Organizations
GitHubAPIStacksDeployment Targets
Search…
What is Takomo Organizations?
Organization configuration
Introduction
Directory structure
Master account
Organizational units
Accounts
Policies
Deploying organization
Accounts
Creating accounts
Account aliases
Listing accounts
Account stacks
Config sets
Bootstrap config sets
Variables
Deploying config sets
Removing config sets
Command-line usage
Organization
Account
Account stacks
List accounts stacks
Deploy accounts
Undeploy accounts
Bootstrap accounts
Tear down accounts
Powered By GitBook
Deploy accounts
Deploy infrastructure configured with config sets to the specified organizational units and accounts.

Usage

1
tkm org accounts deploy [ou-path...] \
2
[--account <account_id>]... \
3
[--concurrent-accounts <number>] \
4
[--config-set <config-set>] \
5
[--command-path <command-path>]
Copied!

Positional arguments

  • ou-path...
    • You can pass one or more organizational unit paths to deploy only the accounts that belong to organizational units located under the given paths in the organization hierarchy.

Options

In addition to the common options, this command has the following options.
  • --account <account id>
    • Choose accounts to deploy. You can use this option multiple times to specify more accounts.
  • --concurrent-accounts <number>
    • Number of accounts to deploy concurrently.
  • --config-set <config-set>
    • Teardown only this config set.
    • Optional.
  • --command-path <command-path>
    • Teardown only stacks under this command path.
    • Optional.
    • To use this option, also the --config-set option must be given.

IAM permissions

These are the minimum IAM permissions required to run this command.
1
Statement:
2
- Effect: Allow
3
Action:
4
- organizations:ListRoots
5
- organizations:ListTargetsForPolicy
6
- organizations:ListAWSServiceAccessForOrganization
7
- organizations:DescribePolicy
8
- organizations:ListPolicies
9
- organizations:ListAccountsForParent
10
- organizations:ListAccounts
11
- organizations:DescribeOrganization
12
- organizations:ListOrganizationalUnitsForParent
13
Resource: "*"
14
​
15
# IAM permissions needed to assume role from the target accounts.
16
# Specify resource to restrict access to specific roles.
17
- Sid: IAM
18
Effect: Allow
19
Action:
20
- sts:AssumeRole
21
Resource: "*"
Copied!

Examples

Deploy all accounts in the organization.
1
tkm org accounts deploy
Copied!
Deploy only accounts that belong to the organizational unit Root/Sandbox or to any organizational units under it.
1
tkm org accounts deploy Root/Sandbox
Copied!
Deploy only accounts that belong to the organizational unit Root/Apps/Dev or Root/Apps/Test, or to any organizational units under them.
1
tkm org accounts deploy Root/Apps/Dev Root/Apps/Test
Copied!
Deploy only account 123456789012.
1
tkm org accounts deploy --account 123456789012
Copied!
Deploy only account 123456789012 and 777777777777.
1
tkm org accounts deploy \
2
--account 123456789012 \
3
--account 777777777777
Copied!
Previous
List accounts stacks
Next
Undeploy accounts
Last modified 8mo ago
Copy link
Contents
Usage
Positional arguments
Options
IAM permissions
Examples