Deploying organization

You use the deploy organization command to make your AWS organization match the configuration found in the organization configuration file.

Example

This is how you deploy your configuration:

tkm org deploy

Organization admin role

By default, Takomo uses the credentials currently available in the terminal session to execute operations that query information from the organization and alter its state.

You can also instruct Takomo to use a specific IAM role to perform these organization management operations by setting the organizationAdminRoleName property in the organization configuration.

Please note that you need to give only a role name and not a full role ARN.

Example

This is how you set the organization admin role.

organization/organization.yml

masterAccountId: "098765432100"

# This is how you tell Takomo to use an IAM role 
# named 'MyOrganizationAdminRole' when executing 
# organization management actions.
organizationAdminRoleName: MyOrganizationAdminRole

serviceControlPolicies:
  restrict-by-regions:
    description: Restrict regions
  FullAWSAccess:
    description: AWS managed default policy
    awsManaged: true
    
backupPolicies:
  MyBackups:
    description: Backup policy    
    
organizationalUnits:
  Root:
    serviceControlPolicies: FullAWSAccess
    accounts:
      - "098765432100"    
  Root/Workloads:
    serviceControlPolicies: restrict-by-regions
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        email: account@example.com
        description: This is a production account
  Root/Sandbox:
    accounts:
      - id: "123456789012"
        backupPolicies:
          - MyBackups
      - "448873940474"

PreviousPolicies NextCreating accounts

Last updated 3 years ago

Was this helpful?

Deploying organization

You use the deploy organization command to make your AWS organization match the configuration found in the organization configuration file.

Example

This is how you deploy your configuration:

tkm org deploy

Organization admin role

By default, Takomo uses the credentials currently available in the terminal session to execute operations that query information from the organization and alter its state.

You can also instruct Takomo to use a specific IAM role to perform these organization management operations by setting the organizationAdminRoleName property in the organization configuration.

Please note that you need to give only a role name and not a full role ARN.

Example

This is how you set the organization admin role.

organization/organization.yml

masterAccountId: "098765432100"

# This is how you tell Takomo to use an IAM role 
# named 'MyOrganizationAdminRole' when executing 
# organization management actions.
organizationAdminRoleName: MyOrganizationAdminRole

serviceControlPolicies:
  restrict-by-regions:
    description: Restrict regions
  FullAWSAccess:
    description: AWS managed default policy
    awsManaged: true
    
backupPolicies:
  MyBackups:
    description: Backup policy    
    
organizationalUnits:
  Root:
    serviceControlPolicies: FullAWSAccess
    accounts:
      - "098765432100"    
  Root/Workloads:
    serviceControlPolicies: restrict-by-regions
  Root/Workloads/Dev: {}
  Root/Workloads/Test: {}
  Root/Workloads/Prod: 
    accounts:
      - id: "876754648373"
        name: MyAccount
        email: account@example.com
        description: This is a production account
  Root/Sandbox:
    accounts:
      - id: "123456789012"
        backupPolicies:
          - MyBackups
      - "448873940474"

PreviousPolicies NextCreating accounts

Last updated 3 years ago

Was this helpful?