Hi :wave: I have a question about Pulumi organizat...
# getting-started
Hi 👋 I have a question about Pulumi organizations. Are organizations a good boundary between different clients who are on their own AWS accounts? Or let's say I have customerA with stage and prod environments in different AWS accounts, would making Pulumi organizations for these two accounts (customerAStage, customerAProd, customerBStage, customerBProd, etc.)
That sounds more like stacks to me. Multiple stacks in one project. One project can exist only in one Organization. So for this case, I would say, no, Organizations are not useful.
Organizations are for adding easy access control to groups of projects.
Now that Organization Access Tokens are a thing, they become a useful way of deciding if you need new Organizations. An organization token has deploy access to all stacks in all projects in the organization, and no access to any stacks in any projects outside the organization. If you want to allow two stacks to be deployed by the same job / pipeline, and therefore by the same token, then they need to be in the same Organization.
Thanks for the reply @little-cartoon-10569
I'll have to look into what Organization Access Tokens are. I'm still pretty green in my Pulumi journey 🔰
You don't need to use them, but they give a good idea of how to use Organizations.
Org access tokens are for headless access to Pulumi stacks. They are not tied to any specific user. But they are not available in all pricing tiers.