Target account

There are two options to specify to which account Takomo should deploy stacks defined in deployment target's config sets.

  • Provide a complete IAM role ARN in the deplomentRole property.

  • Provide the target account's id in the accountId property and the name of the IAM role in the deploymentRoleName property.

The first option takes precedence over the second one.

Example

Let's specify target accounts for our deployment targets.

deployment/targets.yml
vars:
cost-center: 12345
budget: 2000
targetsSchema: budget
deploymentGroups:
all:
configSets: security
all/shared:
targets:
- name: infra
deploymentRole: arn:aws:iam::123456789012:role/ExampleAdmin
all/application:
configSets: networking
targetsSchema: environment
deploymentRoleName: deployer
all/application/dev:
targets:
- name: dev-environment
accountId: "222244446666"
- name: sandbox
accountId: "111133335555"
all/application/prod:
targets:
- name: prod-environment
accountId: "333355557777"

The infra deployment target uses the deploymentRole property to set the IAM role Takomo should use to deploy its configurations. The value for the deploymentRole property is complete IAM role ARN which also includes the target account id.

The rest of the deployment targets belong under the all/application deployment group in the deployment groups hierarchy. Therefore, they inherit the deploymentRoleName property defined by the all/application deployment group. Each target then specifies the accountId property, which Takomo combines with the deploymentRoleName property to form the complete ARN for the deployment role.