Accounts

Every account of your AWS organization belongs to some OU. To place an account to an OU, you add the account to the accounts property of the OU in question. The accounts property is a list that accepts plain account ids and account objects that let you provide additional account-specific configuration.

AWS account id may begin with zero and that is why account ids must always be strings in Takomo configuration, i.e., the id must be quoted like so "012345678901".

Example

Here's an example of how to put accounts into OUs. The account 876754648373 is defined with object notation. The other accounts are defined as plain account ids.

organization/organization.yml

masterAccountId: "098765432100"

organizationalUnits:
  Root:
    accounts:
      # This is the organization master account
      - "098765432100"
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod:
    accounts:
      # Account using the object notation
      - id: "876754648373"
  Root/Sandbox:
    # Only the id is given for these accounts
    accounts:
      - "123456789012"
      - "448873940474"

Additional configuration

The account id is the only required information for accounts. With object notation, you can provide additional information.

Name

You can specify the account name with the name property. The name helps you to identify the account. Takomo uses the name to verify that the account configuration is valid, i.e., there actually exists an account with the given id and name.

Please note that Takomo won't update the actual account name to match what you have defined in the configuration.

Example

Here's how to specify the name for account 876754648373..

organization/organization.yml

masterAccountId: "098765432100"

organizationalUnits:
  Root:
    accounts:
      - "098765432100"
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        # Account name is specified like this
        name: MyAccount
  Root/Sandbox:
    accounts:
      - "123456789012"
      - "448873940474"

Email

You can specify the account email with the email property. The email helps you to identify the account. Takomo uses the email to verify that the account configuration is valid, i.e., there actually exists an account with the given id and email.

Please note that Takomo won't update the actual account email to match what you have defined in the configuration.

Example

Here's how to specify the email for account 876754648373.

organization/organization.yml

masterAccountId: "098765432100"

organizationalUnits:
  Root:
    accounts:
      - "098765432100"
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        # Account email is specified like this
        email: account@example.com 
  Root/Sandbox:
    accounts:
      - "123456789012"
      - "448873940474"

Description

You can give a short description for an account with the description property.

Example

Here's how to specify the description for account 876754648373.

organization/organization.yml

masterAccountId: "098765432100"

organizationalUnits:
  Root:
    accounts:
      - "098765432100"
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        email: account@example.com
        # Account description is specified like this
        description: This is a production account  
  Root/Sandbox:
    accounts:
      - "123456789012"
      - "448873940474"

PreviousOrganizational units NextPolicies

Last updated 4 years ago

Was this helpful?