The configuration file schema documentation is a work in progress. Please use this draft document with caution. The deeper you browse into the hierarchy, the less accurate the definitions are likely to be.
This is the top level object of the Accelerator Config file, which defines and breaks the configuration up into four major sections. Organization wide settings (global-options), a section to enable providing a unique persona to groups or collections of AWS accounts (organizational-units), and two sections to define configurations that need to be unique to a particular AWS account, one for common or shared infrastructure accounts (mandatory-account-configs) and another for tenant or workload accounts (workload-account-configs). One more section exists to ease working with these other sections (replacements).
Title: Shared Accounts Description: AWS accounts which contain components leveraged or utilized by other AWS accounts within the organization must be defined here. These are AWS accounts which are used to provide centralized functionality across the entire organization. For example: Log Archive, Security Tooling, Core Networking, etc. While workload accounts typically have a minimum amount of account level customization, the shared accounts typically contain a high level of customization.
Title: Organizational Units Description: Organizational units allows for the grouping of AWS accounts and provisioning unique personas or configurations to groups of AWS accounts. In most cases, the majority of a workload accounts persona or configuration will be defined in this section based on the accounts Organizational Unit (OU). A common set of OUs could include: Security, Infrastructure, Sandbox, Dev, Test, Prod, Central. This is where you configure services and features that will be shared or common to the accounts inside the Organizational Unit.
Title: Replacements Description: This section allows for the definition of variables with assigned values, which can then be referenced throughout the main config file, SCPs, or Firewall configs. Variables can be updated to reflect a customers requirements in a single spot, instead of requiring multiple updates throughout the customers configuration file(s).
Title: Workload Accounts Description: AWS accounts which contain a customers workloads and applications are defined within this section. It is recommended that accounts primarily receive their configuation based on the persona or OU defined configuration, but each accounts persona can be customized within this section.
This is the top level object of the Accelerator Config file, which defines and breaks the configuration up into four major sections. Organization wide settings (
global-options), a section to enable providing a unique persona to groups or collections of AWS accounts (organizational-units), and two sections to define configurations that need to be unique to a particular AWS account, one for common or shared infrastructure accounts (mandatory-account-configs) and another for tenant or workload accounts (workload-account-configs). One more section exists to ease working with these other sections (replacements).