Skip to content

TenantRoot

Source: src/AWS/Organizations/TenantRoot.ts

Compose an opinionated single-tenant landing zone inside the current AWS Organizations management account.

This helper intentionally stays aligned to native AWS semantics: one real Organization, one root, nested OUs, and accounts beneath that tenant root. The broader RootRoot concept is an Alchemy control-plane abstraction over many such tenant roots deployed into separate management accounts, not a nested AWS Organizations feature.

Creating A Tenant Root

Section titled “Creating A Tenant Root”
const tenant = yield* TenantRoot("CustomerA", {
  identityCenter: {
    mode: "existing",
    groups: [
      { key: "platform", displayName: "platform-engineers" },
    ],
    permissionSets: [
      {
        key: "admin",
        name: "AdministratorAccess",
        sessionDuration: "PT8H",
      },
    ],
    assignments: [
      {
        permissionSetKey: "admin",
        groupKey: "platform",
        accountKey: "prod",
      },
    ],
  },
});