Takomo
  • What is Takomo?
  • Getting started
    • Installation
    • Quick start
    • Tutorial
  • Configuration
    • AWS credentials
    • Directory structure
    • Stacks and stack groups
    • Project configuration
  • Stack properties
    • Name
    • Regions
    • Template
    • Template bucket
    • Command role
    • Account ids
    • Depends
    • Parameters
    • Tags
    • Inherit tags
    • Termination protection
    • Timeout
    • Capabilities
    • Stack policy
    • Ignore
    • Obsolete
    • Hooks
    • Data
    • Schemas
  • Variables and templating
    • Introduction
    • Handlebars syntax
    • Environment variables
    • Command-line variables
    • Partials
    • Helpers
    • Available variables
  • Parameter resolvers
    • Built-in parameter resolvers
      • Stack output resolver
      • External stack output resolver
      • Command resolver
      • File contents resolver
      • Hook output resolver
      • SSM parameter resolver
      • Secret resolver
    • Custom parameter resolvers
  • Hooks
    • Built-in hooks
    • Custom hooks
    • Sharing data between hooks
  • Validation schemas
    • Custom validation schemas
  • Command-line usage
    • Common options
    • Deploy stacks
    • Undeploy stacks
    • Prune stacks
    • List stacks
    • Detect drift
    • Generate IAM policies
    • Inspect stack configuration
    • Inspect stack dependencies
  • Support
    • Getting help
    • Troubleshooting
  • Development
    • Change log
Powered by GitBook
On this page
  • Where to define
  • Requirements

Was this helpful?

Export as PDF
  1. Stack properties

Command role

When you execute a Takomo command, the AWS credentials present in the current terminal session dictate the target AWS account. We call these credentials the default credentials.

Should you want to target a different account, you can specify an IAM role that Takomo should assume using the default credentials and then use it to execute the commands to the account where the role is bound. We call this role the command role, and you can specify it with the commandRole property, which accepts an IAM role ARN.

The command role must not require MFA authentication.

Example

Specify a command role:

arn:aws:iam::123456789012:role/deployer-role

Where to define

The capabilities property can be defined in stack and stack group configuration files. If specified in a stack group, the stack group's children and stacks inherit the value. Stack groups and stacks can override the value they have inherited from their parent.

Requirements

The commandRole property must satisfy these requirements:

  • Must be a valid IAM role ARN

PreviousTemplate bucketNextAccount ids

Last updated 3 years ago

Was this helpful?