# Command role

When you execute a Takomo command, the AWS credentials present in the current terminal session dictate the target AWS account. We call these credentials **the default credentials**.

Should you want to target a different account, you can specify an IAM role that Takomo should assume using the default credentials and then use it to execute the commands to the account where the role is bound. We call this role **the command role**, and you can specify it with the `commandRole` property, which accepts an IAM role ARN.

{% hint style="warning" %}
The command role must not require MFA authentication.
{% endhint %}

#### Example

Specify a command role:

```yaml
arn:aws:iam::123456789012:role/deployer-role
```

## Where to define

The `capabilities` property can be defined in stack and stack group configuration files. If specified in a stack group, the stack group's children and stacks inherit the value. Stack groups and stacks can override the value they have inherited from their parent.

## Requirements

The `commandRole` property must satisfy these requirements:

* Must be a valid IAM role ARN


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.takomo.io/stack-properties/command-role.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.