Creating accounts
You create new accounts to your organization using the create account command.

Example

Create a new account:
1
tkm org accounts create \
2
3
--name my-account
Copied!

Account defaults

When creating a new account, you can optionally specify if the account's IAM users should have access to the account's billing information and what is the name of the IAM role AWS Organizations creates in the account. You can use accountCreation property specify the default values for these options in the organization configuration file:
organization.yml
1
# This is how you set the defaults for account creation.
2
accountCreation:
3
defaults:
4
iamUserAccessToBilling: true
5
roleName: MyAccountAdminRole
6
7
masterAccountId: "098765432100"
8
9
organizationAdminRoleName: MyOrganizationAdminRole
10
11
serviceControlPolicies:
12
restrict-by-regions:
13
description: Restrict regions
14
FullAWSAccess:
15
description: AWS managed default policy
16
awsManaged: true
17
18
backupPolicies:
19
MyBackups:
20
description: Backup policy
21
22
organizationalUnits:
23
Root:
24
serviceControlPolicies: FullAWSAccess
25
accounts:
26
- "098765432100"
27
Root/Workloads:
28
serviceControlPolicies: restrict-by-regions
29
Root/Workloads/Dev: {}
30
Root/Workloads/Test: {}
31
Root/Workloads/Prod:
32
accounts:
33
- id: "876754648373"
34
name: MyAccount
36
description: This is a production account
37
Root/Sandbox:
38
accounts:
39
- id: "123456789012"
40
backupPolicies:
41
- MyBackups
42
- "448873940474"
Copied!

Account contraints

You can set accepted pattern for account name and email by providing constraints property under account creation configuration:
organization.yml
1
accountCreation:
2
defaults:
3
iamUserAccessToBilling: true
4
roleName: MyAccountAdminRole
5
6
# This is how you set constraints for account name and email.
7
constraints:
8
# Account name must match this regex pattern
9
namePattern: "^my-account-[a-z0-9-]+quot;
10
# Account email must match this regex pattern
11
emailPattern: "^admin\\+my-account-[0-9a-z-][email protected]quot;
12
13
masterAccountId: "098765432100"
14
15
organizationAdminRoleName: MyOrganizationAdminRole
16
17
serviceControlPolicies:
18
restrict-by-regions:
19
description: Restrict regions
20
FullAWSAccess:
21
description: AWS managed default policy
22
awsManaged: true
23
24
backupPolicies:
25
MyBackups:
26
description: Backup policy
27
28
organizationalUnits:
29
Root:
30
serviceControlPolicies: FullAWSAccess
31
accounts:
32
- "098765432100"
33
Root/Workloads:
34
serviceControlPolicies: restrict-by-regions
35
Root/Workloads/Dev: {}
36
Root/Workloads/Test: {}
37
Root/Workloads/Prod:
38
accounts:
39
- id: "876754648373"
40
name: MyAccount
42
description: This is a production account
43
Root/Sandbox:
44
accounts:
45
- id: "123456789012"
46
backupPolicies:
47
- MyBackups
48
- "448873940474"
Copied!