Class CfnAccount
Creates an AWS account that is automatically a member of the organization whose credentials made the request.
Inherited Members
Namespace: Amazon.CDK.AWS.Organizations
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnAccount : CfnResource, IInspectable, IAccountRef, IConstruct, IDependable, IEnvironmentAware, ITaggableSyntax (vb)
Public Class CfnAccount Inherits CfnResource Implements IInspectable, IAccountRef, IConstruct, IDependable, IEnvironmentAware, ITaggableRemarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Organizations;
var cfnAccount = new CfnAccount(this, "MyCfnAccount", new CfnAccountProps {
AccountName = "accountName",
Email = "email",
// the properties below are optional
ParentIds = new [] { "parentIds" },
RoleName = "roleName",
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} }
});Synopsis
Constructors
| CfnAccount(Construct, string, ICfnAccountProps) | Creates an AWS account that is automatically a member of the organization whose credentials made the request. |
Properties
| AccountName | The account name given to the account when it was created. |
| AccountRef | A reference to a Account resource. |
| AttrAccountId | Returns the unique identifier (ID) of the account. |
| AttrArn | Returns the Amazon Resource Name (ARN) of the account. |
| AttrJoinedMethod | Returns the method by which the account joined the organization. |
| AttrJoinedTimestamp | Returns the date the account became a part of the organization. |
| AttrState | Each state represents a specific phase in the account lifecycle. |
| AttrStatus | Returns the status of the account in the organization. |
| CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
| CfnProperties | Creates an AWS account that is automatically a member of the organization whose credentials made the request. |
The email address associated with the AWS account. |
|
| ParentIds | The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in. |
| RoleName | The name of an IAM role that AWS Organizations automatically preconfigures in the new member account. |
| Tags | Tag Manager which manages the tags for this resource. |
| TagsRaw | A list of tags that you want to attach to the newly created account. |
Methods
| Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
| RenderProperties(IDictionary<string, object>) | Creates an AWS account that is automatically a member of the organization whose credentials made the request. |
Constructors
CfnAccount(Construct, string, ICfnAccountProps)
Creates an AWS account that is automatically a member of the organization whose credentials made the request.
public CfnAccount(Construct scope, string id, ICfnAccountProps props)Parameters
- scope Construct
Scope in which this resource is defined.
- id string
Construct identifier for this resource (unique in its scope).
- props ICfnAccountProps
Resource properties.
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
Properties
AccountName
The account name given to the account when it was created.
public virtual string AccountName { get; set; }Property Value
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
AccountRef
A reference to a Account resource.
public virtual IAccountReference AccountRef { get; }Property Value
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
AttrAccountId
Returns the unique identifier (ID) of the account.
public virtual string AttrAccountId { get; }Property Value
Remarks
For example: 123456789012 .
CloudformationAttribute: AccountId
AttrArn
Returns the Amazon Resource Name (ARN) of the account.
public virtual string AttrArn { get; }Property Value
Remarks
For example: arn:aws:organizations::111111111111:account/o-exampleorgid/555555555555 .
CloudformationAttribute: Arn
AttrJoinedMethod
Returns the method by which the account joined the organization.
public virtual string AttrJoinedMethod { get; }Property Value
Remarks
For example: INVITED | CREATED .
CloudformationAttribute: JoinedMethod
AttrJoinedTimestamp
Returns the date the account became a part of the organization.
public virtual string AttrJoinedTimestamp { get; }Property Value
Remarks
For example: 2016-11-24T11:11:48-08:00 .
CloudformationAttribute: JoinedTimestamp
AttrState
Each state represents a specific phase in the account lifecycle.
public virtual string AttrState { get; }Property Value
Remarks
Use this information to manage account access, automate workflows, or trigger actions based on account state changes.
For more information about account states and their implications, see Monitor the state of your AWS accounts in the AWS Organizations User Guide .
CloudformationAttribute: State
AttrStatus
Returns the status of the account in the organization.
public virtual string AttrStatus { get; }Property Value
Remarks
For example: ACTIVE | SUSPENDED | PENDING_CLOSURE .
CloudformationAttribute: Status
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }Property Value
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
CfnProperties
Creates an AWS account that is automatically a member of the organization whose credentials made the request.
protected override IDictionary<string, object> CfnProperties { get; }Property Value
Overrides
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
The email address associated with the AWS account.
public virtual string Email { get; set; }Property Value
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
ParentIds
The unique identifier (ID) of the root or organizational unit (OU) that you want to create the new account in.
public virtual string[]? ParentIds { get; set; }Property Value
string[]
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
RoleName
The name of an IAM role that AWS Organizations automatically preconfigures in the new member account.
public virtual string? RoleName { get; set; }Property Value
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
Tags
Tag Manager which manages the tags for this resource.
public virtual TagManager Tags { get; }Property Value
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
TagsRaw
A list of tags that you want to attach to the newly created account.
public virtual ICfnTag[]? TagsRaw { get; set; }Property Value
ICfnTag[]
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)Parameters
- inspector TreeInspector
tree inspector to collect and process attributes.
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated
RenderProperties(IDictionary<string, object>)
Creates an AWS account that is automatically a member of the organization whose credentials made the request.
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)Parameters
- props IDictionary<string, object>
Returns
Overrides
Remarks
AWS CloudFormation uses the CreateAccount operation to create accounts. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations . For more information, see AWS Organizations and service-linked roles in the AWS Organizations User Guide .
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the AWS Organizations User Guide .
This operation can be called only from the organization's management account.
Deleting Account resources
The default DeletionPolicy for resource AWS::Organizations::Account is Retain . For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute .
<ul></ul>
If you attempt to update the listed parameters, CloudFormation will attempt the update, but you will receive an error message as those updates are not supported from an Organizations management account or a registered delegated administrator account. Both the update and the update roll-back will fail, so you must skip the account resource update. To update parameters AccountName and Email , you must sign in to the AWS Management Console as the AWS account root user. For more information, see Update the AWS account name, email address, or password for the root user in the Account Management Reference Guide .
CloudformationResource: AWS::Organizations::Account
ExampleMetadata: fixture=_generated