 12345
  budget: 2000

accountCreation:
  defaults:
    iamUserAccessToBilling: true
    roleName: MyAccountAdminRole  
  constraints:
    namePattern: "^my-account-[a-z0-9-]+$"
    emailPattern: "^admin\\+my-account-[0-9a-z-]+@example.com$"

masterAccountId: "098765432100"

organizationAdminRoleName: MyOrganizationAdminRole
accountAdminRoleName: MyAccountAdminRole
accountBootstrapRoleName: MyBootstrapRole
 
serviceControlPolicies:
  restrict-by-regions:
    description: Restrict regions
  FullAWSAccess:
    description: AWS managed default policy
    awsManaged: true
    
backupPolicies:
  MyBackups:
    description: Backup policy    
    
organizationalUnits:
  Root:
    serviceControlPolicies: FullAWSAccess
    accounts:
      - "098765432100"
    configSets: common
    bootstrapConfigSets: deployment-role 
  Root/Workloads:
    serviceControlPolicies: restrict-by-regions
    accountAdminRoleName: AnotherAdminRole
    accountBootstrapRoleName: AnotherBootstrapRole
    
    # Variables for organizational unit.
    # Inherit all variables from the top-level,
    # add a new variable named 'projectCode',
    # and override the 'budget' variable. 
    vars:
      projectCode: 1234
      budget: 3000
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        email: account@example.com
        description: This is a production account
        configSets: 
          - networking
  Root/Sandbox:
    accounts:
      - id: "123456789012"
        accountAdminRoleName: AccountSpecificRole
        accountBootstrapRoleName: AccountBootstrapRole
        backupPolicies:
          - MyBackups
  
        # Add account-specific variables
        vars:
          environmentName: sandbox
          foo: bar
          someList:
            - one
            - two
            - three  
      - "448873940474"
PreviousBootstrap config setsNextDeploying config sets

Last updated