accounts
Creates, updates, deletes or gets an account resource or lists accounts in a region
Overview
| Name | accounts |
| Type | Resource |
| Description | You can use AWS::Organizations::Account to manage accounts in organization. |
| Id | aws.organizations.accounts |
Fields
| Name | Datatype | Description |
|---|---|---|
account_name | string | The friendly name of the member account. |
email | string | The email address of the owner to assign to the new member account. |
role_name | string | The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. Default name is OrganizationAccountAccessRole if not specified. |
parent_ids | array | List of parent nodes for the member account. Currently only one parent at a time is supported. Default is root. |
tags | array | A list of tags that you want to attach to the newly created account. For each tag in the list, you must specify both a tag key and a value. |
account_id | string | If the account was created successfully, the unique identifier (ID) of the new account. |
arn | string | The Amazon Resource Name (ARN) of the account. |
joined_method | string | The method by which the account joined the organization. |
joined_timestamp | string | The date the account became a part of the organization. |
status | string | The status of the account in the organization. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | AccountName, Email, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all accounts in a region.
SELECT
region,
account_name,
email,
role_name,
parent_ids,
tags,
account_id,
arn,
joined_method,
joined_timestamp,
status
FROM aws.organizations.accounts
WHERE region = 'us-east-1';
Gets all properties from an individual account.
SELECT
region,
account_name,
email,
role_name,
parent_ids,
tags,
account_id,
arn,
joined_method,
joined_timestamp,
status
FROM aws.organizations.accounts
WHERE region = 'us-east-1' AND data__Identifier = '<AccountId>';
INSERT example
Use the following StackQL query and manifest file to create a new account resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.organizations.accounts (
AccountName,
Email,
region
)
SELECT
'{{ AccountName }}',
'{{ Email }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.organizations.accounts (
AccountName,
Email,
RoleName,
ParentIds,
Tags,
region
)
SELECT
'{{ AccountName }}',
'{{ Email }}',
'{{ RoleName }}',
'{{ ParentIds }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: account
props:
- name: AccountName
value: '{{ AccountName }}'
- name: Email
value: '{{ Email }}'
- name: RoleName
value: '{{ RoleName }}'
- name: ParentIds
value:
- '{{ ParentIds[0] }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
DELETE example
/*+ delete */
DELETE FROM aws.organizations.accounts
WHERE data__Identifier = '<AccountId>'
AND region = 'us-east-1';
Permissions
To operate on the accounts resource, the following permissions are required:
Create
organizations:CreateAccount,
organizations:DescribeCreateAccountStatus,
organizations:MoveAccount,
organizations:ListParents,
organizations:TagResource,
organizations:DescribeAccount,
organizations:ListTagsForResource
Read
organizations:DescribeAccount,
organizations:ListParents,
organizations:ListTagsForResource
Update
organizations:MoveAccount,
organizations:TagResource,
organizations:UntagResource,
organizations:ListRoots,
organizations:DescribeAccount,
organizations:ListParents,
organizations:ListTagsForResource
Delete
organizations:CloseAccount
List
organizations:ListAccounts