accounts
Creates, updates, deletes or gets an account resource or lists accounts in a region
Overview
| Name | accounts |
| Type | Resource |
| Description | You can use AWS::Organizations::Account to manage accounts in organization. |
| Id | awscc.organizations.accounts |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
account_name | string | The friendly name of the member account. |
email | string | The email address of the owner to assign to the new member account. |
role_name | string | The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. Default name is OrganizationAccountAccessRole if not specified. |
parent_ids | array | List of parent nodes for the member account. Currently only one parent at a time is supported. Default is root. |
tags | array | A list of tags that you want to attach to the newly created account. For each tag in the list, you must specify both a tag key and a value. |
account_id | string | If the account was created successfully, the unique identifier (ID) of the new account. |
arn | string | The Amazon Resource Name (ARN) of the account. |
joined_method | string | The method by which the account joined the organization. |
joined_timestamp | string | The date the account became a part of the organization. |
status | string | The status of the account in the organization. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
account_id | string | If the account was created successfully, the unique identifier (ID) of the new account. |
region | string | AWS region. |
For more information, see AWS::Organizations::Account.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | accounts | INSERT | AccountName, Email, region |
delete_resource | accounts | DELETE | Identifier, region |
update_resource | accounts | UPDATE | Identifier, PatchDocument, region |
list_resources | accounts_list_only | SELECT | region |
get_resource | accounts | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual account.
SELECT
region,
account_name,
email,
role_name,
parent_ids,
tags,
account_id,
arn,
joined_method,
joined_timestamp,
status
FROM awscc.organizations.accounts
WHERE
region = 'us-east-1' AND
Identifier = '{{ account_id }}';
Lists all accounts in a region.
SELECT
region,
account_id
FROM awscc.organizations.accounts_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new account resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.organizations.accounts (
AccountName,
Email,
region
)
SELECT
'{{ account_name }}',
'{{ email }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.organizations.accounts (
AccountName,
Email,
RoleName,
ParentIds,
Tags,
region
)
SELECT
'{{ account_name }}',
'{{ email }}',
'{{ role_name }}',
'{{ parent_ids }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: account
props:
- name: account_name
value: '{{ account_name }}'
- name: email
value: '{{ email }}'
- name: role_name
value: '{{ role_name }}'
- name: parent_ids
value:
- '{{ parent_ids[0] }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
UPDATE example
Use the following StackQL query and manifest file to update a account resource, using stack-deploy.
/*+ update */
UPDATE awscc.organizations.accounts
SET PatchDocument = string('{{ {
"AccountName": account_name,
"Email": email,
"RoleName": role_name,
"ParentIds": parent_ids,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ account_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.organizations.accounts
WHERE
Identifier = '{{ account_id }}' AND
region = 'us-east-1';
Permissions
To operate on the accounts resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
organizations:CreateAccount,
organizations:DescribeCreateAccountStatus,
organizations:MoveAccount,
organizations:ListAccounts,
organizations:ListParents,
organizations:TagResource,
organizations:DescribeAccount,
organizations:ListTagsForResource
organizations:DescribeAccount,
organizations:ListParents,
organizations:ListTagsForResource
organizations:MoveAccount,
organizations:TagResource,
organizations:UntagResource,
organizations:ListRoots,
organizations:DescribeAccount,
organizations:ListParents,
organizations:ListTagsForResource
organizations:CloseAccount
organizations:ListAccounts