# Creating accounts

You create new accounts to your organization using the [create account command](/command-line-usage/account/create-account.md).

#### Example

Create a new account:

```bash
tkm org accounts create \
  --email my-account-1@example.com \
  --name my-account
```

## Account defaults

When creating a new account, you can optionally specify if the account's IAM users should have access to the account's billing information and what is the name of the IAM role AWS Organizations creates in the account. You can use `accountCreation` property specify the default values for these options in the organization configuration file:

{% code title="organization.yml" %}

```yaml
# This is how you set the defaults for account creation.
accountCreation:
  defaults:
    iamUserAccessToBilling: true
    roleName: MyAccountAdminRole 

masterAccountId: "098765432100"

organizationAdminRoleName: MyOrganizationAdminRole

serviceControlPolicies:
  restrict-by-regions:
    description: Restrict regions
  FullAWSAccess:
    description: AWS managed default policy
    awsManaged: true
    
backupPolicies:
  MyBackups:
    description: Backup policy    
    
organizationalUnits:
  Root:
    serviceControlPolicies: FullAWSAccess
    accounts:
      - "098765432100"    
  Root/Workloads:
    serviceControlPolicies: restrict-by-regions
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        email: account@example.com
        description: This is a production account
  Root/Sandbox:
    accounts:
      - id: "123456789012"
        backupPolicies:
          - MyBackups
      - "448873940474"
```

{% endcode %}

## Account contraints

You can set accepted pattern for account name and email by providing `constraints` property under account creation configuration:

{% code title="organization.yml" %}

```yaml
accountCreation:
  defaults:
    iamUserAccessToBilling: true
    roleName: MyAccountAdminRole 

  # This is how you set constraints for account name and email.  
  constraints:
    # Account name must match this regex pattern
    namePattern: "^my-account-[a-z0-9-]+$"
    # Account email must match this regex pattern
    emailPattern: "^admin\\+my-account-[0-9a-z-]+@example.com$"

masterAccountId: "098765432100"

organizationAdminRoleName: MyOrganizationAdminRole

serviceControlPolicies:
  restrict-by-regions:
    description: Restrict regions
  FullAWSAccess:
    description: AWS managed default policy
    awsManaged: true
    
backupPolicies:
  MyBackups:
    description: Backup policy    
    
organizationalUnits:
  Root:
    serviceControlPolicies: FullAWSAccess
    accounts:
      - "098765432100"    
  Root/Workloads:
    serviceControlPolicies: restrict-by-regions
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        email: account@example.com
        description: This is a production account
  Root/Sandbox:
    accounts:
      - id: "123456789012"
        backupPolicies:
          - MyBackups
      - "448873940474"
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://organizations.takomo.io/accounts/creating-accounts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.