There are two options to specify to which account Takomo should deploy stacks defined in deployment target's config sets.
Provide a complete IAM role ARN in the
Provide the target account's id in the
accountId property and the name of the IAM role in the
The first option takes precedence over the second one.
Let's specify target accounts for our deployment targets.
deployment/targets.ymlvars:cost-center: 12345budget: 2000targetsSchema: budgetdeploymentGroups:all:configSets: securityall/shared:targets:- name: infradeploymentRole: arn:aws:iam::123456789012:role/ExampleAdminall/application:configSets: networkingtargetsSchema: environmentdeploymentRoleName: deployerall/application/dev:targets:- name: dev-environmentaccountId: "222244446666"- name: sandboxaccountId: "111133335555"all/application/prod:targets:- name: prod-environmentaccountId: "333355557777"
The infra deployment target uses the
deploymentRole property to set the IAM role Takomo should use to deploy its configurations. The value for the
deploymentRole property is complete IAM role ARN which also includes the target account id.
The rest of the deployment targets belong under the all/application deployment group in the deployment groups hierarchy. Therefore, they inherit the
deploymentRoleName property defined by the all/application deployment group. Each target then specifies the
accountId property, which Takomo combines with the
deploymentRoleName property to form the complete ARN for the deployment role.