Variables

You can specify variables for organizational units and accounts with the vars property. It is an object whose keys are variable names and values contain the values for the corresponding variables. Variable values can be strings, numbers, booleans, objects or lists of the aforementioned types. 
Organizational units inherit variables from their parents, and accounts inherit variables from the organizational unit they belong to.
If you want to apply variables to all organizational units groups and accounts, you can define the vars property at the top-level of the organization configuration.
Example
This is how you use variables.
organization.yml
1
# Top-level variables
2
vars:
3
  cost-center: 12345
4
  budget: 2000
5
​
6
accountCreation:
7
  defaults:
8
    iamUserAccessToBilling: true
9
    roleName: MyAccountAdminRole  
10
  constraints:
11
    namePattern: "^my-account-[a-z0-9-]+quot;
12
    emailPattern: "^admin\\+my-account-[0-9a-z-][email protected]quot;
13
​
14
masterAccountId: "098765432100"
15
​
16
organizationAdminRoleName: MyOrganizationAdminRole
17
accountAdminRoleName: MyAccountAdminRole
18
accountBootstrapRoleName: MyBootstrapRole
19
 
20
serviceControlPolicies:
21
  restrict-by-regions:
22
    description: Restrict regions
23
  FullAWSAccess:
24
    description: AWS managed default policy
25
    awsManaged: true
26
    
27
backupPolicies:
28
  MyBackups:
29
    description: Backup policy    
30
    
31
organizationalUnits:
32
  Root:
33
    serviceControlPolicies: FullAWSAccess
34
    accounts:
35
      - "098765432100"
36
    configSets: common
37
    bootstrapConfigSets: deployment-role 
38
  Root/Workloads:
39
    serviceControlPolicies: restrict-by-regions
40
    accountAdminRoleName: AnotherAdminRole
41
    accountBootstrapRoleName: AnotherBootstrapRole
42
    
43
    # Variables for organizational unit.
44
    # Inherit all variables from the top-level,
45
    # add a new variable named 'projectCode',
46
    # and override the 'budget' variable. 
47
    vars:
48
      projectCode: 1234
49
      budget: 3000
50
  Root/Workloads/Dev: {}
51
  Root/Workloads/Test: {}
52
  Root/Workloads/Prod: 
53
    accounts:
54
      - id: "876754648373"
55
        name: MyAccount
56
        email: [email protected]
57
        description: This is a production account
58
        configSets: 
59
          - networking
60
  Root/Sandbox:
61
    accounts:
62
      - id: "123456789012"
63
        accountAdminRoleName: AccountSpecificRole
64
        accountBootstrapRoleName: AccountBootstrapRole
65
        backupPolicies:
66
          - MyBackups
67
  
68
        # Add account-specific variables
69
        vars:
70
          environmentName: sandbox
71
          foo: bar
72
          someList:
73
            - one
74
            - two
75
            - three  
76
      - "448873940474"
Copied!

Account stacks - Previous

Bootstrap config sets

Next - Account stacks

Deploying config sets

Last modified 3mo ago

Copy link

Contents