Organizations
GitHubAPIStacksDeployment Targets
Search…
What is Takomo Organizations?
Organization configuration
Introduction
Directory structure
Master account
Organizational units
Accounts
Policies
Deploying organization
Accounts
Creating accounts
Account aliases
Listing accounts
Account stacks
Config sets
Bootstrap config sets
Variables
Deploying config sets
Removing config sets
Command-line usage
Organization
Account
Account stacks
Powered By GitBook
Creating accounts
You create new accounts to your organization using the create account command.

Example

Create a new account:
tkm org accounts create \
--email [email protected] \
--name my-account

Account defaults

When creating a new account, you can optionally specify if the account's IAM users should have access to the account's billing information and what is the name of the IAM role AWS Organizations creates in the account. You can use accountCreation property specify the default values for these options in the organization configuration file:
organization.yml
# This is how you set the defaults for account creation.
accountCreation:
defaults:
iamUserAccessToBilling: true
roleName: MyAccountAdminRole
​
masterAccountId: "098765432100"
​
organizationAdminRoleName: MyOrganizationAdminRole
​
serviceControlPolicies:
restrict-by-regions:
description: Restrict regions
FullAWSAccess:
description: AWS managed default policy
awsManaged: true
backupPolicies:
MyBackups:
description: Backup policy
organizationalUnits:
Root:
serviceControlPolicies: FullAWSAccess
accounts:
- "098765432100"
Root/Workloads:
serviceControlPolicies: restrict-by-regions
Root/Workloads/Dev: {}
Root/Workloads/Test: {}
Root/Workloads/Prod:
accounts:
- id: "876754648373"
name: MyAccount
email: [email protected]
description: This is a production account
Root/Sandbox:
accounts:
- id: "123456789012"
backupPolicies:
- MyBackups
- "448873940474"

Account contraints

You can set accepted pattern for account name and email by providing constraints property under account creation configuration:
organization.yml
accountCreation:
defaults:
iamUserAccessToBilling: true
roleName: MyAccountAdminRole
​
# This is how you set constraints for account name and email.
constraints:
# Account name must match this regex pattern
namePattern: "^my-account-[a-z0-9-]+quot;
# Account email must match this regex pattern
emailPattern: "^admin\\+my-account-[0-9a-z-][email protected]quot;
​
masterAccountId: "098765432100"
​
organizationAdminRoleName: MyOrganizationAdminRole
​
serviceControlPolicies:
restrict-by-regions:
description: Restrict regions
FullAWSAccess:
description: AWS managed default policy
awsManaged: true
backupPolicies:
MyBackups:
description: Backup policy
organizationalUnits:
Root:
serviceControlPolicies: FullAWSAccess
accounts:
- "098765432100"
Root/Workloads:
serviceControlPolicies: restrict-by-regions
Root/Workloads/Dev: {}
Root/Workloads/Test: {}
Root/Workloads/Prod:
accounts:
- id: "876754648373"
name: MyAccount
email: [email protected]
description: This is a production account
Root/Sandbox:
accounts:
- id: "123456789012"
backupPolicies:
- MyBackups
- "448873940474"
Organization configuration - Previous
Deploying organization
Next - Accounts
Account aliases
Last modified 11mo ago
Copy link
On this page
Account defaults
Account contraints