Account

Provides a resource to create a member account in the current organization.

Note: Account management must be done from the organization’s master account.

!> WARNING: Deleting this resource will only remove an AWS account from an organization. This provider will not close the account. The member account must be prepared to be a standalone account beforehand. See the AWS Organizations documentation for more information.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var account = new Aws.Organizations.Account("account", new Aws.Organizations.AccountArgs
        {
            Email = "john@doe.org",
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/organizations"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := organizations.NewAccount(ctx, "account", &organizations.AccountArgs{
            Email: pulumi.String("john@doe.org"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

account = aws.organizations.Account("account", email="john@doe.org")

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const account = new aws.organizations.Account("account", {
    email: "john@doe.org",
});

Create a Account Resource

new Account(name: string, args: AccountArgs, opts?: CustomResourceOptions);

def Account(resource_name, opts=None, email=None, iam_user_access_to_billing=None, name=None, parent_id=None, role_name=None, tags=None, __props__=None);

func NewAccount(ctx *Context, name string, args AccountArgs, opts ...ResourceOption) (*Account, error)

public Account(string name, AccountArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccountArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Account Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Account resource accepts the following input properties:

Email string: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
IamUserAccessToBilling string: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
Name string: A friendly name for the member account.
ParentId string: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
RoleName string: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
Tags Dictionary<string, string>: Key-value mapping of resource tags.

Email string: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
IamUserAccessToBilling string: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
Name string: A friendly name for the member account.
ParentId string: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
RoleName string: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
Tags map[string]string: Key-value mapping of resource tags.

email string: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
iamUserAccessToBilling string: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
name string: A friendly name for the member account.
parentId string: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
roleName string: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
tags {[key: string]: string}: Key-value mapping of resource tags.

email str: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
iam_user_access_to_billing str: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
name str: A friendly name for the member account.
parent_id str: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
role_name str: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
tags Dict[str, str]: Key-value mapping of resource tags.

Outputs

All input properties are implicitly available as output properties. Additionally, the Account resource produces the following output properties:

Arn string: The ARN for this account.
Id string: The provider-assigned unique ID for this managed resource.
JoinedMethod string
JoinedTimestamp string
Status string

Arn string: The ARN for this account.
Id string: The provider-assigned unique ID for this managed resource.
JoinedMethod string
JoinedTimestamp string
Status string

arn string: The ARN for this account.
id string: The provider-assigned unique ID for this managed resource.
joinedMethod string
joinedTimestamp string
status string

arn str: The ARN for this account.
id str: The provider-assigned unique ID for this managed resource.
joined_method str
joined_timestamp str
status str

Look up an Existing Account Resource

Get an existing Account resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccountState, opts?: CustomResourceOptions): Account

static get(resource_name, id, opts=None, arn=None, email=None, iam_user_access_to_billing=None, joined_method=None, joined_timestamp=None, name=None, parent_id=None, role_name=None, status=None, tags=None, __props__=None);

func GetAccount(ctx *Context, name string, id IDInput, state *AccountState, opts ...ResourceOption) (*Account, error)

public static Account Get(string name, Input<string> id, AccountState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The ARN for this account.
Email string: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
IamUserAccessToBilling string: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
JoinedMethod string
JoinedTimestamp string
Name string: A friendly name for the member account.
ParentId string: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
RoleName string: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
Status string
Tags Dictionary<string, string>: Key-value mapping of resource tags.

Arn string: The ARN for this account.
Email string: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
IamUserAccessToBilling string: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
JoinedMethod string
JoinedTimestamp string
Name string: A friendly name for the member account.
ParentId string: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
RoleName string: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
Status string
Tags map[string]string: Key-value mapping of resource tags.

arn string: The ARN for this account.
email string: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
iamUserAccessToBilling string: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
joinedMethod string
joinedTimestamp string
name string: A friendly name for the member account.
parentId string: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
roleName string: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
status string
tags {[key: string]: string}: Key-value mapping of resource tags.

arn str: The ARN for this account.
email str: The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.
iam_user_access_to_billing str: If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.
joined_method str
joined_timestamp str
name str: A friendly name for the member account.
parent_id str: Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.
role_name str: The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.
status str
tags Dict[str, str]: Key-value mapping of resource tags.

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud