# Bootstrapping targets Typically, you use a CI/CD pipeline to deploy stacks to your deployment targets. That usually means creating an IAM role for the CI/CD tool to assume and then use to perform the deployment. Of course, as a best practice, the deployment role should have only the minimum set of permissions. The next question is how you create that deployment role in the first place. Takomo's approach to this problem is to divide config sets into two categories: **standard** and **bootstrap**. The standard config sets are the ones you would deploy using the deployment role with a minimum set of permissions. The bootstrap config sets are, like the name implies, for bootstrapping resources needed to deploy the standard config sets, e.g., creating the deployment role. Deploying the bootstrap config sets should be a lightweight operation that you can run from your personal laptop with full admin permissions secured with MFA, or using some other automated but more restricted and secure option. ## Bootstrap config sets files and directories At the file system level, there is no difference between the standard and bootstrap config sets. Take a look at [config sets documentation](/configuration/config-sets.md) to learn how you create config sets. ## Attaching bootstrap config sets The way you attach a config set to a deployment group or target makes it either a standard or bootstrap config set. To attach bootstrap config sets, you use the `bootstrapConfigSets` property instead of the `configSets` property that you use to attach the standard config sets. Take a look at [config sets documentation](/configuration/config-sets.md) to learn how to attach config sets. ## Target account Setting the target account works the same way as with the [standard config sets](/configuration/config-sets.md). There are two options to specify to which account Takomo should deploy stacks defined in deployment target's bootstrap config sets. * Provide a complete IAM role ARN in the `bootstrapRole` property. * Provide the target account's id in the `accountId` property and the name of the IAM role in the `bootstrapRoleName` property. The first option takes precedence over the second one. ## Deploying bootstrap config sets You use the [bootstrap targets command](/command-line-usage/bootstrap-targets.md) to deploy stacks configured in bootstrap config sets that are attached to deployment targets. For detailed information about the command, please see [here](/command-line-usage/bootstrap-targets.md). #### Example Here's an example showing how to deploy bootstrap config sets to all targets under the **all/application** group: ```bash tkm targets bootstrap all/application ``` ## Removing bootstrap config sets You use the [tear down targets command](/command-line-usage/tear-down-targets.md) to remove stacks configured in bootstrap config sets that are attached to deployment targets. For detailed information about the command, please see [here](/command-line-usage/tear-down-targets.md). #### Example Here's an example demonstrating how to remove bootstrap config sets from the **sandbox** target: ```bash tkm targets tear-down --target sandbox ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://targets.takomo.io/configuration/bootstrapping-targets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.