pulumi-aws-kotlin/com.pulumi.aws.organizations.kotlin/AccountArgs

AccountArgs

data class AccountArgs(val closeOnDeletion: Output<Boolean>? = null, val createGovcloud: Output<Boolean>? = null, val email: Output<String>? = null, val iamUserAccessToBilling: Output<String>? = null, val name: Output<String>? = null, val parentId: Output<String>? = null, val roleName: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<AccountArgs>

Provides a resource to create a member account in the current organization.

Note: Account management must be done from the organization's root account. Note: By default, deleting this resource will only remove an AWS account from an organization. You must set the close_on_deletion flag to true to close the account. It is worth noting that quotas are enforced when using the close_on_deletion argument, which can produce a CLOSE_ACCOUNT_QUOTA_EXCEEDED error, and require you to close the account manually.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Account;
import com.pulumi.aws.organizations.AccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var account = new Account("account", AccountArgs.builder()
            .email("john@doe.org")
            .build());
    }
}
Content copied to clipboard

Import

The AWS member account can be imported by using the account_id, e.g.,

$ pulumi import aws:organizations/account:Account my_account 111111111111
Content copied to clipboard

Certain resource arguments, like role_name, do not have an Organizations API method for reading the information after account creation. If the argument is set in the this provider configuration on an imported resource, this provider will always show a difference. To workaround this behavior, either omit the argument from the this provider configuration or use ignoreChanges to hide the difference, e.g. terraform resource "aws_organizations_account" "account" { name = "my_new_account" email = "john@doe.org" role_name = "myOrganizationRole"

There is no AWS Organizations API for reading role_name

lifecycle { ignore_changes = role_name } }

Constructors

Link copied to clipboard
constructor(closeOnDeletion: Output<Boolean>? = null, createGovcloud: Output<Boolean>? = null, email: Output<String>? = null, iamUserAccessToBilling: Output<String>? = null, name: Output<String>? = null, parentId: Output<String>? = null, roleName: Output<String>? = null, tags: Output<Map<String, String>>? = null)

Properties

Link copied to clipboard
val closeOnDeletion: Output<Boolean>? = null

If true, a deletion event will close the account. Otherwise, it will only remove from the organization. This is not supported for GovCloud accounts.

Link copied to clipboard
val createGovcloud: Output<Boolean>? = null

Whether to also create a GovCloud account. The GovCloud account is tied to the main (commercial) account this resource creates. If true, the GovCloud account ID is available in the govcloud_id attribute. The only way to manage the GovCloud account with the provider is to subsequently import the account using this resource.

Link copied to clipboard
val email: Output<String>? = null

Email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.

Link copied to clipboard
val iamUserAccessToBilling: Output<String>? = null

If set to ALLOW, the new account enables IAM users and roles to access account billing information if they have the required permissions. If set to DENY, then only the root user (and no roles) of the new account can access account billing information. If this is unset, the AWS API will default this to ALLOW. If the resource is created and this option is changed, it will try to recreate the account.

Link copied to clipboard
val name: Output<String>? = null

Friendly name for the member account. The following arguments are optional:

Link copied to clipboard
val parentId: Output<String>? = null

Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.

Link copied to clipboard
val roleName: Output<String>? = null

The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the root account, allowing users in the root account to assume the role, as permitted by the root account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so the provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignoreChanges is used.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Functions

Link copied to clipboard
open override fun toJava(): AccountArgs