Comment on page
Tear down accounts
Tear down infrastructure configured with config sets to the specified organizational units and accounts.
tkm org accounts tear-down [ou-path...] \
[--account <account_id>]... \
[--concurrent-accounts <number>] \
[--config-set <config-set>] \
[--command-path <command-path>]
ou-path...
- You can pass one or more organizational unit paths to tear down only the accounts that belong to organizational units located under the given paths in the organization hierarchy.
--account <account id>
- Choose accounts to tear down. You can use this option multiple times to specify more accounts.
--concurrent-accounts <number>
- Number of accounts to tear down concurrently.
--config-set <config-set>
- Teardown only this config set.
- Optional.
--command-path <command-path>
- Teardown only stacks under this command path.
- Optional.
- To use this option, also the
--config-set
option must be given.
These are the minimum IAM permissions required to run this command.
Statement:
- Effect: Allow
Action:
- organizations:ListRoots
- organizations:ListTargetsForPolicy
- organizations:ListAWSServiceAccessForOrganization
- organizations:DescribePolicy
- organizations:ListPolicies
- organizations:ListAccountsForParent
- organizations:ListAccounts
- organizations:DescribeOrganization
- organizations:ListOrganizationalUnitsForParent
Resource: "*"
# IAM permissions needed to assume role from the target accounts.
# Specify resource to restrict access to specific roles.
- Sid: IAM
Effect: Allow
Action:
- sts:AssumeRole
Resource: "*"
Tear down all accounts in the organization.
tkm org accounts tear-down
Tear down only accounts that belong to the organizational unit Root/Sandbox or to any organizational units under it.
tkm org accounts tear-down Root/Sandbox
Last modified 2yr ago