No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

no pulumi needs to have account credentials before it acts on your account

What I meant is that? If I have account credentials for the master account, then can it create sub accounts

I don't know what you mean by master account - do you mean if you have an aws root account will it make IAM Users?

you will need to use <https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/iam/#User> and <https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/iam/#UserLoginProfile>

You might be able to bodge something together with AWS Landing Zone or whatever they’re calling it now, but in a normal AWS configuration there are manual steps to creating an AWS account.

that will generate you a user and their login credentials

New AWS accounts in your organization can be built with this: <https://aws.amazon.com/controltower/>

If you want to create nested accounts - see <https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/organizations/#Account>. 

This is much less common to automate in aws than “projects” in GCP though, and I suspect there are many limitations based on limited AWS support for this. 

I don’t know how much API-driving stuff is available for it, and you’d have to write your own.

Was just about to post this - one notable issue is that you cannot destroy an account

Destroy will remove it from an organization but not actually close it