Creating Member Accounts

You can create new accounts with the create account command. Once an account has been created, it must be added manually to the organization configuration file under the appropriate organizational unit.

Example: Creating new account

Create a new account with email hello@example.com and name example.

tkm org accounts create --email hello@example.com --name example

Constraints and Default Settings

You can provide constraints and default values for new accounts using account creation options. The options are given in accountCreation object which has the following keys:

KeyRequiredTypeDescription
defaultsnoobjectDefault values for optional account creation parameters. These values are used if the corresponding command line options are not given when a new account is created.
defaults.iamUserAccessToBillingnobooleanEnable IAM users to access account billing, defaults to true. This value is used if --iam-user-access-to-billing command line option is not given.
defaults.roleNamenostringName of the IAM role used to manage the new account, defaults to OrganizationAccountAccessRole. This value is used if --role-name command line option is not given.
constraintsnoobjectAccount creation constraints. Used to validate account creation parameters.
constraints.emailPatternnostringEmail of the new account being created must match this regex pattern.
constraints.namePatternnostringName of the new account being create must match this regex pattern.

Example: Account creation options

Here's how you configure account creation options:

organization.yml
accountCreation:
defaults:
iamUserAccessToBilling: false
roleName: MyAdminRole
constraints:
emailPattern: ^[a-z]@acme.com$
namePattern: ^.*@acme.com$

See Also