Deploying Organization

You use the deploy organization command to deploy the local configuration defined in the organization.yml file, including policies, trusted AWS services, organizational units hierarchy, and member accounts’ placement in it.

Command Line Usage

Deploy the organization:

tkm org deploy

You can review the deployment plan and decide if you want to proceed with the deployment.

Refer to command line usage guide for detailed documentation of this command and its supported options.

What Happens During the Deployment?

The deployment process is divided in the following phases that are executed sequentially.

PhaseDescription
Load organization stateLoad information needed to build the deployment plan.
Build deployment planCompare the current organization state to the local configuration to build the deployment plan.
Enable trusted AWS servicesEnable access to the trusted AWS services that are enabled in the local configuration but not in the organization.
Enable policy typesEnable policy types that are enabled in the local configuration but not in the organization.
Create or update policiesCreate policies that are found from the local configuration but not from the organization. Update policies that are found from the organization and modified in the local configuration.
Arrange organizational units and accountsAdd or remove organizational units and move member accounts to correct organizational units to make the organizational units hierarchy match with the one found from the local configuration.
Delete policiesDelete policies found from the organization but not from the local configuration.
Disable policy typesDisable policy types that are enabled in the organization but not in the local configuration.
Disable trusted AWS servicesDisable access to trusted AWS services that are enabled in the organization but not in the local configuration.

See Also