# Undeploy accounts

Remove infrastructure configured with config sets to the specified organizational units and accounts.

## Usage

```bash
tkm org accounts undeploy [ou-path...] \
  [--account <account_id>]... \
  [--concurrent-accounts <number>] \
  [--config-set <config-set>] \
  [--command-path <command-path>]
```

## Positional arguments

* `ou-path...`
  * You can pass one or more organizational unit paths to undeploy only the accounts that belong to organizational units located under the given paths in the organization hierarchy.

## Options

In addition to the [common options](https://docs.takomo.io/command-line-usage/common-options), this command has the following options.

* `--account <account id>`
  * Choose accounts to undeploy. You can use this option multiple times to specify more accounts.
* `--concurrent-accounts <number>`
  * Number of accounts to undeploy concurrently.
* `--config-set <config-set>`
  * Undeploy only this config set.
  * Optional.
* `--command-path <command-path>`
  * Undeploy only stacks under this command path.
  * Optional.
  * To use this option, also the `--config-set` option must be given.

## IAM permissions

These are the minimum IAM permissions required to run this command.

```yaml
Statement:
  - Effect: Allow
    Action:
      - organizations:ListRoots
      - organizations:ListTargetsForPolicy
      - organizations:ListAWSServiceAccessForOrganization
      - organizations:DescribePolicy
      - organizations:ListPolicies
      - organizations:ListAccountsForParent
      - organizations:ListAccounts
      - organizations:DescribeOrganization
      - organizations:ListOrganizationalUnitsForParent
    Resource: "*"

  # IAM permissions needed to assume role from the target accounts.
  # Specify resource to restrict access to specific roles.  
  - Sid: IAM
    Effect: Allow
    Action:
      - sts:AssumeRole
    Resource: "*"
```

## Examples

Undeploy all accounts in the organization.

```bash
tkm org accounts undeploy
```

Undeploy only accounts that belong to the organizational unit **Root/Sandbox** or to any organizational units under it.

```bash
tkm org accounts undeploy Root/Sandbox
```

Undeploy only accounts that belong to the organizational unit **Root/Apps/Dev** or **Root/Apps/Test**, or to any organizational units under them.

```bash
tkm org accounts undeploy Root/Apps/Dev Root/Apps/Test
```

Undeploy only account **123456789012**.

```bash
tkm org accounts undeploy --account 123456789012
```

Undeploy only account **123456789012** and **777777777777**.

```bash
tkm org accounts undeploy \
  --account 123456789012 \
  --account 777777777777
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://organizations.takomo.io/command-line-usage/account-stacks/undeploy-accounts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.