Add a new Organizational Unit

Learn how to add a new Organizational Unit (OU) to an existing AWS Organization set up to DevOps Accelerator standards. The process involves updating the account catalog with the new OU details and reapplying the account component using the super-admin-user user, ensuring all planned changes by Terraform are carefully reviewed before applying.

Problem

We want to create a new Organizational Unit with an existing AWS Organization set up to DevOps Accelerator standards

Solution

TL;DR:

Update the account catalog

Add the new OU to the account catalog and reapply the component.

info

The account component must be applied with the super-admin-user user, which is typically found in 1Password. For more on super-admin-user, seeHow to Create super-admin-user user

For example to add a new Organizational Unit called example with one account called foo, add the following to stacks/catalog/account.yaml:

components:
  terraform:
    account:
      vars:
          organizational_units:
            - name: example
              accounts:
                - name: example-foo
                  tenant: example
                  stage: foo
                  tags:
                    eks: false

Then reapply the account component:

caution

The account component is potentially dangerous! Double-check all changes planned by Terraform

assume-role super-admin-user task terraform plan account -s core-gbl-root
assume-role super-admin-user task terraform apply account -s core-gbl-root

Problem​

Solution​

Problem

Solution