Organizations
  • What is Takomo Organizations?
  • Organization configuration
    • Introduction
    • Directory structure
    • Master account
    • Organizational units
    • Accounts
    • Policies
    • Deploying organization
  • Accounts
    • Creating accounts
    • Account aliases
    • Listing accounts
  • Account stacks
    • Config sets
    • Bootstrap config sets
    • Variables
    • Deploying config sets
    • Removing config sets
  • Command-line usage
    • Organization
      • Create organization
      • Describe organization
      • Deploy organization
    • Account
      • Create account
      • Create account alias
      • Delete account alias
      • List accounts
    • Account stacks
      • List accounts stacks
      • Deploy accounts
      • Undeploy accounts
      • Bootstrap accounts
      • Tear down accounts
Powered by GitBook
On this page
  • Usage
  • Positional arguments
  • Options
  • IAM permissions
  • Examples

Was this helpful?

  1. Command-line usage
  2. Account

Create account

PreviousAccountNextCreate account alias

Last updated 3 years ago

Was this helpful?

Create a new account into the organization.

Usage

tkm org accounts create \
  --name <account name> \
  --email <account email> \
  [--iam-user-access-to-billing <IAM user access to billing>] \
  [--role-name <account admin role> ] \
  [--alias <account alias>] \
  [--ou <organizational unit>] \
  [--config-file <path to account config file>]

Positional arguments

This command has no positional arguments.

Options

In addition to the , this command has the following options.

  • --name <name>

    • The friendly name of the member account.

    • Required.

  • --email <email>

    • The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.

    • Required.

  • --iam-user-access-to-billing <boolean>

    • If set to true, the new account enables IAM users to access account billing information if they have the required permissions. Otherwise, only the root user of the new account can access account billing information.

    • Optional, defaults to true.

  • --role-name <role>

    • The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account.

    • Optional, defaults to OrganizationAccountAccessRole.

  • --alias <alias>

    • The account alias to create.

    • Optional.

  • --ou <ou>

    • Path to the organizational unit where the account should be added.

    • Optional, defaults to Root.

  • --config-file <file>

    • Path to a file containing account specific configuration.

    • Optional.

IAM permissions

These are the minimum IAM permissions required to run this command.

Statement:
  - Effect: Allow
    Action:
      - organizations:DescribeOrganization
      - organizations:CreateAccount
      - organizations:DescribeCreateAccountStatus
      - organizations:ListRoots
      - organizations:ListTargetsForPolicy
      - organizations:ListAWSServiceAccessForOrganization
      - organizations:DescribePolicy
      - organizations:ListPolicies
      - organizations:ListAccountsForParent
      - organizations:ListAccounts
      - organizations:DescribeOrganization
      - organizations:ListOrganizationalUnitsForParent
      - organizations:MoveAccount
    Resource: "*"

Examples

Create a new account with email hello@example.com and name example.

tkm org accounts create \
  --email hello@example.com \
  --name example

Create a new account to organiational unit Root/Examples.

tkm org accounts create \
  --email hello@example.com \
  --name example \
  --ou Root/Examples
common options