org accounts create

Create a new account into the organization.

Usage

tkm org accounts create \
--name <account name> \
--email <account email> \
[--iam-user-access-to-billing <IAM user access to billing>] \
[--role-name <account admin role> ] \
[--alias <account alias>]

Positional arguments

This command has no positional arguments.

Options

OptionRequiredDescription
--nameyes
The friendly name of the member account.
--emailyes
The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You can't access the root user of the account or remove an account that was created with an invalid email address.
--iam-user-access-to-billingno
If set to true, the new account enables IAM users to access account billing information if they have the required permissions. Otherwise, only the root user of the new account can access account billing information. Defaults to true.
--role-nameno
The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account.

If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
--aliasno
The account alias to create.

Common Options

OptionRequiredDescription
--helpno
Show help.
--yes
-y
no
Automatic yes to prompts; assume "yes" as an answer to all prompts and run non-interactively.
--profile PROFILEno
Use a profile configured in ~/.aws/credentials file.
--log LEVELno
Set logging level. Allowed values are "trace", "debug", "info", "warn", "error". Defaults to "info".
--dir DIR
-d DIR
no
Set the project directory from where Takomo loads configuration.
--load-aws-sdk-configno
Instead of using profiles configured in ~/.aws/credentials, use profiles found from ~/.aws/config.
--var name=VALUEno
Set variable that can be referenced in configuration files. This option can be used multiple times to set multiple variables.
--var-file FILE
--var-file name=FILE
no
Load variables from a file. The variables can be referenced in configuration files. This option can be used multiple times to load variables from multiple files. If NAME is given, variables are loaded to a variable with that name.
--env-file FILEno
Load environment variables from a file. The variables can be referenced in configuration files. This option can be used multiple times to load variables from multiple files.
--log-confidential-infono
Allow printing of environment variables and confidential parameter values that are concealed from the logs by default.
--statsno
Print statistics information of the executed command.

IAM Permissions

This command must be run using credentials of the organization master account with the following permissions.

Statement:
- Effect: Allow
Action:
- organizations:DescribeOrganization
- organizations:CreateAccount
- organizations:DescribeCreateAccountStatus
Resource: "*"

Examples

Create a new account with email hello@example.com and name example.

tkm org accounts create --email hello@example.com --name example