Target account
There are two options to specify to which account Takomo should deploy stacks defined in a deployment target's config sets.
  • Provide a complete IAM role ARN in the deplomentRole property.
  • Provide the target account's id in the accountId property and the name of the IAM role in the deploymentRoleName property.
The first option takes precedence over the second one.

Example

Let's specify target accounts for our deployment targets.
deployment/targets.yml
1
vars:
2
cost-center: 12345
3
budget: 2000
4
5
targetsSchema: budget
6
7
deploymentGroups:
8
all:
9
configSets: security
10
all/shared:
11
targets:
12
- name: infra
13
deploymentRole: arn:aws:iam::123456789012:role/ExampleAdmin
14
all/application:
15
configSets: networking
16
targetsSchema: environment
17
deploymentRoleName: deployer
18
all/application/dev:
19
targets:
20
- name: dev-environment
21
accountId: "222244446666"
22
- name: sandbox
23
accountId: "111133335555"
24
all/application/prod:
25
targets:
26
- name: prod-environment
27
accountId: "333355557777"
Copied!
The infra deployment target uses the deploymentRole property to set the IAM role Takomo should use to deploy its configurations. The value for the deploymentRole property is complete IAM role ARN which also includes the target account id.
The rest of the deployment targets belong under the all/application deployment group in the deployment groups hierarchy. Therefore, they inherit the deploymentRoleName property defined by the all/application deployment group. Each target then specifies the accountId property, which Takomo combines with the deploymentRoleName property to form the complete ARN for the deployment role.
Last modified 4mo ago
Copy link